Using Compliance analysis to check IIS Compliance

This topic was edited by a BMC Contributor and has not been approved.  More information.

IIS Compliance is typically used by companies that use Windows-based IIS web servers to host web applications. In addition to regulatory and operational compliance, such servers are required to be compliant with IIS compliance rules. This section describes the list of rules and the procedure to build these compliance rules for IIS web servers. The set of rules described and built here is not all-inclusive and may vary from customer to customer.

Rule Reference NumberRule
1.1Ensure BackGround Intelligent Transfer Service is disabled
1.2Ensure World Wide Web Service is enabled
2.1Check permissions on inetpub directory
2.2Check permissions on inetpub/AdminScripts directory
2.3Check permissions on inetpub/wwwroot directory
2.4Check permissions on inetserv directory
2.5Check permissions on inetserv/iisadmpwd directory
2.6Check permissions on inetserv/inetmgr.exe file
3.1Check Guest Account Status
3.2IUSR_<servername> account should not exist as local user on target servers
4.1Check that all web server extensions are disabled
4.2Web sites should be restricted from ‘write’, ‘script’ or ‘source’ access
4.3Check location of root web folder
4.4Limit number of connection to websites
4.5Check status of Rapid fail protection on App pool
4.6Anonymous username IUSR is not used on any sites
4.7Directory browsing should be disabled on folders containing scripts or executables
5.1Check IIS role services
6.1Web folders should not be shared on IIS server

Following are the high level steps involved in setting up the IIS Compliance:

  1. Creating IIS compliance template and rules
  2. Creating IIS compliance discovery and compliance jobs
  3. Executing discovery and compliance jobs
  4. Viewing compliance results

The first step to achieve IIS compliance is to create an IIS compliance template

This step consists of the following sub-steps:

  • Creating a new template
  • Creating local extended objects
  • Add parts to template
  • Creating rules in the template

Local Extended Objects Required for IIS Compliance Template

To create rules 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 5.1, and 6.1, first create extended objects local to the component template. The respective local extended objects with the scripts they use are provided below.

NOTE: The location "//blfs/E/Program Files/BMC Software/BladeLogic/NSH/storage/extended_objects/CF_Custom_EO" in the commands below could vary from customer to customer. This location is provided as an example only.

IIS WebServer Extensions (Reference# 4.1)

The local extended object for IIS WebServer Extensions consists of the following:

COMMANDnsh -c "//blfs/E/Program Files/BMC Software/BladeLogic/NSH/storage/extended_objects/CF_Custom_EO/ListIISWebServExt.nsh" "??TARGET.NAME??"

TYPE: Central Execution

GRAMMAR: CSV File Grammar

ListIISWebServExt.nsh is the NSH script which acts as a wrapper around a vb script that lists all the webserver extensions. 

IIS Scripts Access (Reference# 4.2)

The local extended object for IIS Scripts Access consists of the following:

COMMANDnsh -c "//blfs/E/Program Files/BMC Software/BladeLogic/NSH/storage/extended_objects/CF_Custom_EO/ListIISScriptWriteAccess.nsh" "??TARGET.NAME??"

TYPE: Central Execution

GRAMMAR: CSV File Grammar

ListIISScriptWriteAccess.nsh is the NSH script which acts as a wrapper around a vb script that checks source, script and write access on web application.

IIS Root Web Folders (Reference# 4.3)

The local extended object for IIS Root Web Folders consists of the following:

COMMAND: nsh -c "//blfs/E/Program Files/BMC Software/BladeLogic/NSH/storage/extended_objects/CF_Custom_EO/ListIISRootFolder.nsh" "??TARGET.NAME??"

TYPE: Central Execution

GRAMMAR: CSV File Grammar

ListIISRootFolder.nsh is the NSH script which acts as a wrapper around a vb script that checks if root web folder is separate from the OS directory.

IIS Web Connections (Reference# 4.4)

The local extended object for IIS Root Web Folders consists of the following:

COMMAND: nsh -c "//blfs/E/Program Files/BMC Software/BladeLogic/NSH/storage/extended_objects/CF_Custom_EO/ListIISConnLimit.nsh" "??TARGET.NAME??"

TYPE: Central Execution

GRAMMAR: CSV File Grammar

ListIISConnLimit.nsh is the NSH script which acts as a wrapper around a vb script that checks to ensure unlimited number of connections to websites are not allowed.

IIS Rapid Fail Protection (Reference# 4.5)

The local extended object for IIS Root Web Folders consists of the following:

COMMAND: nsh -c "//blfs/E/Program Files/BMC Software/BladeLogic/NSH/storage/extended_objects/CF_Custom_EO/ListIISAppRapid.nsh" "??TARGET.NAME??"

TYPE: Central Execution

GRAMMAR: CSV File Grammar

ListIISAppRapid.nsh is the NSH script which acts as a wrapper around a vb script that checks to make sure rapid fail protection is enabled on the application pool.

IIS Anonymous User (Reference# 4.6)

The local extended object for IIS Root Web Folders consists of the following:

COMMAND: nsh -c "//blfs/E/Program Files/BMC Software/ BladeLogic/NSH/storage/extended_objects/CF_Custom_EO/ListIISAnonAccess.nsh" "??TARGET.NAME??"

TYPE: Central Execution

GRAMMAR: CSV File Grammar

ListIISAnonAccess.nsh is the NSH script which acts as a wrapper around a vb script that checks to make sure anonymous username IUSR is not used on any sites.

IIS Directory Browsing (Reference# 4.7)

The local extended object for IIS Root Web Folders consists of the following:

COMMAND: nsh -c "//blfs/E/Program Files/BMC Software/ BladeLogic/NSH/storage/extended_objects/CF_Custom_EO/ListIISDirBrowse.nsh" "??TARGET.NAME??"

TYPE: Central Execution

GRAMMAR: CSV File Grammar

ListIISDirBrowse.nsh is the NSH script which acts as a wrapper around a vb script that checks to make sure directory browsing is disabled on folders containing scripts or executables.

IIS Role Services (Reference# 5.1)

The local extended object for IIS Root Web Folders consists of the following:

COMMAND: nsh -c "//blfs/E/Program Files/BMC Software/BladeLogic/NSH/storage/extended_objects/CF_Custom_EO/ListServerRoles.nsh" "??TARGET.NAME??"

TYPE: Central Execution

GRAMMAR: CSV File Grammar

ListServerRoles.nsh is the NSH script which acts as a wrapper around a vb script that checks the list of IIS role services installed on target.

IIS Shared Web Folders (Reference# 6.1)

The local extended object for IIS Root Web Folders consists of the following:

COMMAND: nsh -c "//bsarasvr/C/Program Files/BMC Software/BladeLogic/NSH/storage/extended_objects/CF_Custom_EO/ListSharedWebFolders.nsh" "??TARGET.NAME??"

TYPE: Central Execution

GRAMMAR: CSV File Grammar

ListSharedWebFolders.nsh is the NSH script which acts as a wrapper around a vb script that checks to make sure web folders are not shared on IIS server.

Parts required for IIS Compliance Template

The following parts are required to build the rules within IIS Compliance Template:

Type

Name

Directory

/C/inetpub

Directory

/C/inetpub/AdminScripts

Directory

/C/inetpub/wwwroot

Directory

/C/Windows/system32/inetsrv

Directory

/C/Windows/system32/inetsrv/iisadmpwd

File

/C/Windows/system32/inetsrv/inetmgr.exe

Windows Group List

Local Groups

Windows User List

Local Users

Security Settings Category

Security Settings

Windows Service List

Services

Local Extended Object

IIS Anonymous User

Local Extended Object

IIS Directory Browsing

Local Extended Object

IIS Rapid File Protection

Local Extended Object

IIS Role Services

Local Extended Object

IIS Root Web Folders

Local Extended Object

IIS Scripts Access

Local Extended Object

IIS Shared Web Folders

Local Extended Object

IIS Web Connections

Local Extended Object

IIS Web Server Extensions

Compliance Rules for IIS Compliance

The following table lists the rules used for IIS Compliance with their reference numbers and rule definitions:

