Encrypt and Decrypt Sensitive Data in Web.Config

Encrypt web.config nodes that contain sensitive information such as service accounts and SQL Server logins.

To encrypt your web.config, open a command prompt on the server and enter the following commands:

cd\WINDOWS\Microsoft.NET\Framework\v4.0.30319 <Enter>
aspnet_regiis -pe "connectionStrings" -app "/MyWebApp" <Enter>
aspnet_regiis -pe "system.web/machineKey" -app "/MyWebApp" <Enter>
aspnet_regiis -pe "appSettings" -app "/MyWebApp" <Enter>
aspnet_regiis -pe "system.web/identity" -app "/MyWebApp" <Enter>
aspnet_regiis -pe "system.web/authorization" -app "/MyWebApp" <Enter>

To make changes to your web.config you will need to decrypt it. Use the same commands as above only substitute -pd for -pe.

More information: http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx

Command Lines to Implement Minimum Visual Studio ASP.Net Development Requirements In Secure Environment

net localgroup Administrators /add Domain\UserName

net localgroup Administrators /add VisualStudioDebuggerLocalAccount

ntrights -u "VisualStudioDebuggerLocalAccount" -m \\ComputerName +r SeBatchLogonRight

sc config w3svc start= auto
sc config iisadmin start= auto

NET START iisadmin 

%windir%\microsoft.net\framework\v4.0.30319\aspnet_regiis.exe -i
%windir%\microsoft.net\framework\v4.0.30319\aspnet_regiis.exe -ga ComputerName\VisualStudioDebuggerLocalAccount

The VisualStudioDebuggerLocalAccount runs as the identity for the application pool used for the local IIS web application you want to debug in Visual Studio.

Ntrights.exe is part of the Server 2003 Administration Tools.