RE: IIS Lockdown Tool v2.1
Here are a few MS articles regarding IIS Lockdown and URLScan w/ OWA: Q309508 Q309677 Hope these help out! Regards, Kevin -Original Message- From: Joe L. Casale [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 7:54 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 Kev, if you could find these templates I would be greatful! I set it up by trial and error, failing it, and checking the logs. But, I am still getting intermittent failures that are being a bitch to track! I wouldn't mind to see if I actually have it set up right. Thanks, jlc -Original Message- From: Kevin Loney [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 2:57 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 URLScan runs in the %systemroot%\system32\inetsrv\urlscan directory. Look for urlscan.txt which outlines how to modify the urlscan.ini file. I know there are some templates for using OWA and ESM with URLScan but their location escapes me at the moment. Hope this helps. Regards, Kevin Loney -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 1:07 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 I dunno -Original Message- From: Allen Crawford [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 1:04 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 Looks good to me too. I never touched URLScan before though. How do you modify its settings? Or do you just leave it alone? I checked the log file and it shows that it blocks requests for certain file types, but I was wondering how you change those types, or if I should just rerun IIS Lockdown and it'll change it accordingly? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 3:52 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 It looks like they finally got it right. I have now run it on a web server and an OWA server with no problems. -Original Message- From: Martin Blackstone Sent: Thursday, December 27, 2001 11:28 AM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 Yes I didand I use SSL too. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS Lockdown Tool v2.1
Title: Message It worked on 5.5 test box for me -Original Message-From: Dimitri Limanovski [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 10:54 AMTo: MS-Exchange Admin IssuesSubject: IIS Lockdown Tool v2.1 I was wondering if anybody tried new version of IIS Lockdown tool yet and if there're any issues with OWA or any other Exchange components. From what I've seen, it now comes bundled withURLScan and has pre-built configuration schemes for OWA on both Exchange5.5 and 2000. Please post your findings.. Can be downloaded here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/locktool.aspList Charter and FAQ at:http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS Lockdown Tool v2.1
Title: Message Did you take default "OWA for Exchange5.5" configuration? I was wondering if URLScan will mess up HTTPS access to OWA? From what I've seen so farit only does method/keyword filtering and not the protocol/port itself.. Dimitri -Original Message-From: Martin Blackstone [mailto:[EMAIL PROTECTED]]Sent: Thursday, December 27, 2001 2:11 PMTo: MS-Exchange Admin IssuesSubject: RE: IIS Lockdown Tool v2.1 It worked on 5.5 test box for me -Original Message-From: Dimitri Limanovski [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 10:54 AMTo: MS-Exchange Admin IssuesSubject: IIS Lockdown Tool v2.1 I was wondering if anybody tried new version of IIS Lockdown tool yet and if there're any issues with OWA or any other Exchange components. From what I've seen, it now comes bundled withURLScan and has pre-built configuration schemes for OWA on both Exchange5.5 and 2000. Please post your findings.. Can be downloaded here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/locktool.aspList Charter and FAQ at:http://www.sunbelt-software.com/exchange_list_charter.htmList Charter and FAQ at:http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS Lockdown Tool v2.1
Title: Message Yes I didand I use SSL too. -Original Message-From: Dimitri Limanovski [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 11:18 AMTo: MS-Exchange Admin IssuesSubject: RE: IIS Lockdown Tool v2.1 Did you take default "OWA for Exchange5.5" configuration? I was wondering if URLScan will mess up HTTPS access to OWA? From what I've seen so farit only does method/keyword filtering and not the protocol/port itself.. Dimitri -Original Message-From: Martin Blackstone [mailto:[EMAIL PROTECTED]]Sent: Thursday, December 27, 2001 2:11 PMTo: MS-Exchange Admin IssuesSubject: RE: IIS Lockdown Tool v2.1 It worked on 5.5 test box for me -Original Message-From: Dimitri Limanovski [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 10:54 AMTo: MS-Exchange Admin IssuesSubject: IIS Lockdown Tool v2.1 I was wondering if anybody tried new version of IIS Lockdown tool yet and if there're any issues with OWA or any other Exchange components. From what I've seen, it now comes bundled withURLScan and has pre-built configuration schemes for OWA on both Exchange5.5 and 2000. Please post your findings.. Can be downloaded here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/locktool.aspList Charter and FAQ at:http://www.sunbelt-software.com/exchange_list_charter.htmList Charter and FAQ at:http://www.sunbelt-software.com/exchange_list_charter.htmList Charter and FAQ at:http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS Lockdown Tool v2.1
Title: Message Has anyone seen, or does anyone have a suggestion as to why my OWA replies add an http 404 error tothe body of the message I am replying to instead of the message text. (see below) note: This message sentvia OWA Thanks AlV -Original Message- From: Dimitri Limanovski Sent: Thu 12/27/2001 2:17 PM To: MS-Exchange Admin Issues Cc: Subject: RE: IIS Lockdown Tool v2.1 The page cannot be found The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. Please try the following: If you typed the page address in the Address bar, make sure that it is spelled correctly. Open the home page, and then look for links to the information you want. Click the Back button to try another link. HTTP 404 - File not foundInternet Information Services Technical Information (for support personnel) More information:Microsoft Support List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS Lockdown Tool v2.1
