After working some time with SCM Checklists for Unix and Windows OS we now had a look at the CIS IIS 10 checklist.
As we have seen, checks are strict like CIS, eg.
#Name: cis-3.3
#Description: Check whether CustomError mode is “On” for any Application.
checks only for the default website:
$Value=Get-WebConfigurationProperty -pspath ‘MACHINE/WEBROOT/APPHOST/Default Web Site’ -filter “system.web/customErrors” -name “mode”
Usually this makes limited sense as other websites might be hosted. What leads me to my question:
How are you dealing with this?