LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: URLScan, IISLockdown Tools

"Wohlgemuth, Mike" <[log in to unmask]>

Thu, 18 Sep 2003 10:14:03 -0400

text/plain (107 lines)

Doug,

thanks ...

I already have experience with the iislockdown tool on my other web
servers and I was looking for specific experience with listserve lite
...

you reconfirmed another email that the listserv robot (? or an admin)
sent me regarding this matter ...

I will test this on another machine before I put install it on my
production machine ...

thanks again ...

Mike
850-487-7509

-----Original Message-----
From: Wheeler, Doug (NTC) [mailto:[log in to unmask]] 
Sent: Thursday, September 18, 2003 9:02 AM
To: [log in to unmask]
Subject: Re: URLScan, IISLockdown Tools


Mike,
Use caution. IIS Lockdown will close the door on a lot of potential
security issues but can cause your web to quit working - very secure,
but so is turning off the server. It took me hours to recover from a
lockdown.

There was a discussion a while back on Listserv Lite support list around
this. Try searching the archives.

Here is one of the messages :

########################################################################
#####
> -----Original Message-----
> From: Nathan Brindle [mailto:[log in to unmask]]
> Sent: Monday, September 08, 2003 1:48 PM
> To: [log in to unmask]
> Subject: Re: New Install Problems
>
> If you ran the IIS lockdown tool (URLSCAN), you will have to adjust
its
> configuration to allow IIS to execute *.EXE files.  The
configuration file
> is usually %SystemRoot%\system32\inetsrv\urlscan\urlscan.ini .  In
the
> section [DenyExtensions] you will find
>
> ; Deny executables that could run on the server
> .exe
> .bat
> .cmd
> .com
>
> You have to comment out ".exe", ie,
>
> ; Deny executables that could run on the server
> ;.exe
> .bat
> .cmd
> .com
>
> and save the file, then I believe you have to reboot to force
URLSCAN to
> accept the change.
>
> Unfortunately you can't tell URLSCAN to allow just WA.EXE to be 
> executed.  It's all or nothing.


########################################################################
#####

Good Luck,
Doug

Doug Wheeler
Sr. Technical Analyst
Georgia-Pacific Corporation
Neenah, WI
voice : 920.729.8178 fax : 920.729.8164
email : mailto:[log in to unmask]
Intranet: http://neenah.srv.gapac.com | Internet: www.gp.com




-----Original Message-----
From: Mike Wohlgemuth [mailto:[log in to unmask]]
Sent: Wednesday, September 17, 2003 9:31 PM
To: [log in to unmask]
Subject: URLScan, IISLockdown Tools


Does anyone have experience with configuring/running the iislockdown
tool and urlscan on a W2K server with IIS 5.0 and Listserve Lite 1.8e OR
can point me in a direction (other than MS site on this)

Thanks in advance ...

Mike

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM