Managing IIS 5.0 and IIS 6.0
IIS Administration Tools and Methods.
The administration methods and management tools which you can use to administer IIS are listed below:
- Microsoft Management Console (MMC) tools under the Administrative Tools Menu.
- The primary MMC used to administer IIS is the IIS Manager (see below).
- You can also use the Computer Management console to perform administration tasks for IIS. The Computer Management console can be opened from the Administrative Tools Menu. To access the Internet Information Services (IIS) node in the Computer Management console, expand the Services And Applications node in the console tree.
- The Application Server console can be used to configure IIS, the.NET Framework, and Component Services. To access the Application Server console, open the Manage Your Server window (Administrative Tools), and then select Manage Your Application Server.
- Windows Server 2003 Administration Tools.
- Remote Desktop, a Terminal Services feature, can be used to remotely manage an IIS 6 machine.
- Remote Desktop Web Connection enables you to access Remote Desktop by using Internet Explorer.
- Remote Administration (HTML) is an IIS Administration website which enables you to manage IIS via Internet Explorer.
Using IIS Manager for IIS Administration
The IIS Manager can be used to perform administration functions for the following versions of IIS:
- IIS 4, IIS 5, IIS 5.1 and IIS 6.
When you perform a basic installation of IIS, the following IIS components are installed:
- Files utilized by IIS.
- Microsoft FrontPage server extensions.
- The IIS snap-in, IIS Manager.
- The World Wide Web service and SMTP service.
To change any default configuration settings of these components, you can use the IIS Manager. The IIS Manager is a MMC console which is automatically installed when you install IIS. It is the main tool used for performing IIS administration tasks. You can use the IIS Manager GUI tool to machine multiple IIS machines both locally and remotely. Because IIS functions through WAN connections, you can use the IIS Manager for remote management of the IIS machine over LAN and WAN connections. You can perform virtually any IIS administration functions from the IIS Manager tool, including:
- Manage IIS security and performance.
- Enable or disable IIS components.
- Create and manage Web sites and SMTP sites.
- Manage services such as File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Network News Transfer Protocol.
- Configure Application Pools.
- Perform content management tasks.
The left pane of the IIS Manager window contains the console tree, which in turn holds the objects which you can perform management tasks for. When you select an object in the console tree, the right pane (details pane) lists the details of that particular object. You can right-click the nodes in the console tree, and select its Properties from the shortcut menu to configure settings. You can also access certain administrative functions by right-clicking the node and selecting the function from the shortcut menu that displays.
The three nodes in the IIS Manager’s console tree are:
- Application Pools: This is the location from where you can create application pools, assign applications to application pools, assign worker processes to applications, configure health and recycling settings, as well as other configuration settings. When you install IIS 6, and it is running in worker process isolation mode, the DefaultAppPool is created under the Application Pools node. Default Application Pool contains Default Application. This is created for the Default Web Site at IIS installation. Right-clicking DefaultAppPool enables you to perform the tasks listed below, by selecting it from th shortcut menu:
- Access the Properties dialog box of an application pool to specify configuration settings.
- Save an application pool’s configuration to a XML file so that it can be imported to a different server.
- Stop and start application pools.
- Recycle the worker processes of an application pool.
- Web Sites: This node contains the Default Web Site, which is automatically created when IIS 6 is installed. This is the location from which to configure websites and virtual directories to run dynamic web applications.
- Web Service Extensions (WSE): By default, IIS 6 is installed in lock down mode. To ensure that your applications run correctly, you have to enable or unlock certain IIS components, including ASP, ASP.NET, ISAPI or CGI, or components. You do this using the Web Service Extensions (WSE) node.
How to open the IIS Manager
You can use the methods listed below to open the IIS Manager:
- Click Start, click Administrative Tools, and then click Internet Information Services (IIS) Manager.
- Click Start, Run, enter inetmgr in the dialog box, and click OK.
How to connect to an IIS computer using the IIS Manager:
- Right-click the Internet Information Services node in the console tree and click Connect from the shortcut menu.
- The Connect To Computer dialog box opens.
- If you know the name of the computer, enter it in the Computer Name box. This has to be the fully qualified domain name (FQDN) or IP address of the computer. Click OK.
