Take advantage of the IIS 'What If' security tool

by Steven "Warren MCSE, MCDBA" | Jan 01, 2002 8:00:00 AM

Tags: Steven Warren MCSE, MCDBA

Takeaway: Microsoft's IIS had a rough year in 2001, but Microsoft has released a number of free tools to help administrators lock down IIS. The latest is the IIS Security Planning Tool, which can help you ensure both security and access.

Do you need to configure an IIS Web server with strong security settings while still allowing certain clients to connect without a problem? If you do, check out Microsoft’s new HTML utility, the IIS Security Planning Tool. This tool allows you to determine which browsers, platforms, authentication schemes, and server configurations will allow a remote resource to access your IIS server. Let’s take a look at how to use this free IIS utility, also called the IIS Security “What If” Tool.

Prerequisites
In order to use the tool, you must have the following:

• A DHTML-enabled browser (It is recommended that you use Microsoft Internet Explorer 4.0 or 5.0.)
• Microsoft Internet Information Server 4.0 or 5.0

Working with the "What If" tool
You can download this tool (IISPerms.exe) from Microsoft’s Web site. Then, simply run the executable and install the file to the directory of your choice. The download installs the files shown in Figure A. To uninstall the utility, simply delete all the files listed in Figure A.


To use this utility, browse to the directory you specified during installation. Double-click the IIS_permissions.htm file, and the screen in Figure B will appear.


You now have to select drop-down options for the following fields:

Browser—The Web browser that needs to connect (Figure C)

Client OS—The operating system running the Web browser (Figure D)

Scenario—Is the browser coming from the Internet or an intranet (Figure E)?

Web Server—Is the Web server IIS 4.0, IIS 5.0 with Active Directory, or IIS 5.0 without Active Directory (Figure F)?

Web Auth—The authentication type being used (Figure G)

Once you’ve selected options for all of the above fields, click the Check button. The graphics display will be updated to show you which computers and resources the client will be able to reach based on the conditions specified, as shown in Figure H.


Summing up
This is an excellent tool for helping administrators deploy IIS with the appropriate security rights while ensuring that users can access the resources they require. In just a few seconds, this tool can provide some insights on how to properly configure an IIS server.

---

How will this tool help you?
We look forward to getting your input and hearing your experiences regarding this topic. Post a comment or a question about this article.

---

 

Print/View all Posts Comments on this article

What if? jmiller@... | 01/01/02

I'm with you Netchip | 01/07/02

I'm with you Netchip | 01/07/02