IIS Lockdown tool and EMF

Summary:

Customers who wish to use the IIS Lockdown tool from Microsoft on the web server used by the EMF Web Admin may do so, but there is one specific option which MUST not be selected, or it will break the Web Admin.

The instructions below assume that you want to select all security options except ones that EMF requires you deselect.

For more information on the options available and what each one does, please consult Microsoft.

Detailed Information:

1. Download iislockd.exe and double click to execute.

2. On Select Server Template window, select Other (Server that doesn't match any of the listed roles).

3. On Select Internet Services window, select Web service (HTTP)

Note: Other services may be also selected depending on the server requirements. EMF does not use or require any other services.

4. On Script Maps window, select all entries and click Next

5. On Additional security window, select all entries EXCEPT FOR Scripts directory (do not remove Script directory), and click Next.

6. On URL Scan window, select to Install URL Scan filter on this server

7. Complete the set up.

Additional Information:

If you have ALREADY run the lockdown tool with the wrong selections and Web Admin is broken, see related article IIS Lockdown tool broke Web Administration (how to recover) on the right.