Mike,
Use caution. IIS Lockdown will close the door on a lot of potential security issues but can cause your web to quit working - very secure, but so is turning off the server. It took me hours to recover from a lockdown.

There was a discussion a while back on Listserv Lite support list around this. Try searching the archives.

Here is one of the messages :

#############################################################################
> -----Original Message-----
> From: Nathan Brindle [mailto:[log in to unmask]]
> Sent: Monday, September 08, 2003 1:48 PM
> To: [log in to unmask]
> Subject: Re: New Install Problems
>
> If you ran the IIS lockdown tool (URLSCAN), you will have to adjust
its
> configuration to allow IIS to execute *.EXE files.  The
configuration file
> is usually %SystemRoot%\system32\inetsrv\urlscan\urlscan.ini .  In
the
> section [DenyExtensions] you will find
>
> ; Deny executables that could run on the server
> .exe
> .bat
> .cmd
> .com
>
> You have to comment out ".exe", ie,
>
> ; Deny executables that could run on the server
> ;.exe
> .bat
> .cmd
> .com
>
> and save the file, then I believe you have to reboot to force
URLSCAN to
> accept the change.
>
> Unfortunately you can't tell URLSCAN to allow just WA.EXE to be
> executed.  It's all or nothing.


#############################################################################

Good Luck,
Doug

Doug Wheeler
Sr. Technical Analyst
Georgia-Pacific Corporation
Neenah, WI
voice : 920.729.8178 fax : 920.729.8164
email : mailto:[log in to unmask]
Intranet: http://neenah.srv.gapac.com | Internet: www.gp.com




-----Original Message-----
From: Mike Wohlgemuth [mailto:[log in to unmask]]
Sent: Wednesday, September 17, 2003 9:31 PM
To: [log in to unmask]
Subject: URLScan, IISLockdown Tools


Does anyone have experience with configuring/running the iislockdown tool
and urlscan on a W2K server with IIS 5.0 and Listserve Lite 1.8e OR can
point me in a direction (other than MS site on this)

Thanks in advance ...

Mike