The installation procedure for IIS is good. If you move any files to different directories, though, do not forget to ensure that the IIS directory properties reflects those changes. The individual files are where you include or exclude Internet users. Setting these permissions at the individual file level is where you control whether users are asked for authentication. If you use IIS in conjunction with *.IDC or *.HTX files, don't forget to individually secure those files too (see Figure 6.20). These files control receiving and sending data over the Web. If users know the names of these files, they can type them in directly instead of going through the designated link. In other words, you might lock the door but leave a window open.