Highlighted
Occasional contributor

Web server .NET Authorization rules

We are currently going over the Microsoft IIS 10.0 Server Security Technical Implementation Guide for our FNMS servers in a DoD environment. We have an open finding with vulnerability ID V-100185, which requires no other than "Administrators" to have authorized access. Currently "All Users" have access. 

My question is if we restrict this setting to only Administrators, would it cause any performance issues to the FNMS web or application server?

0 Kudos
2 Replies
Highlighted
Community Manager Community Manager
Community Manager

Re: Web server .NET Authorization rules

Can you elaborate on what resource you are talking about limiting the access to? Exactly what are you looking at that all users have access to?
(Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".)
Highlighted
Occasional contributor

Re: Web server .NET Authorization rules

Hi @ChrisG, I am talking about the .NET Authorization rules in IIS Manager under the web server name. 

0 Kudos