IIS Files to Delete for Security

IIS Files to Delete for Security
If you're running an IIS webserver, there are several files that it is critical for you to delete, to keep your IIS installation secure. Hackers of course know all about the default set of IIS files and have worked hard to find ways to exploit these.

The sample directory is great when you're trying to learn how IIS works - but as soon as you are done, delete them all. In fact, hopefully you are learning on a non-public webserver, and therefore the actual, live webserver should not have these files at all.

\Program Files\Common Files\System\msadc\Samples\
This is another sample directory which should be completely removed from your system.

Default Websites
Stop the default website and default admin site from running in IIS. Also stop the mail server if you will not be using it. Stop the FTP server and get yourself a secure FTP software package to use for file transfers.

Extension Mapping
Under your IIS website, go into properties, Home Directory, configuration. Remove the entries for .IDQ and .IDA. Save.

Related Articles
Editor's Picks Articles
Top Ten Articles
Previous Features
Site Map

Content copyright © 2022 by Lisa Shea. All rights reserved.
This content was written by Lisa Shea. If you wish to use this content in any manner, you need written permission. Contact Lisa Shea for details.