PDA

View Full Version : Re: Windows 2000 Server IIS 6.0

Miha Pihler
Hi Tim,

You can't run IIS 6.0 on Windows 2000 server. IIS 6.0 can only be run on
Windows 2003.

On Windows 2000 you can run IIS 5.0.

Mike

"Tim T" wrote in message
news:A56D1FAF-53EC-4692-BF96-B31EB73E423D@microsoft.com...
> Where can I find any Win2000 Server patches or updates for IIS 6.0.
>
> Thanks,
> Tim


Miha Pihler
Hi,

http://www.microsoft.com/security/bulletins/default.mspx

Look under Internet Information Services (IIS)
- Bulletins Released in 2002
- Bulletins Released in 2002

Better way to go about this would also be MBSA (Microsoft Baseline Security
Analyzer). It's a free tool from Microsoft that can scan your network
(domain, subnets) or specific computer. It will tell you what patches are
missing (not only IIS patches but also OS patches) and what else you can do
to e.g. protect your IIS (e.g. remove IISSamples, Scripts and Printers
folder etc.)

Microsoft Baseline Security Analyzer v1.2.1 (for IT Professionals)
http://www.microsoft.com/downloads/details.aspx?FamilyID=b13ebd6b-e258-4625-b0a3-64a4879f7798&DisplayLang=en

After you identify missing patches you can use this page to download them
http://www.microsoft.com/downloads In search windows enter number of
security buleting e.g. MS04-16 or by update number (e.g. 839643)

Mike

"Tim T" wrote in message
news:ACB4BE57-8CC7-4352-8B2E-D75F79809D9C@microsoft.com...
> Ok, than were can I find Win2000 Server IIS 5.0 Patches or updates?
>
> "Miha Pihler" wrote:
>
> > Hi Tim,
> >
> > You can't run IIS 6.0 on Windows 2000 server. IIS 6.0 can only be run on
> > Windows 2003.
> >
> > On Windows 2000 you can run IIS 5.0.
> >
> > Mike
> >
> > "Tim T" wrote in message
> > news:A56D1FAF-53EC-4692-BF96-B31EB73E423D@microsoft.com...
> > > Where can I find any Win2000 Server patches or updates for IIS 6.0.
> > >
> > > Thanks,
> > > Tim
> >
> >
> >


adam
Miha Pihler wrote:

> Hi,
>
> http://www.microsoft.com/security/bulletins/default.mspx
>
> Look under Internet Information Services (IIS)
> - Bulletins Released in 2002
> - Bulletins Released in 2002
>
> Better way to go about this would also be MBSA (Microsoft Baseline Security
> Analyzer). It's a free tool from Microsoft that can scan your network
> (domain, subnets) or specific computer. It will tell you what patches are
> missing (not only IIS patches but also OS patches) and what else you can do
> to e.g. protect your IIS (e.g. remove IISSamples, Scripts and Printers
> folder etc.)
>
> Microsoft Baseline Security Analyzer v1.2.1 (for IT Professionals)
> http://www.microsoft.com/downloads/details.aspx?FamilyID=b13ebd6b-e258-4625-b0a3-64a4879f7798&DisplayLang=en
>
> After you identify missing patches you can use this page to download them
> http://www.microsoft.com/downloads In search windows enter number of
> security buleting e.g. MS04-16 or by update number (e.g. 839643)
>
> Mike
>
> "Tim T" wrote in message
> news:ACB4BE57-8CC7-4352-8B2E-D75F79809D9C@microsoft.com...
>
>>Ok, than were can I find Win2000 Server IIS 5.0 Patches or updates?
>>
>>"Miha Pihler" wrote:
>>
>>
>>>Hi Tim,
>>>
>>>You can't run IIS 6.0 on Windows 2000 server. IIS 6.0 can only be run on
>>>Windows 2003.
>>>
>>>On Windows 2000 you can run IIS 5.0.
>>>
>>>Mike
>>>
>>>"Tim T" wrote in message
>>>news:A56D1FAF-53EC-4692-BF96-B31EB73E423D@microsoft.com...
>>>
>>>>Where can I find any Win2000 Server patches or updates for IIS 6.0.
>>>>
>>>>Thanks,
>>>>Tim
>>>
>>>
>>>
>
>
I would also recomend using the iislock downtool, best to run it over
something first to see what applications may break on your system. Also
removing netbios over tcp/ip in your network settings and altering the
urlscan configuration (urlscan installed with lockdown tool). You
should also apply the hisecweb security policy. There is also a
registry key that you should change but the MBSA will pick that up for
you, RESTRICTANONYMOUS is the DWORD and i would recomend using a value
of 2. You can also adjust the permissions of cmd.exe in your winnt
directory and disallow access from the iwam and iusr accounts.

Just note that the lockdown tool will change permssions on your web
directories, which should be set to read only anyway.