From IIS 7.0 Server STIG
Part of WG220
The key web service administrative and configuration tools must only be accessible by the web server staff. All users granted this authority will be documented and approved by the ISSO. Access to the IIS Manager will be limited to authorized users and administrators.
1. Open the IIS Manager and select Properties. 2. Select the Shortcut tab, and then left-click Open File Location. 3. Right-click InetMgr.exe, then click Properties from the context menu. 4. Select the Security tab. 5. Review the groups and user names. The following account may have Full control priviledges: TrustedInstaller The following accounts may have read & execute, and read permissions: Administrators (non-elevated) System Users Specific users may be granted read & execute and read permissions. Compare the local documentation authorizing specific users, against the specific users observed in step 5. If any other access is observed, this is a finding.
Restrict access to the web administration tool to only the web manager and the web manager’s designees.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer