View source for IIS Security Practices

==Full Title or Meme==
Security practices to follow on IIS for good security.

==Context==
* Assuming IIS (or any web platform) is running as a front end web server, it should never be trusted with high value assets and assumed to be hackable. Still there are ways to make the hacks much less frequent.
* [https://www.dnsstuff.com/windows-iis-server-tools Ultimate Guide to IIS Server: What Is IIS? 2020 IIS Tutorial] 2020-02-20

==Solutions==
===Application Pool Identities===
Starting with Server 2008 R2 IIS services will not longer run as network services but with virtual [https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities Application Pool Identities] that have no entry local or domain accounts, and hence no "Current User" cert store or HKCU registry entries.
==References==
* This provides details for the wiki page [[Web Site Security]].

[[Category:Best Practice]]
[[Category: Web]]
[[Category:Security]]