Title: Message It looks like they finally got it right. I have now run it ona web server and an OWA server with no problems. -Original Message-From: Martin Blackstone Sent: Thursday, December 27, 2001 11:28 AMTo: MS-Exchange Admin IssuesSubject: RE: IIS Lockdown Tool v2.1 Yes I didand I use SSL too. -Original Message-From: Dimitri Limanovski [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 11:18 AMTo: MS-Exchange Admin IssuesSubject: RE: IIS Lockdown Tool v2.1 Did you take default "OWA for Exchange5.5" configuration? I was wondering if URLScan will mess up HTTPS access to OWA? From what I've seen so farit only does method/keyword filtering and not the protocol/port itself.. Dimitri -Original Message-From: Martin Blackstone [mailto:[EMAIL PROTECTED]]Sent: Thursday, December 27, 2001 2:11 PMTo: MS-Exchange Admin IssuesSubject: RE: IIS Lockdown Tool v2.1 It worked on 5.5 test box for me -Original Message-From: Dimitri Limanovski [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 10:54 AMTo: MS-Exchange Admin IssuesSubject: IIS Lockdown Tool v2.1 I was wondering if anybody tried new version of IIS Lockdown tool yet and if there're any issues with OWA or any other Exchange components. From what I've seen, it now comes bundled withURLScan and has pre-built configuration schemes for OWA on both Exchange5.5 and 2000. Please post your findings.. Can be downloaded here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/locktool.aspList Charter and FAQ at:http://www.sunbelt-software.com/exchange_list_charter.htmList Charter and FAQ at:http://www.sunbelt-software.com/exchange_list_charter.htmList Charter and FAQ at:http://www.sunbelt-software.com/exchange_list_charter.htmList Charter and FAQ at:http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS Lockdown Tool v2.1
Looks good to me too. I never touched URLScan before though. How do you modify its settings? Or do you just leave it alone? I checked the log file and it shows that it blocks requests for certain file types, but I was wondering how you change those types, or if I should just rerun IIS Lockdown and it'll change it accordingly? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 3:52 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 It looks like they finally got it right. I have now run it on a web server and an OWA server with no problems. -Original Message- From: Martin Blackstone Sent: Thursday, December 27, 2001 11:28 AM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 Yes I didand I use SSL too. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS Lockdown Tool v2.1
I dunno -Original Message- From: Allen Crawford [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 1:04 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 Looks good to me too. I never touched URLScan before though. How do you modify its settings? Or do you just leave it alone? I checked the log file and it shows that it blocks requests for certain file types, but I was wondering how you change those types, or if I should just rerun IIS Lockdown and it'll change it accordingly? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 3:52 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 It looks like they finally got it right. I have now run it on a web server and an OWA server with no problems. -Original Message- From: Martin Blackstone Sent: Thursday, December 27, 2001 11:28 AM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 Yes I didand I use SSL too. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS Lockdown Tool v2.1
URLScan runs in the %systemroot%\system32\inetsrv\urlscan directory. Look for urlscan.txt which outlines how to modify the urlscan.ini file. I know there are some templates for using OWA and ESM with URLScan but their location escapes me at the moment. Hope this helps. Regards, Kevin Loney -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 1:07 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 I dunno -Original Message- From: Allen Crawford [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 1:04 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 Looks good to me too. I never touched URLScan before though. How do you modify its settings? Or do you just leave it alone? I checked the log file and it shows that it blocks requests for certain file types, but I was wondering how you change those types, or if I should just rerun IIS Lockdown and it'll change it accordingly? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 3:52 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 It looks like they finally got it right. I have now run it on a web server and an OWA server with no problems. -Original Message- From: Martin Blackstone Sent: Thursday, December 27, 2001 11:28 AM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 Yes I didand I use SSL too. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS Lockdown Tool v2.1
Kev, if you could find these templates I would be greatful! I set it up by trial and error, failing it, and checking the logs. But, I am still getting intermittent failures that are being a bitch to track! I wouldn't mind to see if I actually have it set up right. Thanks, jlc -Original Message- From: Kevin Loney [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 2:57 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 URLScan runs in the %systemroot%\system32\inetsrv\urlscan directory. Look for urlscan.txt which outlines how to modify the urlscan.ini file. I know there are some templates for using OWA and ESM with URLScan but their location escapes me at the moment. Hope this helps. Regards, Kevin Loney -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 1:07 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 I dunno -Original Message- From: Allen Crawford [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 1:04 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 Looks good to me too. I never touched URLScan before though. How do you modify its settings? Or do you just leave it alone? I checked the log file and it shows that it blocks requests for certain file types, but I was wondering how you change those types, or if I should just rerun IIS Lockdown and it'll change it accordingly? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 3:52 PM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 It looks like they finally got it right. I have now run it on a web server and an OWA server with no problems. -Original Message- From: Martin Blackstone Sent: Thursday, December 27, 2001 11:28 AM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown Tool v2.1 Yes I didand I use SSL too. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm