Windows 2003 Server

Chapter 13

Administering Web Resources

Home | Chapters | Homework | Grades | Calendar | Forums | Syllabus

Forum Policy | Assignment Policy | E-Mail Mr Hull | FTP

Main | Chapter 1 | Chapter 2 | Chapter 3 | Chapter 4 | Chapter 5 | Chapter 6 | Chapter 7

Chapter 8 | Chapter 9 | Chapter 10 | Chapter 11 | Chapter 12 | Chapter 13 | Chapter 14


At the end of this chapter you should be able to:

  • Install and configure Internet Information Services (IIS)

  • Create and configure Web-site virtual servers and virtual directories

  • Configure Web-site authentication

  • Configure and maintain FTP virtual servers

  • Update and maintain security for an IIS server

  • Create and modify Web folders

  • Install and use the Remote Administration (HTML) tools

  • Install and configure Web-based printing and printer management

  • Troubleshoot Web client-browser connectivity

Installing and Configuring Internet Information Services

Internet Information Services (IIS) is Microsoft's web server software in Windows Server 2003.  IIS is made up of four components.

  • World Wide Web (HTTP) - The is the main web server component.  Allows websites to be available on the Internet or intranet.

  • File Transfer Protocol (FTP) - Allows users to connect remotely to send files and receive files from the server.

  • Network News Transfer Protocol (NNTP) - Allows for newsgroups to be created on the server that can be used for threaded conversations between users.

  • Simple Mail Transfer Protocol (SMTP) - Allows mail to be sent from your server.

Installing Internet Information Services

In the Add or Remove Programs control panel, you can click the Add/Remove Windows Component button to launch the installing program.  In this program, you click Application Server then Internet Information Service (IIS).  Below is an outline of your options from the book.

  • Background Intelligent Transfer Service (BITS) Extension - Allows clients to use spare bandwidth for data transfers and resume server transfers in the event that a session disconnects or a computer restarts.

  • Common Files - The required IIS program files.

  • File Transfer Protocol (FTP) Service - Used to install and create FTP sites, which allow you to upload and download files to and from a server.

  • FrontPage 2002 Server Extensions - Enables the creation, development, and maintainence of Web sites with Microsoft FrontPage and Visual InterDev.

  • Internet Information Services Manager - Installs the Internet Information Services MMC snap-in to allow IIS server management.

  • Internet Printing - Enables Web-based printer management and allows printing to a shares printer via the HTTP protocol.

  • NNTP Service - Enables an IIS server to function as an NNTP server to distribute, receive and post private news messages or Usenet articles.

  • SMTP Service - Enables an IIS server function as an SMTP Server, which gives the ability to provide support for e-mail on a network or the Internet.

  • World Wide Web Service - Enables an IIS server to function as a Web server on an intranet or the Internet.

LAB ACTIVITY - Do the lab on page 521. (20 Minutes)


After IIS is installed, your system will have gone through a few changes.  You will find some new folders on your hard drive.

  • %systemroot%\system32\inetsrv - Contains the IIS program files.

  • C:\Inetpub - Contains the subfolders that hold the content for the services provided by IIS.  For example wwwroot contains the Default Web Site.

  • C:\Windows\Help\iishelp - IIS documentation is stored here.

You will also see the addition of two accounts to Active Directory.

  • IUSR_servername - Used to provide anonymous access to the server.

  • IWAM_servername - Allows IIS to launch out of process services.

There is also one group added called IIS_WPG.  This is the worker process group that should only contain IWAM_servername.


And finally, up to five new services.

  • FTP Publishing Service - FTP

  • IIS Admin Service - Parent process for all IIS Services.

  • Network News Transfer Protocol - NNTP

  • Simple Mail Transfer Protocol - SMTP

  • World Wide Web Publishing Service -WWW

LAB ACTIVITY - Do the lab on page 526. (10 Minutes)


Architectural Changes in IIS 6.0

IIS configuration information is stored in it's metabase.  In IIS 5.0, which came with Windows 2000 Server, the metabase was stored in a single binary file called metabase.bin.  In IIS 6.0, the metabase is now stored in two XML files.  These XML files are stored in %systemroot%\system32\inetsrv.

  • MetaBase.xml - This contains the settings.

  • MBSchema.xml - This contains the default values for various settings.

IIS 6.0 has had some process management changes and improved administrative features.

  • HTTP.sys - A kernel mode driver that accepts and manages all HTTP requests.  If a request is cached, it won't have to switch to user mode which improves performance.

  • IIS 5.0 Isolation Mode - Allows applications designed for IIS 5.0 to run properly.  If you have upgraded from IIS 4.0 or 5.0 this mode will be on by default.  Once enabled, it applies to all web applications in IIS.  If you need to enable this mode, you can set the IIs5IsolationModeEnabled property to true in the metabase.