Rule Reference Number

Rule Definition

1.1

if

   "Windows Service:Background Intelligent Transfer Service" exists

then

   "Windows Service:Background Intelligent Transfer Service"."Start Type (Windows)" = "DISABLED"  AND

   "Windows Service:Background Intelligent Transfer Service"."State (Windows)" = "STOPPED"

end

1.2

if

   "Windows Service:World Wide Web Publishing Service" exists

then

   "Windows Service:World Wide Web Publishing Service"."Start Type (Windows)" = "AUTO_START"  AND

   "Windows Service:World Wide Web Publishing Service"."State (Windows)" = "RUNNING"

end

2.1

if

   "Directory:/C/Inetpub" exists

then

   "Directory:/C/Inetpub"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\ADMINISTRATORS Allow [+List Folder/Read Data, +Create Files/Write Data, +Create Folders/Append Data, +Read Extended Attributes, +Write Extended Attributes, +Traverse Folder/Execute File, +Delete Subfolders and Files, +Read Attributes, +Write Attributes, +Delete, +Read Permissions, +Change Permissions, +Take Ownership]"""  AND

   "Directory:/C/Inetpub"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\SYSTEM Allow [+List Folder/Read Data, +Create Files/Write Data, +Create Folders/Append Data, +Read Extended Attributes, +Write Extended Attributes, +Traverse Folder/Execute File, +Delete Subfolders and Files, +Read Attributes, +Write Attributes, +Delete, +Read Permissions, +Change Permissions, +Take Ownership]"""  AND

   "Directory:/C/Inetpub"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\USERS Allow [+List Folder/Read Data, +Read Extended Attributes, +Read Attributes, +Read Permissions, -Create Files/Write Data, -Create Folders/Append Data, -Write Extended Attributes, -Traverse Folder/Execute File, -Delete Subfolders and Files, -Write Attributes, -Delete, -Change Permissions, -Take Ownership]"""

end

2.2

if

   "Directory:/C/Inetpub/AdminScripts" exists

then

   "Directory:/C/Inetpub/AdminScripts"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\ADMINISTRATORS Allow [+List Folder/Read Data, +Create Files/Write Data, +Create Folders/Append Data, +Read Extended Attributes, +Write Extended Attributes, +Traverse Folder/Execute File, +Delete Subfolders and Files, +Read Attributes, +Write Attributes, +Delete, +Read Permissions, +Change Permissions, +Take Ownership]"""  AND

   "Directory:/C/Inetpub/AdminScripts"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\SYSTEM Allow [+List Folder/Read Data, +Create Files/Write Data, +Create Folders/Append Data, +Read Extended Attributes, +Write Extended Attributes, +Traverse Folder/Execute File, +Delete Subfolders and Files, +Read Attributes, +Write Attributes, +Delete, +Read Permissions, +Change Permissions, +Take Ownership]"""

end

2.3

if

   "Directory:/C/Inetpub/wwwroot" exists

then

   "Directory:/C/Inetpub/wwwroot"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\ADMINISTRATORS Allow [+List Folder/Read Data, +Create Files/Write Data, +Create Folders/Append Data, +Read Extended Attributes, +Write Extended Attributes, +Traverse Folder/Execute File, +Delete Subfolders and Files, +Read Attributes, +Write Attributes, +Delete, +Read Permissions, +Change Permissions, +Take Ownership]"""  AND

   "Directory:/C/Inetpub/wwwroot"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\SYSTEM Allow [+List Folder/Read Data, +Create Files/Write Data, +Create Folders/Append Data, +Read Extended Attributes, +Write Extended Attributes, +Traverse Folder/Execute File, +Delete Subfolders and Files, +Read Attributes, +Write Attributes, +Delete, +Read Permissions, +Change Permissions, +Take Ownership]"""  AND

