Keep IIS7 Failed Request Tracing as a sysadmin only diagnostic tool?
- by Kev
I'm giving some of our customers the ability to manage their sites via IIS Feature Delegation and IIS Manager for Remote Administration.
One feature I'm unsure about permitting access to is Failed Request Tracing for the following reasons:
Customers will forget to turn it off
The server will be taking a performance hit (especially if 500 sites all have it turned on)
The server will become littered with old FRT's
The potential to leak sensitive information about how the server is configured thus providing useful information to would-be intruders.
Should we just keep this as a troubleshooting tool for our own admins?