- If you want to browse for the computer name, click the Browse button on the Connect To Computer dialog box.
- When the Select Computer dialog box opens, search for the computer you want to connect to, and click OK.
- You can click the Advanced button on the Select Computer dialog box to search Active Directory and the network for the computer name. Click OK.
- Click OK
How to use the All Tasks shortcut menu option to manage IIS servers:
You can display the All Tasks shortcut menu option by right-clicking the node of a connected IIS computer and selecting All Task from the shortcut menu. This brings up a submenu, from which you can choose to perform the following tasks:
- Backup/Restore Configuration.
- Restart IIS.
- Save Configuration To Disk.
To back up the IIS metabase using Backup/Restore Configuration option,
- Right-click the IIS server whose metabase you want to back up, select All Tasks from the shortcut menu, and then select Backup/Restore Configuration.
- The Configuration Backup/Restore dialog box opens.
- All existing backups are listed in the Backup list box of the dialog box.
- Click the Create Backup button to back up the metabase.
- When the Configuration Backup dialog box opens, enter a name for the backup and a password for securing the backup.
- Click OK.
- The newly created backup is now listed in the Backup list box of the Configuration Backup/Restore dialog box.
- All backup files are in the following folder:
- Systemroot%System32 inetservMetaBack
- An .md0 file extension indicates a metabase backup file
- An .sc0 file extension indicates a metabase schema backup file
- Systemroot%System32 inetservMetaBack
To restart IIS using the Restart IIS option,
- Right-click the IIS server, select All Tasks on the shortcut menu, and then click Restart IIS.
- You can choose between the following options:
- Restart IIS.
- Restart Server.
- Stop IIS.
- Start IIS.
Restarting IIS has the following consequences:
- Any users connected to IIS lose their connectivity.
- Websites and Web applications are unavailable for the duration of the restart. All data in memory of any applicatios are lost.
To immediately save configuration changes to the metabase using the Save Configuration To Disk option,
- Right-click the IIS server whose configuration setting changes you want to save to the metabase, select All Tasks on the shortcut menu, and then click Save Configuration To Disk.
Using Remote Desktop for IIS Administration
The Remote Desktop feature can be used to manage IIS computers using a Terminal Services client running Windows 98, Windows NT 4, Windows 2000 and Windows Server 2003. Essentially, the Windows Server 2003 Remote Desktop feature is alike to the Terminal Services – Remote Administration mode in Windows 2000. However, with Windows Server 2003, the Remote Desktop feature is automatically installed. It does however need to be enabled.
To enable the Remote Desktop feature,
- Open the System utility in Control Panel.
- Click the Remote tab.
- Enable the Users To Connect Remotely To This Computer checkbox.
- Click OK.
The following two Remote Desktop components are also automatically installed:
- Remote Desktop for Administration (RDA): This feature requires Terminal Services to enable client computers to connect to a server for remote desktop management.
- Remote Desktop Connection (RDC): You can use RDC to connect to an IIS server and manage it remotely. To connect to a IIS server,
- Click Start, All Programs, Accessories, Communications, and then click Remote Desktop Connection.
- When the Remote Desktop Connection dialog box opens, enter the name or IP address of the computer you want to connect to.
- Click Connect.
How to install IIS Components and create Web, FTP, NNTP, and SMTP sites
How to install IIS components:
Before you can create and maintain any Web, FTP, NNTP, and SMTP sites, you first have to install the necessary components.
- Click Start, Control Panel, and click Add/Remove Programs.
- Click Add/Remove Windows Components in the Add Or Remove Programs dialog box.
- Click Application Server in the Windows Components dialog box, and then click the Details button.
- The Application Server dialog box appears next.
- Click IIS and then select the Details button.
- After selecting the IIS components you want to install, click OK.
- When the Insert Disk dialog box appears, insert the Windows Server 2003 CD in the CD-ROM drive, and click OK.
How to create a new Web site:
The IIS Manager is the primary management tool used to create and manage websites. The Web Site Creation Wizard is used for the creation of new Web sites.
- Open the IIS Manager.
- Right-click the Web Sites node in the console tree, select New from the shortcut menu, and then select Web Site.
- The Web Site Creation Wizard initiates.
- On the Welcome to the Web Site Creation Wizard screen click Next.
- On the Web Site Description page, enter a name for the website. The name you enter here would be used in the IIS Manager. Click Next.
- On the IP Address and Port Settings page,
- Enter the IP address for the site in the Enter the IP address to use for this Web site text box.
- Enter the port number for the site in the TCP Port this Web site should use text box.
- Enter the host header name for the new site in the Host header for this Web site text box.
Click Next.
- On the Web Site Home Directory page, enter the path to the home directory for the site. It is recommended to host the directory on an NTFS partition because it is the location where the files of the Web site would be stored. You can click the Browse button to locate the folder.
- The Allow anonymous access to this web site checkbox is enabled by default. If the new Web site is to host confidential data, uncheck the Allow anonymous access to this web site checkbox. This would prvent users to authenticate via anonymous access to access the Web site. Click Next.
- On the Web Site Access Permissions page, the default access permissions for the Web site is that only the Read and the Run Scripts permissions is allowed. All other permissions are not enabled. The additional permissions which you can set to allow by enabling its associated checkboxes are:
- Execute, to enable execute permission for Dynamic Link Libraries (DLLs).
- Write, to allow users to upload data to the source directories of the site.
- Browse, to allow directory browsing on the new Web site.
Click Next.
- Click Finish to create the new Web site.
How to create a FTP site:
Before you can create a FTP site or multiple FTP sites, you have to install the FTP Service. Following this, use the steps below to create a FTP site.
- Open the IIS Manager.
- Right-click the FTP Sites node in the console tree, select New from the shortcut menu, and then select FTP Site.
- The FTP Site Creation Wizard initiates.
- On the Welcome to the FTP Site Creation Wizard screen click Next.
- On the FTP Site Description page, enter a name for the new FTP site. Click Next.
- On the IP Address and Port Settings page,
- Enter the IP address for the FTP site in the Enter the IP address to use for this FTP site text box.
- Enter the port number for the FTP site in the Type the TCP Port this FTP site text box.
Click Next.
- On the FTP User Isolation page, you can select the security setting options listed below:
- Do not isolate users: Enables all users to access all directories and files.
- Isolate users: Isolates a user from accessing other users’ FTP home directories.
- Isolate the users using Active Directory: To specify that Active Directory is used to authenticate and assign a FTP home directory to the user.
Click Next.
- On the FTP Site Home Directory page, enter the path to the home directory for the FTP site. You can click the Browse button to locate the folder. Click Next.
- On the FTP Site Access Permissions page, the default access permission enabled for the FTP site is the Read permission. You have to enable the Write permission if you want users to be able to upload any data to the source directories of the site.
Click Next. - Click Finish to create the new FTP site.
How to create a NNTP virtual server:
While IIS by default does create a NNTP server, you can create additional NNTP servers.
- Open the IIS Manager.
- Locate the computer, right-click Default NNTP Server, select New and then Virtual Server from the shortcut menu.
- The New NNTP Virtual Server Wizard initiates.
- Enter a name for the NNTP site. Click Next.
- On the Select IP Address page, select the IP address and port number settings for the NNTP site. It is recommended to use unique IP addresses for each NNTP site. Click Next
- Enter the path to the home directory for the NNTP server. Click Next.
- On the Select Storage Medium page, choose of the following options:
- File System, allows users to store news messages on the local computer
- Remote Share, allows users to store news messages remotely.
Click Next.
- Enter the physical directory where the news messages are to be located.
- Click Finish.
How to create a SMTP virtual server:
- Open the IIS Manager.
- Locate the computer, right-click Default SMTP Server, select New and then Virtual Server from the shortcut menu.
- The New SMTP Virtual Server Wizard initiates.
- Enter a name for the SMTP site. Click Next.
- On the Select IP Address page, enter the IP address settings for the SMTP site. Click Next
- Enter the path to the home directory for the SMTP server. Click Next.
- Provide the domain name for the SMTP srver. Click Next.
- Click Finish.
How to create a virtual directory for a Web site:
A virtual directory is basically a pointer or reference to a Web site or FTP site that enables access to the subdirectories from the root Web directory or FTP directory.
- Open the IIS Manager.
- Locate the IIS server, right-click the Web site, and select New and then Virtual Directory from the shortcut menu.
- The Virtual Directory Creation Wizard launches.
- Click Next on the initial screen of the wizard.
- On the Virtual Directory Alias page, enter a name for the new virtual directory. Click Next.
- Choose the physical directory to which this virtual directory should point. Click Next.
- Choose the access permissions for the virtual directory. The default settings that are enabled on the Virtual Directory Access Permissions page are Read, and Run Scripts. Click Next
- Click Finish.
How to host multiple Web sites:
The primary method used to host multiple Web sites is to assign a unique IP address to each Web site. You can alternatively assign a different port number for the Web site while using the same IP address, or you can assign unique host headers on a single IP address.
To host multiple Web sites,
- Open the IIS Manager.
- Locate the IIS server, right-click the Web site, and select Properties from the shortcut menu.
- Click the Web Site tab.
- If you want to assign a unique IP address for the Web site, enter or select the IP address in the IP address box. Click OK
- If you want to assign a different port number for the Web site, use the TCP port box. Click OK.
- If you want to assign unique host headers using the same IP address, click the Advanced button.
- Click Add.
- Select the IP address and port number of the Web site.
- In the Host Header value text box, enter the host header details. Click OK.
How to configure master website properties:
You can configure master properties for websites, based on the computer on which they are created. When you configure master website properties, all sites created on that particular computer inherit the master website properties.
To configure master website properties,
- Open the IIS Manager.
- Right-click the Web Sites node in the console tree, and then select Properties from the shortcut menu.
- When the Web Site Properties dialog box opens, use the tabs on the dialog box to configure the settings which should be used for all websites which are going to be created.
- The Inheritance Overrides dialog box will be displayed when there are existing websites, providing you with the option of overriding your existing settings for these websites.
The Different Administration Levels for Configuring IIS Settings
The administration of IIS configuration settings are categorized into different administration levels. The administration levels and the administration tasks typically performed at each administration level are listed below:
- Server level administration encompasses the administration tasks listed below. Server configuration settings affect virtual servers on the IIS server:
- Connect to, and manage IIS computers.
- Enable, disable HTTP compression.
- Enable, disable bandwidth throttling for all sites hosted on the IIS machine.
- Configure master website properties for all sites hosted on the IIS machine.
- Configure settings for the MIME map.
- Configure server extensions.
- Backup and restore IIS.
- Site level administration relate to setting site configuration settings which affect only a particular Web, FTP, SMTP, or NNTP site on the IIS machine. You can configure settings for these sites through its associated property sheet.
- Directory level administration relate to directory configration settings. These settings apply to the virtual and physical directories of a Web site or FTP site. Directory administration involves the configuration of these settings:
- Application settings.
- Authentication and access control settings.
- Configuring IP address and domain name restrictions.
- The location of content, configuring content expiration and content rating settings.
- Configuring default documents and document footers.
- MIME mappings.
- Custom HTTP headers and custom HTTP errors.
- File level administration relate to setting the properties of files in the home directory, and other directories of Web sites and FTP sites. The settings you can configure include Directory Browsing, Enable Document Footer, and Index This Resource.
Configuring Web Site Properties
You can configure settings for websites hosted on the IIS server by using its associated Properties dialog box.
To access the Properties dialog box of a website,
- Open the IIS Manager.
- Locate and right-click the website, and select Properties from the shortcut menu.
- The Properties dialog box contains the following tabs:
- Web Site tab, Performance tab, ISAPI Filters tab, Home Directory tab, Documents tab, Directory Security tab, HTTP Headers tab, and Custom Errors tab. Each of these tabs is discussed in more detail next.
Web Site tab
The configuration settings which you can configure on the Web sites tab are listed below:
- A description of the Web site is listed in the Description text box. You can change the existing description listed in the Description text box.
- You can configure the IP address and TCP port for the Web site using the IP address text box and TCP text box. The default TCP port utilized for HTTP is TCP port 80.
- You can indicate the connection timeout value after which an inactive user would be disconnected from the Web site in the Connection Timeout box.
- Checking the Enable HTTP Keep-Alives checkbox enables clients to maintain open connections with the IIS server.
- If you want to enable logging for the Web site, select the Enable logging checkbox. The log formats that can be used with IIS 6 are
- Microsoft IIS Log File Format.
- NCSA Common Log File Format.
- ODBC Logging.
- W3C Extended Log File Format.
If you want to configure settings for the log schedule and log file directory, click the Properties button.
Performance tab
The performance specific configuration settings which you can configure on the Performance tab are listed below:
- In the Bandwidth Throttling section of the tab, you can enable the Limit the network bandwidth available to this Web site checkbox to control the quantity of bandwidth that the site can use. When enabled, the default setting is 1024 bytes per second. You can however change this setting.
- In the Web Sites Connections section of the tab, you can select the Unlimited option, or you can specify the number of connections which are allowed by selecting the Connections limited to option and then specifying the number of connections which are allowed.
ISAPI Filters tab
You can use the Add, Remove, Edit, Disable, Move up and Move down buttons to manage your ISAPI filters.
Home Directory tab
The settings and options you can configure on the Home Directory tab are:
- The location of the site content can be specified as one of the following options:
- A Directory Located On This Computer.
- A Share Located On Another Computer.
- A Redirection To A URL.
- You can also change the path to the home directory in the Local path box.
- The access permissions which you can enable are listed below:
- Script Source Access, enables users to access source-code.
- Read, enables users to download and read files in the home directory.
- Write, allows users to change Web content.
- Directory Browsing, allows users to browse the directory.
- Log Visits, logs users who access the site.
- Index This Resource, enables indexing of the home folder.
- In the Application Settings section of the Home Directory tab is the name of the root directory that holds the files and subdirectories for an executable application. The Execute permissions options that can be configured are:
- None, allows only access to static files.
- Scripts Only, prohibits the running of executables.
- Scripts And Executables, access to all files are allowed and as well as the running of executables are allowed.
The Documents tab
The settings and options you can configure on the Documents tab are:
- You can define the default document (home page) which will be presented to users when they access the site. You can specify multiple documents and define the order in which they should be applied.
- If you want to enable document footers, select the Enable document footer checkbox.
The Directory Security tab
The configuration areas in which the Directory Security tab is divided, as well as the settings which you can configure within each section is listed below:
- Authentication and Access Control: To change the authentication methods currently used, click the Edit button. The Authentication Methods dialog box is displayed.
- The Enable anonymous access checkbox can be enabled or disabled for the site. Anonymous access is typically used for public sites.
- The options which you can configure in the Authenticated Access area of the Authentication Methods dialog box are:
- Integrated Windows Authentication: This is the most secure option that can be used for authentication in IIS.
- Digest Authentication For Windows Domain Servers: This option can only be enabled if Active Directory is used. Digest Authentication sends the user credentials over the network by utilizing an encrypted MD5 hash.
- Basic Authentication: This is the weakest authentication method available for IIS, and should be utilized when you cannot use any other authentication method.
- .NET Passport Authentication: When enabled, authentication occurs via a single sign on method.
- IP Address and Domain Name Restrictions: To restrict access to websites and directories by using addresses and domain names, click the Edit button in this section of the Directory Security tab. The IP Address And Domain Name Restrictions dialog box is displayed. Using the dialog box, you can specify that all computers are granted access, or you can specify those computers which should not be granted access by listing their IP address or domain name.
- Secure Communications: If you want to open the Web Server Certificate Wizard, click the Server Certificate button. You need a Web server certificate if you want to maintain Secure Sockets Layer (SSL) connections.
The HTTP Headers tab
The settings you can configure on the HTTP Headers tab relate to the information that is displayed in the HTML headers of your web pages. The options which you can select are:
- You can select the Enable content expiration checkbox if you want to set when content should expire. The options that you can select with regard to content expiration are:
- Expire Immediately.
- Expire After, specify the time duration after which content should expire.
- Expire On, specify the date and time when content should expire.
- You can specify to use custom HTTP headers when the existing headers cannot be used to send information.
- You can specify content ratings for the site by clicking the Edit Ratings button i the Content Ratings section of the HTTP Headers tab.
- If you want to configure Multipurpose Internet Mail Extensions (MIME) maps, click the MIME Types button in the MIME Types area of the HTTP Headers tab.
Custom Errors tab
The error messages which are displayed to clients when HTTP errors occur are listed on the Custom Errors tab. You can change the error messages that are shown to clients by clicking the Edit button.
Managing Web Applications and Application Pools
To run dynamic Web applications on IIS, you first have to use the Web Service Extensions node in IIS Manager to allow or prohibit the Web service extensions listed below:
- ASP.
- ASP.NET.
- ISAPI Extensions.
- CGI Extensions.
- Front Page Server Extensions 2000 and 2002.
- Internet Data Connector.
- WebDAV support.
To access the Web Service Extensions (WSE),
- Open the IIS Manager.
- Locate the server, and select the Web Server Extensions node.
You also have to decide on the application mode which you are going to use in IIS. The two available application modes in IIS 6 are:
- Worker process isolation mode: This is the preferred IIS 6 application mode. The new architectural features of IIS 6 are available in worker process isolation mode.
- IIS 5 isolation mode: This mode utilizes the IIS 5 architecture, and supports none of the new IIS 6 features. Applications run in one of the following contexts:
- Low (IIS Process).
- Medium (Pooled).
- High (Isolated).
To change the default application mode,
- Open the IIS Manager.
- Right-click the Web Sites node, and click Properties from the shortcut menu.
- When the Web Site Properties dialog box opens, click the Services tab.
- If you want to use worker process isolation mode, clear the Run WWW service in IIS 5 isolation mode checkbox.
- If you want to run IIS 5 isolation mode, select the Run WWW service in IIS 5 isolation mode checkbox.
- Click OK.
- Restart IIS.
The four main types of applications that can run on IIS 6 are ASP, ASP.NET, ISAPI, and CGI. The procedure for creating ASP applications and ASP.NET applications are the same. A few advantages of using ASP.NET rather than ASP are listed below:
- ASP.NET supports XML Web Services, the .NET class library and Web Forms.
- ASP.NET is easier to deploy and to debug than ASP. You do not have to restart the Web server when you deploy ASP.NET applications. ASP.NET also has a tracking feature which can be used for application debugging.
- ASP.NET can cache both portions of pages, and entire pages.
- ASP.NET executes in compiled code, and its configuration settings are formatted in XML and stored in text files. This in turn increases performance of Web applications and makes it easier to configure.
- ASP.NET can automatically detect memory leaks and deadlocks, and attempts to automatically recover from these states.
To install and enable ASP.NET,
- Click Start, Control Panel, and click Add/Remove Programs.
- Click Add/Remove Windows Components, click Application Server in the Windows Components dialog box, and then click the Details button.
- Click ASP.NET.
- Click OK.
- To refresh the IIS Manager, push F5.
- ASP.NET should now be included in the Web Service Extensions node of the IIS Manager.
- If ASP.NET is listed with the Prohibited status in the Web Service Extensions node, right-click ASP.NET, and select Allow.
An application pool called DefaultAppPool is created under the Application Pools node in IIS Manager if IIS is running in the worker process isolation mode. When you right-click DefaultAppPool, you can open the properties sheet for the pool, stop or start the application pool, recycle the worker pocess of the application pool, or save the application pool configuration to a XML file.
To create additional application pools,
- Open the IIS Manager.
- Right-click the Application Pools node in the console tree, and select New and then Application Pool from the shortcut menu.
- When the Add New Application Pool dialog box opens, enter a name for the new application pool.
- You can specify whether the default settings should be used for the new pool, or you can specify that the settings of an existing pool be used for the new application pool.
- Click OK
To assign an application to an application pool,
- Open the IIS Manager.
- Right-click the appropriate node in the console tree, and click Properties on the shortcut menu.
- Click the Home Directory tab.
- Select the application pool from the Application Pool list.
- Click OK.
Comments - One Response to “Managing IIS 5.0 and IIS 6.0”
Sorry but comments are closed at this time.