GitHub | Configure-StigIIS | AverageBear – Requires WebAdministration module
I was tasked with STIGing all of our IIS instances. If you’ve been involved in that process before, you understand how painful it can be. Being the ridiculous person I am, I set out to automate the process (as much as I possibly could and without absolutely destroying everything). Well… ~3300 lines later, I’ve come up with something extremely helpful for myself, the auditors, and hopefully at least one of you.
I have wiped away and tested this several times (with SolarWinds specifically) with great success. While this doesn’t span EVERY item, it takes care of an incredibly large portion of the IIS 8.5 Sites/Server STIG vulnerabilities and frees up several hours/days of testing and break/fix hunting. Most are directly configured and other are simply reported and require manual decisions (i.e. Users/Groups access, etc.).
It reports all changes, previous configuration values, and whether or not it is compliant based on settings provided in 2018 Q3 IIS 8.5 Sites/Server STIG settings from DISA.
There may be other items that can be automated but, my brain is currently recovering from the apocalypse resulting from writing and testing this in just a few days. Feel free to check the settings for yourself or commit needed changes on GitHub. To everyone who has ever had to do this on multiple servers/sites…. I’m sorry this didn’t come sooner.