   "Directory:/C/Inetpub/wwwroot"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\USERS Allow [+List Folder/Read Data, +Read Extended Attributes, +Read Attributes, +Read Permissions, -Create Files/Write Data, -Create Folders/Append Data, -Write Extended Attributes, -Traverse Folder/Execute File, -Delete Subfolders and Files, -Write Attributes, -Delete, -Change Permissions, -Take Ownership]"""

end

2.4

if

   "Directory:??TARGET.WINDIR??/system32/inetsrv" exists

then

   "Directory:??TARGET.WINDIR??/system32/inetsrv"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\ADMINISTRATORS Allow [+List Folder/Read Data, +Create Files/Write Data, +Create Folders/Append Data, +Read Extended Attributes, +Write Extended Attributes, +Traverse Folder/Execute File, +Delete Subfolders and Files, +Read Attributes, +Write Attributes, +Delete, +Read Permissions, +Change Permissions, +Take Ownership]"""  AND

   "Directory:??TARGET.WINDIR??/system32/inetsrv"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\SYSTEM Allow [+List Folder/Read Data, +Create Files/Write Data, +Create Folders/Append Data, +Read Extended Attributes, +Write Extended Attributes, +Traverse Folder/Execute File, +Delete Subfolders and Files, +Read Attributes, +Write Attributes, +Delete, +Read Permissions, +Change Permissions, +Take Ownership]"""  AND

   "Directory:??TARGET.WINDIR??/system32/inetsrv"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\USERS Allow [+List Folder/Read Data, +Read Extended Attributes, +Traverse Folder/Execute File, +Read Attributes, +Read Permissions, -Create Files/Write Data, -Create Folders/Append Data, -Write Extended Attributes, -Delete Subfolders and Files, -Write Attributes, -Delete, -Change Permissions, -Take Ownership]"""

end

2.5

if

   "Directory:??TARGET.WINDIR??/system32/inetsrv/iisadmpwd" exists

then

   "Directory:??TARGET.WINDIR??/system32/inetsrv/iisadmpwd"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\ADMINISTRATORS Allow [+List Folder/Read Data, +Create Files/Write Data, +Create Folders/Append Data, +Read Extended Attributes, +Write Extended Attributes, +Traverse Folder/Execute File, +Delete Subfolders and Files, +Read Attributes, +Write Attributes, +Delete, +Read Permissions, +Change Permissions, +Take Ownership]"""  AND

   "Directory:??TARGET.WINDIR??/system32/inetsrv/iisadmpwd"."Permission ACL  (Windows NTFS) (Windows)" has ACE matching mask """*\SYSTEM Allow [+List Folder/Read Data, +Create Files/Write Data, +Create Folders/Append Data, +Read Extended Attributes, +Write Extended Attributes, +Traverse Folder/Execute File, +Delete Subfolders and Files, +Read Attributes, +Write Attributes, +Delete, +Read Permissions, +Change Permissions, +Take Ownership]"""

end

2.6

if

   "File:/C/WINDOWS/system32/inetsrv/inetmgr.exe" exists

then

   "File:/C/WINDOWS/system32/inetsrv/inetmgr.exe"."Permission ACL (Windows NTFS) (Windows)" has ACE matching mask """*\ADMINISTRATORS Allow [+List Folder/Read Data, +Create Files/Write Data, +Create Folders/Append Data, +Read Extended Attributes, +Write Extended Attributes, +Traverse Folder/Execute File, +Delete Subfolders and Files, +Read Attributes, +Write Attributes, +Delete, +Read Permissions, +Change Permissions, +Take Ownership]"""  AND

   "File:/C/WINDOWS/system32/inetsrv/inetmgr.exe"."Permission ACL (Windows NTFS) (Windows)" has ACE matching mask """*\SYSTEM Allow [+List Folder/Read Data, +Create Files/Write Data, +Create Folders/Append Data, +Read Extended Attributes, +Write Extended Attributes, +Traverse Folder/Execute File, +Delete Subfolders and Files, +Read Attributes, +Write Attributes, +Delete, +Read Permissions, +Change Permissions, +Take Ownership]"""

end

3.1

"Security Setting:Security Settings\Local Policies\Security Options\Accounts: Guest account status"."Local setting as Integer Value (Windows)" = 0  AND

"Security Setting:Security Settings\Local Policies\Security Options\Accounts: Guest account status"."Effective setting as Integer Value (Windows)" = 0

3.2

NOT ("Windows Group:Users"."User Members (Windows)" contains "IUSR_??TARGET.NAME??")

