Feb 09 2017 01:05 PM
When using Sharepoint 2016, should we leave IIS untouched ? Is it ok to harden IIS ? WIll it create any issues for Sharepoint ? Is there any compnents of IIS that should be left untouched ? ANy reference to Microsoft's recommendation with regards to IIS hardening when used for Sharepoint ?
Many thanks
Feb 12 2017 04:23 PM
I found this but it relates to SharePoint Server 2013, however you might be able to find some useful and still relevant pointers: https://technet.microsoft.com/en-us/library/cc262849.aspx
Feb 13 2017 10:00 AM
Feb 13 2017 06:06 PM
I agree that IIS site components should probably not be touched. However, just a few examples....should we change things like setting the file Extension allowunlisted to True in web.config, setting deployment retail switch to true, disabling http trace method, enabling dynamic ip address restrictions, ensuring cookies are set with httponly attribute, disallowing non ascii characters in urls...
Feb 14 2017 09:56 AM
SolutionFeb 14 2017 09:56 AM
Solution