premise: only for windows 2003 server SP1 Internet (IIS) server

the system is installed on C:\ disk

system users are:

administrators Super Admin (group)

system system users (built-in security principal)

guests guest account (group)

iusr\ _ server name anonymous access web user

iwam\ _ server name starts the iis process user

www\ _ cnnsc\ _ org Delete Users (group) after addition, add to guests guest account (group)

to enhance system security, (guest) and (iusr\ _ server name) users are disabled

set all accounts accessing the web directory to guests group, remove other groups

�� drive letter security access

�� C:\ disk administrators (group) full control System (built-in security principal) full control permissions

�� D:\ disk (if user site content is placed in this section), administrators (group) full control permissions

�� E:\ disk administrators (group) full control permissions, system (built-in security principal) full control permissions

�� f:\ disk administrators (group) full control permissions, System (built-in security principal) fully controls permissions

��.

�� forbids EXE files under the system disk:

net.exe, cmd.exe, tftp.exe, netstat.exe, regedit.exe, regedt32.exe, at.exe, attrib.exe, Cacls.exe

�� some files are set to administrators full control

�� prohibits downloading of Access databases

�� Internet Information Services (IIS) Manager �� website �� Properties �� Home Directory �� configuration �� add

�� executable: C:\ WINDOWS\ twain\ _ 32.dll

�� extension: .mdb

�� if you also want to prohibit downloading other things

�� Internet Information Services ( IIS) Manager �� website �� properties �� home directory �� configuration �� add

�� executable file: C:\ WINDOWS\ twain\ _ 32.dll

�� extension:. (change to the file name you want to disable)

�� then delete the extension: shtml stm shtm cdx idc cer

�� prevent listing user groups and system processes:

�� starts the �� program �� management tool �� service

�� finds Workstation to stop it, Disable it

�� uninstall the least secure components:

�� starts �� running �� cmd �� enter key

�� cmd enter:

�� regsvr32/u C:\ WINDOWS\ system32\ wshom.ocx

�� del C:\ WINDOWS\ system32\ wshom.ocx

�� regsvr32/u C:\ WINDOWS\ system32\ shell32.dll

�� del C:\ WINDOWS\ system32\ shell32.dll

�� can also be set to prohibit guests user groups from accessing

�� removes the FSO upload program less than 200k limit:

�� closes the IIS admin service service in the service

�� opens C:\ WINDOWS\ system32\ inetsrv\ MetaBase.xml

�� finds ASPMaxRequestEntityAllowed

�� changes it to the desired value, The default is 204800, or 200K, change it to 51200000 (50m), Then restart

IIS admin service service

�� disables IPC connection

�� starts �� running �� regedit

�� finds the

(restrictanonymous) subkey

�� in the following build (HKEY\ _ LOCAL\ _ MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa)

�� clears the remotely accessible registry path:

�� starts running �� gpedit.msc

�� Configure �� Windows Settings �� Security Settings �� Local Policy �� Security options

�� find "Network access: remotely accessible registry path"

�� in the window that opens, Set all remotely accessible registry paths and subpaths to empty

�� to turn off unnecessary services

�� start �� programs �� management tools �� services

�� Telnet, TCP\ IP NetBIOS Helper

�� solution to Terminal Services license expiration

�� if you already have Terminal Services on your server, Then delete Terminal Services and Terminal Licensing

Service

�� my computer-- right-click properties-- remote-- remote Desktop, tick, apply

�� restart Server, OK, and will no longer prompt you to expire

�� cancel shutdown reason prompt

�� start �� to run �� gpedit.msc

�� Open Group Policy Editor Expand

�� computer configuration �� Management template

�� double-click the window on the right (display "close event Tracker")

�� change (not configured) to (disabled)

-excerpt from: lcmy365-