How to security IIS inetpub\wwwroot\_vti_inf.html file Dear sir, I have performed a security scanner of server, report mentiones that: THREAT: The file "_vti_inf.html" was retrieved. This file contains basic configuration information for the Web server FrontPage Extensions. IMPACT: Scan Results page 5 The information obtained through successful exploitation of this vulnerability can assist in further attacks against the host. SOLUTION: Restrict access to the file. But how to restrict access to this file? I cannot found any suitable document how to restrict it. Does it means set permission of the or change content of file? Here are the content of file: ====================================================================== <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title> FrontPage Configuration Information </title> </head> <body> <!-- _vti_inf.html version 0.100> <!-- This file contains important information used by the FrontPage client (the FrontPage Explorer and FrontPage Editor) to communicate with the FrontPage server extensions installed on this web server. The values below are automatically set by FrontPage at installation. Normally, you do not need to modify these values, but in case you do, the parameters are as follows: 'FPShtmlScriptUrl', 'FPAuthorScriptUrl', and 'FPAdminScriptUrl' specify the relative urls for the scripts that FrontPage uses for remote authoring. These values should not be changed. 'FPVersion' identifies the version of the FrontPage Server Extensions installed, and should not be changed. --><!-- FrontPage Configuration Information FPVersion="5.0.2.6790" FPShtmlScriptUrl="_vti_bin/shtml.dll/_vti_rpc" FPAuthorScriptUrl="_vti_bin/_vti_aut/author.dll" FPAdminScriptUrl="_vti_bin/_vti_adm/admin.dll" TPScriptUrl="_vti_bin/owssvr.dll" --> <p><!--webbot bot="PurpleText" preview="This page is placed into the root directory of your FrontPage web when FrontPage is installed. It contains information used by the FrontPage client to communicate with the FrontPage server extensions installed on this web server. You should not delete this file." --></p> <h1>FrontPage Configuration Information </h1> <p>In the HTML comments, this page contains configuration information that the FrontPage Explorer and FrontPage Editor need to communicate with the FrontPage server extensions installed on this web server. Do not delete this page.</p> </body> </html> ===============================================================