Anyone have this issue?
WSUS IIS hardening
hi,
there is a hardening setting in CIS IIS10 2.1 (L1) Ensure 'global authorization rule' is set to restrict access that recommend to remove All Users.
What is the rule to set to allow for? or WSUS must use "Allow All Users"
Thanks and regards
5 answers
Sort by: Newest
-
-
Gan Seng Leng 1 Reputation point
2021-06-03T10:14:06.84+00:00 the memory limit is set 0 which has no limit
-
Sam Wu-MSFT 7,126 Reputation points Microsoft Vendor
2021-06-02T14:09:07.62+00:00 You can try the follwoing steps to slove the 0x80244022 error.
- On your WSUS Server, launch the IIS Manager.
- Click 'Application Pools' is in the Connections list.
- Right-click 'WSUSPool' and select ' Start ' to restart the WSUSPool.
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
-
Gan Seng Leng 1 Reputation point
2021-06-02T05:42:52.02+00:00 i have tried adding:
administrators
domain\Domain Users
domain\Domain Admins
NT AUTHORITY\Authenticated Users
Network Service
Local Systembut still unable to get clients to successfully connect to WSUS, facing error (0x80244022) or unnable to connect to update services.
Any other rules i need to add to get WSUS working?
-
SUNOJ KUMAR YELURU 13,986 Reputation points MVP
2021-06-01T12:17:23.72+00:00 Configuring a global Authorization rule that restricts access will ensure inheritance of the
settings down through the hierarchy of web directories; if that content is copied elsewhere,
the authorization rules flow with it. This will ensure access to current and future content is
only granted to the appropriate principals, mitigating risk of accidental or unauthorized
access.
Audit:At the web site or application level, verify that the authorization rule configured has been
applied:- Connect to Internet Information Services (IIS Manager)
- Select the site or application where Authorization was configured
- Select Authorization Rules and verify the configured rules were added
To verify an authorization rule specifying no access to all users except the Administrators
group, browse to and open the web.config file for the configured site/application/content: <configuration>
<system.webServer>
<security>
<authorization>
23 | P a g e
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="administrators" />
</authorization>
</security>
</system.webServer>
</configuration>
Remediation:
To configure URL Authorization at the server level using IIS Manager:
- Connect to Internet Information Services (IIS Manager)
- Select the server
- Select Authorization Rules
- Remove the "Allow All Users" rule
- Click Add Allow Rule…
- Allow access to the user(s), user groups, or roles that are authorized across all of the
web sites and applications (e.g. the Administrators group)
If the Answer is helpful, please click
Accept Answer
and up-vote, this can be beneficial to other community members.