Set Up MS IIS Authentication

Create an MS IIS record in order to authenticate to a Microsoft Internet Information Services (MS IIS) Web Server on a Windows host, and scan it for compliance. Windows authentication is required so you'll also need a Windows record for the host running the web server. The Windows record must have domain type "NetBIOS, User-Selected IPs" with the IP address assigned or the domain type "NetBIOS, Service-Selected IPs".

This record type is only available in accounts with PC or SCA and is only supported for compliance scans.

Which technologies are supported?

For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article: 

Authentication Technologies Matrix

How do I get started?

- Go to Scans > Authentication.

- Check that you have a Windows record already defined for the host running the web server.

- Create an MS IIS record for the same host. Go to New > Applications > MS IIS.

Note: If the Network Support feature is enabled, then the Windows record must have the same network selected as the MS IIS record.

Tell me about user permissionsTell me about user permissions

Managers can add authentication records.

Unit Managers must be granted these permissions:
- Manage PC module / Manage SCA module
- Create/edit authentication records/vaults

How does it work?

We'll authenticate to each target host using the credentials provided in the Windows record. If the host is running an MS IIS web server then we'll check to see if an MS IIS record exists. If yes, we'll use credentials from the Windows record to authenticate to the Windows system, access the web server configuration, and scan it for compliance.

Quick Links

Why use host authentication