Configure Web Application Configuration Analyzer 2.0 for my ASP.NET App?

Ok, horrible headline, but the question is, has anyone used the new WACA? I run the sca开发者_如何学运维n and for most IIS related Rules I only get "Indeterminate".

For example:

In element enabled attribute is set to false -> Indeterminate

And that should be something that the tool can determine? No?

Cheers

Remy

IIS Common Files are required to scan for most of the web server checks. IIS Common Files are native in 2003/XP, but not 2008/Vista/Win7 so you need to install the IIS 6 Mgmt Console, Metabase, and Configuration Utility. Unfortunately this needs to be installed on both the scanning host and the remote server. Why they don't leverage the built-in IIS7 features instead of making you expand your attack surface I don't know.

See this page for instructions for installing IIS Common Files: http://technet.microsoft.com/en-us/library/aa998413%28EXCHG.80%29.aspx.