  • Worker Process - When the server is in this mode, each web application will be split up into Application Pools.  Each pool will be independent from the others.  If one application crashes it will not effect the others.

  • Remote Administration (HTML) tool - HTML tool that allows you to manage the IIS server.

Configuring Web Server Properties

When you look at IIS for the first time you will see the default sites and services listed on the left side.  They are outlined below.

  • FTP Sites - Contains the default FTP site and any added sites.

  • Application Pools - Contains any web applications pools that might exist.

  • Web Sites - Contains the default website, and any added sites.

  • Web Server Extensions - The location where you can enable extensions to IIS.  For example you can enable ASP so you can create dynamic web pages.

  • Default SMTP Virtual Server - The SMTP service.

  • Default NNTP Virtual Server - The NNTP service.

LAB ACTIVITY - Do the lab on page 529. (10 Minutes)


You can right click on Web Sites and bring up the Master Properties for all the sites.  This will allow you to change the setting in multiple sites at once.  If you change a setting that conflicts with a setting on a lower site it will ask you if you want to change the settings.


LAB ACTIVITY - Do the lab on page 533. (10 Minutes)

Creating and Configuring Web-Site Virtual Servers

You can have your web server host multiple websites.  In order for a single server to host multiple websites you must have a way to uniquely identify the different sites.  This can be done one of three ways.

  • Unique IP address - Your web servers would have multiple IP address and you would tell IIS which IP address is associated with each web.

  • Unique TCP ports - This requires the user to add a port number to the end of the URL.  IIS uses the port number to direct requests to the appropriate web.

  • Unique host headers - Host headers are read when the request is made and then sent to the web with that header setup.  If the header is not found it will be sent to the web without a header setup.  Only one web can be running and have a blank header.

LAB ACTIVITY - Do the lab on page 534. (20 Minutes)


In the next lab you use built in script files to create a new web.


LAB ACTIVITY - Do the lab on page 537. (10 Minutes)


Modifying Web-Site Properties

Once a web is created you can use the web-site properties page to change the settings.  These settings override the master properties.  The tabs that are available to you in the web site properties page are outlined below from the book.

  • Web Site - Configures the IP address, TCP port, number of connections, and logging.

  • Performance - Modifies performance-based parameters such as bandwidth throttling and maximum Web-site connections.

  • ISAPI - Sets up Internet Server Application Programming Interface (ISAPI) filters that respond to events that occur on the server during the process of an HTTP request.

  • Home Directory - Controls where the website looks for Web content and sets security on that specific folder.

  • Documents - Defined a default Web page search order for Web site and enables a common footer to be placed at the bottom of each web page.

  • Directory Security - Configures security for the Web site, such as authentication control, IP address or domain name restrictions, and SSL certificate configurations. 

  • HTTP Headers - Configures expiration dates on Web site content, custom HTTP headers, and content ratings; content expiration is effective when you want to control the amount of time that your Web site material is to be cached in a client's Web browser cache folder.

  • Custom Errors - Customizes common Web browser error messages that may be displayed to users who experience an error.

LAB ACTIVITY - Do the lab on page 540. (15 Minutes)

Creating Virtual Directories

Virtual directories allow you to have a folder that resides outside of your web available to users browsing your web site.  For example, may reside on a different server.  When you browse to that URL a virtual directory will redirect you to the server that contains the forums.


LAB ACTIVITY - Do the lab on page 542. (15 Minutes)

Configuring Authentication for Web Sites

When you access a web site that resides on an IIS server, you need to be authenticated.  There are five ways you can be authenticated in IIS 6.0.

  • Anonymous Access - When enabled the IUSR_servername account is used to grant you access.  You are not prompted for a username or password.  You can change the account that is used.

  • Basic Authentication - Prompts the user for username in password.  The password is sent in Base64 encoding that is easily captured.  This is not secure.

  • Digest Authentication - Prompts for a username and password.  The password is encrypted using and MD5 algorithm.  The user must be running IE 5.0 or later.

  • Integrated Windows Authentication - This mode will pass your current credentials to the server.  This works well with intranet servers.

  • .NET Passport Authentication - Allows you to use the .NET Passport to authenticate users.  In order to enable this mode you have to work with Microsoft and test against their preproduction servers.

LAB ACTIVITY - Do the lab on page 547. (10 Minutes)


Configuring Server Certificates and Secure Sockets Layer

In order to have users access your site securely you need to obtain and install a certificate from a certificate Authority (CA).  Once installed the enable communication using Secure Sockets Layer (SSL) on port 443.  This is all done on the Directory Security tab of the site properties page.

