Question about locking down IIS on an SCCM 2012 distribution point on a Windows Server 2003 RRS feed

  • Question

  • Hello. My environment is SCCM 2012 SP1. I will be setting up several distribution points on Windows Server 2003 machines. This summer I have a project to configure SCCM to use our PKI infrastructure. Unfortunately, this will not be in place before I need to set the Windows Server 2003 machines up as distribution points. I am not an IIS expert. When I set the DPs up, I am only 1)Installing IIS, 2)Enabling BITS extensions, and 3)Enabling WebDav. Is there anything I should do to ensure they are as secured as possible?
    Friday, January 24, 2014 10:32 PM


  • I would say that installing Windows Server 2003 is not "as secure as possible" due to it's end of support coming soon. http://support.microsoft.com/lifecycle/default.aspx?LN=en-us&p1=3198&x=10&y=12

    And I would say that we need more information about your scenario to tell you how it is as secure "as possible". Since that would be shutoff at the bottom of the ocean. But that wouldn't be that useful server.

    Im guessing that you will run these servers for internal clients ONLY. And that you have a decent edge protection as well as physical protection. Then I would start by having the lastest secrutiy patches, running antivirus software and having the firewall turned ON. I would make sure that only necessary logons would be possible and that the servers wouldn't cache any credentials. Typically a DP NEVER holds sensitive data so no real need to secure them more than that in a normal scenario if you ask me.

    A final notice, this is a baseline for a common scenario. You would need to scale and change that in order to apply for your scenario.

    Tim Nilimaa | Blog: http://infoworks.tv | Twitter: @timnilimaa

    Saturday, January 25, 2014 10:26 AM