In the Maching.config file, there is a "deployment" element that you can add and set that will help in this area. Once set, this element will tell the ASP.NET process ignore several security and performance related settings that may have been left enabled inadvertently in the web.config and deployed in a production environment. Adding this element on all of your production servers results in the following:
* The compiler "debug" flag will be set to "false", ignoring all web.config files
* The trace “enabled” flag will be set to "false", ignoring all web.config files
* The customErrors "mode" flag will be set to "On", ignorin..