Configuring and Securing IIS

Practice Labs Module
1 hour

The module "Configuring and Securing IIS" will provide you with the instructions and devices to develop your hands-on skills in the following topics: IIS Setup, IIS Platform Tour, Inetpub Configuration, IIS Configuration and Security Practices.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »



The module Configuring and Securing IIS will provide you with the instructions and devices to develop your hands-on skills in the following topics.

  • IIS Setup
  • IIS Platform Tour
  • Inetpub Configuration
  • IIS Configuration and Security Practices

Lab time: It will take approximately 1 hour to complete this lab.

Exam Objectives

The following exam objectives are covered in this lab:

  • Secure the provisioning of resources
  • Understand and apply foundational security operations concepts
  • Employ resource protection techniques

Exercise 1 - IIS Setup

We will run through a typical installation of IIS which is usually quite common practice amongst IT teams. We will make a few modifications to the installation defaults along the way but aim to generate an IIS working website.

We are following best practice by not installation to the domain controller and instead making an installation on a domain member. This particular domain member is, in fact, acting under many roles but is a better-suited candidate.

Exercise 2 - IIS Platform Tour

Internet Information Services 8 has quite a few functions built into it automatically, and it’s important to have an understanding of the whole platform. It’s designed to be modular and therefore easy to administer/control changes. It has integration properties for ASP.NET, ASP, PHP. When initially configured, IIS helps to reduce risks by providing a sandbox environment and aims to improve site availability with dynamic caching and compression.

Exercise 3 - Inetpub Configuration

This folder contains all the directories and FTP data that effectively makes up the website as a whole. Knowing the default location to installation is key to security measures as most attackers will assume that default installations have been made on a server and code application to attack those installation paths.

The folder inetpub contains sub-directories for custerr (custom errors), ftproot drives, a general history which holds configuration changes, logs, any require temp, and most importantly the wwwroot folder which holds the main website html.

Exercise 4 - IIS Configuration and Security Practices

We will now begin to follow best practice guidelines and improve the security of the IIS server by changing installation defaults and improving basic security measures.

Learning Partner
Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.