IIS Lockdown tool Question

P

Peter Kaufman

Hi,

The lockdown tool is breaking a 3rd party indexing and searching
software (DTSearch) and I cannot figure out why. It seems like it is
an execute permissions thing, but the permissions look correct.

Is there any way to log or check *everything* this tool does including
where and to what permissions are changed?

Thank you,

Peter
 
R

Roger Abell

IISlockdown only changes permissions using two groups that
it defines, something like Web Anonymous Users, and Web
Applications. If you want to reverse the permissions changes
you would only need to adjust the memberships of those groups,
as a test to see if that is the issue, and then use such as iisreset
to make sure the accounts get forced to re-authenticate.
Have you reviewed the extensions disallowed relative to
those used to post to your custom indexing/searching ?
(i.e. anything showing in the urlscan log file?)
 
P

Peter Kaufman

IISlockdown only changes permissions using two groups that
it defines, something like Web Anonymous Users, and Web
Applications. If you want to reverse the permissions changes
you would only need to adjust the memberships of those groups,
as a test to see if that is the issue, and then use such as iisreset
to make sure the accounts get forced to re-authenticate.
Click to expand...

I never heard of iisreset. Is that in the resource kit?
Have you reviewed the extensions disallowed relative to
those used to post to your custom indexing/searching ?
(i.e. anything showing in the urlscan log file?)
Click to expand...

Yeah, I can't see any problem. Anyway, thanks, this is helpful.

Peter
 
R

Roger Abell [MVP]

iisreset.exe is one of the tools that installs with IIS and may be used to
recycle all of the sites on an instance of IIS without machine reboot.
You should see it in system32 on the webserver.
 
J

Jeff Cochran

The lockdown tool is breaking a 3rd party indexing and searching
software (DTSearch) and I cannot figure out why. It seems like it is
an execute permissions thing, but the permissions look correct.

Is there any way to log or check *everything* this tool does including
where and to what permissions are changed?
Click to expand...

Two possibilities. First is URLScan. Check the URLScan logs for
details on what it's been blocking. The second is permissions. Rerun
the lockdown tool to undo all the changes it made. Then run it again,
this time paying attention to the options you select. Check the IIS
group for more details.

Jeff
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

bizarre asp.net app loading failure 8
Error joining a domain after iis lockdown 1
Unable to load DLL (oci.dll) 1
Strange permission problems when accessing SBS 2003 network share 2
File Permissions 1
bin Directory has no Execute permissions 2
403 Access Forbidden, ASP IIS 2
server application unavailable 4

Top