I am going thru the IIS5 checklist (www.microsoft.com/technet/security/tools/iis5chk.asp) which suggests killing the script mappings that are not needed. Also looking at the document http://www.microsoft.com/serviceproviders/whitepapers/securing_iis_whpaper.d oc which lists a few registry settings to tweak.
couple of questions: 1) I don't see some of these registry keys on a new w2k server. Should I add them? If so, what will that do to OWA? 2) Can I hammer all the script mapping types suggested without wrecking OWA? In particular, would I need the ".htr" entry for web-based password reset -- does this mapping pertain to the "change password" option that the client sees when connected to the OWA server? win2K SP2 and OWA (talking to Exchange 5.5 SP4 on the back end) -all just installed on a brand new box that does only OWA services. thanks randy. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
