Guest Author - Lisa Shea

If you're running an IIS webserver, there are several files that it is critical for you to delete, to keep your IIS installation secure. Hackers of course know all about the default set of IIS files and have worked hard to find ways to exploit these.

\Inetpub\iisamples\
The sample directory is great when you're trying to learn how IIS works - but as soon as you are done, delete them all. In fact, hopefully you are learning on a non-public webserver, and therefore the actual, live webserver should not have these files at all.

\Program Files\Common Files\System\msadc\Samples\
This is another sample directory which should be completely removed from your system.

Default Websites
Stop the default website and default admin site from running in IIS. Also stop the mail server if you will not be using it. Stop the FTP server and get yourself a secure FTP software package to use for file transfers.

Extension Mapping
Under your IIS website, go into properties, Home Directory, configuration. Remove the entries for .IDQ and .IDA. Save.