Improving Web Application Security: Threats and - CGISecurity

798 Improving Web Application Security: Threats and CountermeasuresLog FilesA log file detailing the changes made by IISLockdown is written to\WINNT\System32\inetsrv\oblt-log.log. When you run IISLockdown a secondtime, it undoes any changes it made based on this log. You can view the log file byusing any text editor to see the exact changes made by IISLockdown.Undoing IISLockdown ChangesTo undo the changes made by IISLockdown, run IISlockd.exe a second time andchoose to undo the changes. The undo operation restores the system settings thatwere in effect immediately before you previously ran IISLockdown. These detailsare contained in the log file \WINNT\System32\inetsrv\0blt-log. Therefore, it isimportant that you test the system promptly after you run IISLockdown. If an undois required, perform it immediately.Note The URLScan ISAPI filter that is installed as part of IIS Lockdown is not removed as part ofthe undo process. You can remove URLScan manually by using the ISAPI filters tab at the serverlevel in Internet Services Manager.Unattended ExecutionThe following steps are from RunLockdUnattended.doc, which is available if youunpack files by running IISLockd.exe with the /q and /c arguments. To configure IISLockdown for unattended execution1. Open IISlockd.ini in a text editor.2. Under the [Info] section, configure the UnattendedServerType setting by enteringthe name that matches the server template you want to use. For example, if youwant to apply the dynamicweb template, the setting would look like this:UnattendedServerType=dynamicweb3. Change the Unattended setting to TRUE, as follows:Unattended=TRUENote If you want to run IISlockd.exe unattended to undo a previous set of changes, ensure thatboth the Unattended and Undo settings are set to TRUE.