I'm making some tests with URL Scan 3.1 in a IIS + Win 2008 R2 + Sharepoint 2007 or 2010. In order to lockdown the server.
The first test I made was set the RemoveServerHeader parameter to 1, in order to remove the server header on all responses. All my web pages works good, but when I try to open the Sharepoint designer it dosn't work. Apparently, Sharepoint designer needs the server header to know if is an IIS server.
Do you know how can i deal with this?