Configuring FTP Virtual Servers


File Transfer Protocol

FTP is a way to transfer files from one place to another.  It utilizes to ports to perform the transfer, ports 20, and 21.  Port 21 is the primary port used to establish the connection, and 20 is used to transmit data.  FTP uses TCP to communicate which means it is a connection oriented protocol.  An FTP client is used to communicate with an FTP server.


Configuring FTP Properties

Just like with Web, you can configure the master properties or each FTP site individually.  The properties page for a FTP site has five tabs that are outlined below from the book.

  • FTP Site - Configures site Identification and connection limits, and enables FTP logging.

  • Security Accounts - Configures which account is used for Anonymous access to the FTP site; also disables Anonymous access, requiring all users to have a user account and password to access the site.

  • Messages - Configures both the welcome and exit message that are displayed to the users that connect to and disconnect from the FTP site.

  • Home Directory - Where the files published through your FTP site are stored; changes the default home directory location to another directory on the server or to a directory located on another server; sets the type of access allowed to the folder (read and/or write); the directory style listing selects the folder style listing that is displayed to the users.

  • Directory Security - Grants or denies access to the FTP site based on IP addresses; grants access to all computers except those listed in the exception box, or denies access to all computers except the ones listed; configures access based on individual IP addresses, network addresses, or fully qualified domain names. 

LAB ACTIVITY - Do the lab on page 554. (15 Minutes)


Creating an FTP Site Virtual Server

You can create FTP sites using the wizard, or using the built in scripts.


LAB ACTIVITY - Do the lab on page 555. (20 Minutes)

Updating and Maintaining Security For an IIS Server


Resource Permissions

You can control permissions for your Web sites using NTFS permissions or IIS permissions.  IIS permissions apply to everyone.


LAB ACTIVITY - Do the lab on page 559. (10 Minutes)


IP Address and Domain Name Security

You can grant or deny access to your Web by using IP addresses or domain names.  This is done in the Directory Security section.  If you enable filtering by domain name the web server will be forced to do a reverse DNS lookup on each request which can hurt performance.


LAB ACTIVITY - Do the lab on page 560. (10 Minutes)


Starting and Stopping Services

The IISReset command can be user to restart the IIS services.  You can also stop and start individual web sites.


Backing Up the IIS Configuration

You can backup the metabase any one of a number of different ways.

  • Use the IIS snap-in.

  • Manually copy the contents of the %systemroot%\system32\inetsrv folder to another folder.

  • Export the contents to a text file using the metabase editor tool.

  • Use the IISBack.VBS script

  • Backup the system state.

Previous version of the metabase are stored in %systemroot%\system32\inetsrv\History


LAB ACTIVITY - Do the lab on page 562. (10 Minutes)


Updating IIS 6.0

Apply all service packs and hot fixes.

Creating and Modifying Web Folders

Web folders allow you to share out folders from a server onto a website.  Web folders are accessible through My Network Places, Internet Explorer, or application such as Office XP/2003.


LAB ACTIVITY - Do the lab on page 566. (10 Minutes)

Installing and Using Remote Administration (HTML) Tools

This lets you manage the server from a web page.  This has to be installed manually.  We will look at the together.


LAB ACTIVITY - Do the lab on page 568. (15 Minutes)

Installing and Configuring Internet Printing

In chapter 8 we learned about printing, one of the topics we briefly touched on was Internet Printing.  Internet Printing allows you to configure the printer server settings and monitor it from a web page.


LAB ACTIVITY - Do the lab on page 571. (15 Minutes)

Troubleshooting Web Client Connectivity Problems

When users cannot access your website there are a number of things that could cause this problem.  Below is a list of things that you can check.

  • Verify TCP/IP configuration.

  • Check proxy settings, if one is needed verify the client can reach it.

  • Verify connectivity to the network.

  • Turn on friendly HTTP error messages in Internet Explorer.  This can help with troubleshooting web applications.  It will tell you at which line the error occurred, and the nature of the error.

  • Use a protocol analyzer to check the data going back and forth for errors.

On the server side you can try the following.

  • Check permissions on the site, both NTFS and IIS.

  • Check the authentication method.

  • Check IP and domain name restrictions.

  • Verify that you are not over a set connection limit.

  • Verify the port number.

  • Verify DNS, and flush the clients DNS cache.

More Information


Click Here to download the slides for this chapter

(NOTE: You must have PowerPoint or PowerPoint Viewer if you don't have  either Click Here to download PowerPoint Viewer.)

Home | Chapters | Homework | Grades | Calendar | Forums | Syllabus

Forum Policy | Assignment Policy | E-Mail Mr Hull | FTP