?
Solved

Deleting default documentation on Exchange 2003/IIS6

Posted on 2011-09-15
2
Medium Priority
?
233 Views
Last Modified: 2012-05-12
A recent external security audit turned up a few low priority items which I've been asked to correct.  I'm stuck on one of them which states:

(Low)  –  Default documentation was found installed with the HTTP daemon on device xxx.xxx.xxx.xxx.  Auditor recommends deleting all default documentation.

I'm not sure how to approach this one without breaking exchange/owa.  I can see the documentation tab under the default website properties for my exchange server running but I don't really know what they want me to do here.  The box for "Enable default content page" is checked and under it are several file names: iisstart.htm, Default.htm, Default.asp, index.htm, and Default.aspx.  I'm far from an IIS expert so would appreciate any guidance you could provide so this won't show up on the next audit.
0
Comment
Question by:First Last
2 Comments
 
LVL 12

Expert Comment

by:Nenadic
ID: 36547780
Could you share some information on the type of audit that was done? I was particularly drawn to the term "daemon" which comes from the UNIX world, so the audit may not have been perfectly suited to Wintel environments.
0
 
LVL 49

Accepted Solution

by:
Akhater earned 2000 total points
ID: 36547789
What you are seeing is "default document" and not documentation. I guess also that the auditor is referring to the same thing


If you go to c:\inetpub\wwwroot you will a few files and folders.

assuming you have only owa running on this IIS move these to another location and keep wwwroot empty that should be enough for the auditor
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question