Hi folks,

here are some recommendations to implement IIS and be secure:

1) Use the Best Practice Analyzer tool

2) The app pool is the execution space, so, each site should have its own.

3) Enable Remote IIS administration: http://www.iis.net/learn/manage/remote-administration/remote-administration-for-iis-manager

4) Test your web site, typically if you are exposed to internet: https://asafaweb.com/

Web resources:

http://blogs.msdn.com/b/cenkiscan/archive/2012/06/20/iis-best-practices.aspx

https://adminspeak.wordpress.com/tag/iis-7-5-best-practices/

http://robrich.org/archive/2013/06/14/iis-web-server-best-practices.aspx

Test