Solved

Deleting default documentation on Exchange 2003/IIS6

Posted on 2011-09-15
2
224 Views
Last Modified: 2012-05-12
A recent external security audit turned up a few low priority items which I've been asked to correct.  I'm stuck on one of them which states:

(Low)  –  Default documentation was found installed with the HTTP daemon on device xxx.xxx.xxx.xxx.  Auditor recommends deleting all default documentation.

I'm not sure how to approach this one without breaking exchange/owa.  I can see the documentation tab under the default website properties for my exchange server running but I don't really know what they want me to do here.  The box for "Enable default content page" is checked and under it are several file names: iisstart.htm, Default.htm, Default.asp, index.htm, and Default.aspx.  I'm far from an IIS expert so would appreciate any guidance you could provide so this won't show up on the next audit.
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Expert Comment

by:Nenadic
ID: 36547780
Could you share some information on the type of audit that was done? I was particularly drawn to the term "daemon" which comes from the UNIX world, so the audit may not have been perfectly suited to Wintel environments.
0
 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 36547789
What you are seeing is "default document" and not documentation. I guess also that the auditor is referring to the same thing


If you go to c:\inetpub\wwwroot you will a few files and folders.

assuming you have only owa running on this IIS move these to another location and keep wwwroot empty that should be enough for the auditor
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question