Thanks to Brett Hill at [url=www.iisanswers.com]www.iisanswers.com[/url] and his zippy little IIS Newsletter for this; the NSA has updated their site on securing Win2K Servers and Workstations along with IIS. Just thought you might want to check it out:

http://nsa2.www.conxion.com/win2k/download.htm

Hey clutch thanks for the interesting info. IIS is starting to be a really powerfull and secure service. It's obvious that it's going to take some time, since it's a quite new service compared to competitors (like Apache)-and yes that's a hint to all Linux users!

?? IIS is far older than Apache.

Is it?I thought that IIS was introduced since NT 4 was out. When was Apache out?

The point i was trying to make was not only related to IIS. I hear a lot of Linux systems saying about bad security in win2k compared to Linux. That's completely rediculus since Linux is based on a system (Unix) running way longer time than winNT(all versions), and it's obvious that security holes in NT are covered eventually, but it takes a while to get a very high security standard.
Whether Linux users like it or not, Win2k is the OS that most system admins prefer for their networks, and has gained thousands of positive reviews around the whole world.Any disagreement to this?

edit: I don't want to be misundersand by Linux users. It all depends on what you want to run on your server/workstation. Linux is an obvious choise for users that don't want to pay MS for lincencing computers etc. BUT:
When i hear lines like "Linux is way more stable than win2k if you first disable all the GUI's and run and config everything from the command line interface" from Linux "experts"(yes a friend told me this), then i go laughing at it's face, because the guy is obviously talking nonesence. I mean if i'm running command in win2k the system will never crash in 20 centuries time, is it?!

IIS has been around for a while, and it did come with NT4 Server (the later versions came in Option Packs). Most of the issues that have ever been brought with stability or security in IIS have been because of features that Apache admins have never even thought of seeing included with their systems (like Index Server, which I use a great deal on my Intranet at work).

Personally, I don't care for Apache simply because it doesn't offer the functionality that I need. First of all, I use ASP, and that requires a 3rd party interpreter (like ChiliSoft) when you aren't using IIS. Next, I like using some of the included features of IIS (like Index Server) which are quite powerful yet easy to use and secure. I also like being able to use pass-through authentication for domain accounts to WWW/FTP resources rather than maintaining separate account structures in my domain and in the hosting application. If I was using *nix, then I would probably be all over Apache and MySQL (or PostgreSQL) for my applications.

Apache on Windows is pretty retarded...that's all I have to say.