> > *"An F grade is unacceptably bad, definitely something he needs to get > sorted. Hold the web developer / company accountable for that."* >
I could barely sleep last night knowing that I'd flunked with an F. The trouble is, I don't know who to blame (I am the *developer* and the *company*!!). My web server is a pretty vanilla Win2008R2 install and I got the cert from Comodo 6 months ago. I sort of expected that regular Windows Updates would be fixing this sort of thing, or perhaps I'd get some sort of security alert somehow. Why are out-of-the-box servers falling behind best security practises? I want my server to get an A, but the script I mentioned before worries me and I'd prefer some specific and trustworthy instructions from somewhere like TechNet, a KB or MSDN to tell me exactly what to do. *Greg K*
