I am not as familiar with IIS so but how can I restrict access through IIS by AD Group. I was able to configure it so the deny all others but get my AD Group to only have access to the web enrollment site at https://hostname/certsrv. But I am able to get to the site https://hostname/certsrv/Default.asp no matter if what .net Authorization Rules I set, such as only deny "All Users". So the page Default.asp is available, how can I make all sites beloew certsrv restricted?
Used the follow site:
https://serverfault.com/questions/352647/restrict-access-to-iis-site-to-an-ad-group
https://forums.asp.net/t/2119967.aspx?Can+we+restrict+user+to+access+a+page+in+IIS