ちょっと古いネタですが、IIS6.0のレビューが出てますねえ。内容は、

• No IIS Installed by Default
• Lockdown Mode
• New Authentication Method
• URL Authorization

という感じでつ。Lockdown Modeのところに、

When you do choose to install IIS, it starts out in “highly secure” or “lockdown” mode. This means many of the more sophisticated web service features, such as Active Server Pages (ASP), ASP.NET, Web Distributed Authoring and Versioning (WebDAV) and server-side includes (SSI) are not functional. That’s because all of these features, used for serving dynamic content, present vulnerabilities of their own. In this lockdown mode, FrontPage server extensions don’t work, and only static content can be served. Any attempt to use these features causes a 404 error (file not found).

話には聞いていましたが、やはりかなり堅い感じですね。