You can largely automate the process of securing your Web server by running the IISLockdown tool. It allows you to pick a specific type of server role and then improve security for that server with customized templates that either disable or secure various features. In addition, the URLScan ISAPI filter is installed when you run IISLockdown. The URLScan ISAPI filter rejects potentially malicious requests and accepts or rejects client requests based on a configurable set of rules.