Relocate Web roots and virtual directories to a non-system partition to protect against directory traversal attacks. These attacks allow an attacker to execute operating system programs and utilities. It is not possible to traverse across drives. For example, this approach ensures that any future canonicalization worm that allows an attacker to access system files will fail. For example, if the attacker formulates a URL that contains the following path, the request fails:
During this step, you:
Move your Web site to a non-system volume.
Disable the parent paths setting.
Remove potentially dangerous virtual directories.
Remove or secure RDS.
Set Web permissions.
Remove or secure ...