IIS Sample Applications

Issue

The Internet Information Services (IIS) sample applications are useful learning tools, but they can be exploited by hackers to break into an IIS system because they contain sample scripts. A production Web server should not have any sample code or scripts on the system.

Solution

Remove the IISsamples, IISHelp, and MSADC virtual directories which map to the following folders:

• \Inetpub\iissamples
• \Winnt\help\iishelp
• \Program Files\common files\system\msadc

Note

• New installations of IIS 6.0 do not have virtual directories mapped to these folders by default. Upgrades of IIS 5.0 to IIS 6.0 may still have these virtual directories if they were not manually removed after the upgrade or through the IIS Lockdown Tool.

Instructions

To remove the IISsamples, IISHelp, and MSADC virtual directories in Microsoft® Windows® Server 2003 (if upgraded from previous computers running IIS 5.0)

1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. In Internet Information Services Manager, expand the Computer Name, then expand Web Sites, and expand the Default Web Site.
3. Right-click IISSAMPLES (if listed), and then click Delete. Repeat this step to delete the IISHELP and MSADC virtual directories, if listed.

To remove the IISsamples, IISHelp, and MSADC virtual directories in Windows XP Professional

1. Click Start, point to Control Panel, point to Administrative Tools, and then click Internet Information Services.
2. In Internet Information Services Manager, expand the Computer Name, then expand Web Sites, and expand the Default Web Site.
3. Right-click IISSAMPLES (if listed), and then click Delete. Repeat this step to delete the IISHELP and MSADC virtual directories, if listed.

To remove the IISsamples, IISHelp, and MSADC virtual directories in Windows 2000

1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
2. In Internet Information Services Manager, right-click IISSAMPLES, and then click Delete. Repeat this step to delete the IISHELP and MSADC virtual directories.

To remove the IISsamples, IISHelp, and MSADC virtual directories in Windows NT®

1. Click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Information Server, and then click Internet Service Manager.
2. In Internet Information Services Manager, right-click IISSAMPLES, and then click Delete. Repeat this step to delete the IISHELP and MSADC virtual directories.

©2002-2004 Microsoft Corporation. All rights reserved.