...
Operational aspects not covered in guides. Procedures need to follow client’s standard operating procedures. Ensure the following is covered by client’s standard operating procedures.
Aspect | Content | Comments |
|---|---|---|
Backup | Ensure to backup databases, file areas for content, and settings. | Ensure to set time for backup which does not interfere with possible nighly imports or publish processes. |
Monitoring | Monitor SQL and IIS | Also consider using GetStatus. Technical documentation - Operational status of web viewer |
Antivirus | Ensure to configure antivirus | Possible exclusions only if large amount of files are changed at each publish, this may hamper performance in some anti viros tools. |
Incident management | Ensure to prepare organisation for handling incidents and changes | |
Down time procedures | Ensure to prepare organisation for down time procedure | |
Clean up | Ensure to apply clean up scripts for automated imports and log files |
Security
Service account
| Info |
|---|
It is recommended to use a service account for IIS instead of LocalSystem. |
Tilde Short File/Folder Name Disclosure
If IIS accept short filenames, a user may try to break security by testing different file names. Two actions are suggested for this issue.
Discard or filter all web requests including a tilde "~" character. The most recommended prevention technique is to apply a filtering rule in the firewall for all ~ (tilde) and Unicode encoded equivalences sent in the URL path to the server. If such a rule cannot be applied, URL rewrite should be used instead.
An alternativ is to discard all web requests using the tilde character by adding a registry key named NtfsDisable8dot3NameCreation to HKLM\SYSTEM\CurrentControlSet\Control\FileSystem. Set the value of the key to 1 to mitigate all 8.3 name conventions on the server. Please refer to https://learn.microsoft.com/en-us/troubleshoot/windows-server/performance/stop-error-code-0x00000019