No announcement yet.

Group Policy on IIS Box

  • Filter
  • Time
  • Show
Clear All
new posts

  • Group Policy on IIS Box


    I was wondering what your opinions were on group policy settings to be applied to a Windows 2003 Server running IIS 6.0. In my scenario the computer is in the beneficial position of being completely dedicated to this singular role. The server will be sitting in my DMZ, protected by my firewall with only a couple ports open back to our secure network.

    I've been told that I could probably run it with out any policy applied at all. I do think this is possible; however, an additional layer never hurts. I have installed via unattend.txt (not installing unnecessary components) and ran SCW to create a pretty restrictive baseline policy.

    Just looking for other thoughts/opinions. Thanks!

  • #2
    Re: Group Policy on IIS Box

    If your IIS box is not member of any AD domain, only the Local computer policy is applied. It contains a couple of important settings that contribute to your server security: password policy, account lock out, auditing, user rights assignment, etc.
    Even if there is tricks to disable the Local comp. policy, using registry settings, I don't recommend it to you.
    In a AD environment it can be overwritten by higher level (domain and OU) policies.
    Csaba Papp
    MCSA+messaging, MCSE, CCNA
    Remember to give credit where credit is due and leave reputation points where appropriate


    • #3
      Re: Group Policy on IIS Box

      Thank you for the quick reply!

      The box is outside of an AD environment in this case. I am not looking to disable local group policy entirely. It's more about what settings are not to be overlooked... the password policy is a good example of this.