Hi to you all,

I am just about to head into the world of IIS and build a Web Server, as we
would like to Install OWA for Exchange.

Question 1
Which versions of IIS can I use with Windows NT Server.

Question 2
What would be the recommended way to secure the IIS server.

TIA

Iain

Hi,

A1: On Windows NT 4.0? You can only run IIS 4.0 from Windows NT options pack

A2: Filly patch the server and IIS service (before you even connect the
server to the internet). Install IIS Lock Down and

IIS Lockdown Tool 2.1
http://www.microsoft.com/downloads/details.aspx?FamilyID=dde9efc0-bb30-47eb-9a61-fd755d23cdec&DisplayLang=en

Windows 2000 & NT 4.0 Tool: Baseline Urlscan
http://www.microsoft.com/downloads/details.aspx?FamilyID=12244f33-a5da-4203-a3a8-83f4388bb71f&DisplayLang=en

My best advice would be, don't run it on NT. Run it on Windows 2000 and IIS5
(again fully patched, and securely configured). After applying any patch for
IIS or SP, you will have to do the secure configuration again.

Microsoft Security Guidance Center: Internet Information Services (IIS)
Index
http://www.microsoft.com/security/guidance/prodtech/IIS.mspx

Setup your server behind the firewall. Only allow SSL access to your server
from the internet.

Mike

[quoted text, click to view]