4.1

if

   "Extended Object Entry:IIS Web Server Extensions//**" exists

then

   foreach "Extended Object Entry:IIS Web Server Extensions//**"

      "Value1 as String (All OS)" does not contain "Allowed"

   end

end

4.2

if

   "Extended Object Entry:IIS Scripts Access//**" exists

then

   foreach "Extended Object Entry:IIS Scripts Access//**"

      "Value1 as String (All OS)" != "True"

   end

end

4.3

if

   "Extended Object Entry:IIS Root Web Folders//**" exists

then

   foreach "Extended Object Entry:IIS Root Web Folders//**"

      if

         Name contains "Virtual Directory Path"

      then

         "Value1 as String (All OS)" starts with "c:\inetpub"

      end

   end

end

4.4

if

   "Extended Object Entry:IIS Web Connections//**" exists

then

   foreach "Extended Object Entry:IIS Web Connections//**"

      if

         Name contains "Maximum Connections"

      then

         "Value1 as String (All OS)" != "Unlimited"

      end

   end

end

4.5

if

   "Extended Object Entry:IIS Rapid File Protection//**" exists

then

   foreach "Extended Object Entry:IIS Rapid File Protection//**"

      if

         Name contains "Rapid Fail Protection"

      then

         "Value1 as String (All OS)" = "True"

      end

   end

end

4.6

if

   "Extended Object Entry:IIS Anonymous User//**" exists

then

   foreach "Extended Object Entry:IIS Anonymous User//**"

      if

         Name contains "Annonymous Access Account"

      then

         "Value1 as String (All OS)" does not contain "IUSR"

      end

   end

end

4.7

if

   "Extended Object Entry:IIS Directory Browsing//**" exists

then

   foreach "Extended Object Entry:IIS Directory Browsing//**"

      if

         Name contains "Directory Browsing"

      then

         "Value1 as String (All OS)" = "False"

      end

   end

end

5.1

if

   "Extended Object Entry:IIS Role Services//**" exists

then

   "Extended Object Entry:IIS Role Services//Web Server:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//Common HTTP Features:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//Static Content:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//Default Document:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//Directory Browsing:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//HTTP Errors:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//HTTP Redirection:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//WebDav Publishing:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//Application Development:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//ASP.NET:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//.NET Extensibility:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//ASP:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//CGI:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//ISAPI Extensions:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//ISAPI Filters:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//Server Side Includes:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//Health and Diagnostics:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//HTTP Logging:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//Logging Tools:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//Request Monitor:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//Tracing:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//Custom Logging:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//ODBC Logging:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//Security:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//Basic Authentication:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//Windows Authentication:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//Digest Authentication:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//Client Certificate Mapping Authentication:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//IIS Client Certificate Mapping Authentication:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//URL Authorization:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//Request Filtering:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//IP and Domain Restrictions:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//Performance:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//Static Content Compression:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//Dynamic Content Compression:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//Management Tools:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//IIS Management Console:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//IIS Management Scripts and Tools:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//Management Service:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//IIS 6 Management Compatibility:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//IIS 6 Metabase Compatibility:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//IIS 6 WMI Compatibility:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//IIS 6 Scripting Tools:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//IIS 6 Management Console:*"."Value1 as String (All OS)" = "Installed"  AND

   "Extended Object Entry:IIS Role Services//FTP Server:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//FTP Service:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//FTP Extensibility:*"."Value1 as String (All OS)" = "Not Installed"  AND

   "Extended Object Entry:IIS Role Services//IIS Hostable Web Core:*"."Value1 as String (All OS)" = "Not Installed"

end

6.1

if

   "Extended Object Entry:IIS Shared Web Folders//**" exists

then

   foreach "Extended Object Entry:IIS Shared Web Folders//**"

      if

         Name contains "Shared WebFolder:"

      then

         "Value1 as String (All OS)" = "-None-"

      end

   end

end

A full construction document for building customized IIS Compliance including the template, rules, discovery and compliance jobs is here.

Was this page helpful? Yes No Submitting... Thank you

Comments