IIS Sample Applications

Issue

The Internet Information Services (IIS) sample applications are useful learning tools, but they can be exploited by hackers to break into an IIS system because they contain sample scripts. A production Web server should not have any sample code or scripts on the system.

Solution

Remove the IISsamples, IISHelp, and MSADC virtual directories which map to the following folders:

• \Inetpub\iissamples
• \Winnt\help\iishelp
• \Program Files\common files\system\msadc

Instructions

To start Internet Information Services Manager in Windows XP Professional

• Click Start, point to Control Panel, point to Administrative Tools, and then click Internet Information Services.

To start Internet Information Services Manager in Windows 2000

• Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.

To start Internet Information Services Manager in Windows NT

1. Click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Information Server, and then click Internet Service Manager.
2. In Internet Information Services Manager, right-click IISSAMPLES, and then click Delete. Repeat this step to delete the IISHELP and MSADC virtual directories.

Additional Information

Web Server Samples

⌐ 2002 Microsoft Corporation. All rights reserved.