|
Home > Archive > IIS Server Security > November 2007 > IIS-Script to validate and apply security settings
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IIS-Script to validate and apply security settings
|
|
| Ed Simpson 2007-11-16, 1:39 pm |
| I am looking for script that will validate IIS settings such as,
• Log file location
• Log file type
• Client IP Address
• User Name
• Method
• URI Stem
• HTTP Status
• Win32 Status
• User Agent
• Server IP Address
• Server Port
Determine if “Everyone” failed access on key and all subkeys of ”
HKEY_LOCAL_ MACHINE\SOFTWARE\Microsoft\Windows\Curre
nt Version\” and
“HKEY_LOCAL_ MACHINE\SYSTEM\ CurrentControlSet\Services\W3SVC” is being
logged.
To enumerate path to all Webroot directory, and sub-directories.
Determine if all failed access to metabase, %SystemRoot%\ System32\Inetsrv ,
each Webroot directory and sub-directories, Web Scripts and Web Executables
is being logged.
--
Appreciate all responses.
| |
| Ken Schaefer 2007-11-16, 1:39 pm |
|
"Ed Simpson" <EdSimpson@discussions.microsoft.com> wrote in message
news:42CA7FA6-299F-4007-92ED-D45869D8EB2E@microsoft.com...
>I am looking for script that will validate IIS settings such as,
> • Log file location
> • Log file type
These are stored in the metabase - use
adsutil.vbs/WMI/system.directoryservices to get their values
> • Client IP Address
> • User Name
> • Method
> • URI Stem
> • HTTP Status
> • Win32 Status
> • User Agent
> • Server IP Address
> • Server Port
This is per-request. Look in the IIS logfiles
> Determine if “Everyone” failed access on key and all subkeys of ”
> HKEY_LOCAL_ MACHINE\SOFTWARE\Microsoft\Windows\Curre
nt Version\” and
> “HKEY_LOCAL_ MACHINE\SYSTEM\ CurrentControlSet\Services\W3SVC” is being
> logged.
You need to enable Object Access Auditing, and then turn on auditing in the
SACL for these reg keys
> To enumerate path to all Webroot directory, and sub-directories.
adsutil.vbs
> Determine if all failed access to metabase, %SystemRoot%\ System32\Inetsrv
> ,
> each Webroot directory and sub-directories, Web Scripts and Web
> Executables
> is being logged.
Object Access Auditing
>
> --
> Appreciate all responses.
Sounds like you are a consultant or similar engaged to deliver a piece of
work, and think that a script can do all of this for you.
You need read up on what these requirements are, and what they involve,
first.
Putting "appreciated all responses" in your sig is just a laugh.
Cheers
Ken
--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
|
|
|
|
|