For a very long time, I have been asked for a document on IIS best practices. There are some blogs/articles on the Internet but I could not find a complete one. Actually, the main problem here is that there can not be “best practices” for a web server. A web server is just a hosting platform for applications, and, each and every application has its own needs. Therefore, in many cases, you will not have one universal best practice.
Having these said, I tried to gather a list of things one should check while configuring an IIS server (and an application on IIS). I should say that these are my own thoughts based on my own experience. It is very likely that you will find some resources mentioning just the opposite of what I say.
NOTE: Some of the links I provided below refer to content in Turkish because I usually blog in Turkish.
Application pool configuration