Start IIS Lockdown and click Next to continue.

Agree to the license and click Next.

Select Dynamic Web Server (ASP enabled) from the list.

Also check the box beside View Template Settings.

Click Next.

Web Service (HTTP) should already be checked.

Make sure that E-mail Service (SMTP) is checked as well.

Click Next.

All Script Maps, except for .asp, are disabled by default.

Click Next.

All Additional Security options should be checked.

Click Next.

Make sure the box beside Install URLScan Filter is unchecked and click Next.

Review your selected changes. 

Click Next to continue and apply the changes.