Performing Common Management Tasks First of all, let’s get familiar with the IIS Manager Console. How can we start the IIS Manager? We can load the IIS Manager in the following ways. 1. Go to Start | Administrative Tools | Internet Information Services (IIS) Manager. 2. Go to My Computer | Manage. Select and expand IIS Manager node. IIS manager is the primary interface to handle all Internet-related functions. We can set up Web sites, Site Setup We can set up Web and FTP sites using IIS Manager. We can also configure SMTP and NNTP vir- tual servers using IIS Manager.The WWW, FTP, NNTP, and SMTP servers can be installed manu- ally or using scripts (unattended setup). Please follow these steps to install the components manually: 1. Navigate to Start | Control Panel | Add Remove Programs. 2. Click the Add Remove Windows Component button. 3. Select the Application Server option from the Windows Component window, and then click Details. 4. Select IIS and click Details in the Application Server window. 5. Select the options you want to install (Web, NNTP, FTP, and SMTP). 6. Click OK and the installation process will begin. 7. You will be presented with a confirmation screen at the end of the installation process. Let’s look closely on how to create and maintain Web, FTP, NNTP, and SMTP sites.All these subjects will be discussed as a subsection from now on. Setting up a Web Site All Web sites can be created and managed in IIS Manager.This is a wizard-driven example. Therefore, it is a simple task to create a Web site from scratch. Let’s learn the process to create a Web site using IIS Manager. 1. Start IIS Manager (refer to the previous section on Site Setup). 2. Navigate to Web Sites node and right-click it. 3. Select New then Web Site.You should get a screen similar to Figure 26.3. (You can also create a Web site from XML file settings.This option is commonly used to create Web sites from a backup configuration. In most case you will be using the wizard to create a new Web site.) 906 Chapter 26 • Managing Web Servers with IIS 6.0 301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 906 4. You will be greeted with the Welcome to the Web Site Creation Wizard. Click Next on this screen. 5. In the Web Site Description window enter the Web site name. We will create a Web site called “TestWebSite.”Then click Next.Your screen should be similar to Figure 26.4 6. The next screen will be the IP Address and Port Settings window. Let’s assume my Web site domain name is www.mytestwebsite.com and it runs on port 80. Put these details under the Host Header (please refer to Hosting Multiple Web Sites in the next section for further details) and TCP Post this Web site should use text boxes. Let’s assume that we don’t assign a specific IP address for this Web site.Therefore, leave the Enter the IP address to use for this web site combo box with (All Unassigned) property. (This is the default value.) We will not be able to refer to the Web site by its IP address if we do not assign an IP address.This could be handy for intranet development. We rely on Host Headers to find the site by selecting (All Unassigned) option. We also don’t need to assign Managing Web Servers with IIS 6.0 • Chapter 26 907 Figure 26.3 Creating a New Web Site in IIS Manager Figure 26.4 Entering the Web Site Name 301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 907 port 80 as the default port. If any port is assigned other than port 80, then we need to change the URL to reflect that. (For example, if we run www.mytestwebsite.com on port 100, we will use www.mytestwebsitecom:100 as the URL.) After all the values are entered, please click Next.The screen should be similar to Figure 26.5. 7. The next window is the Web Site Home Directory window (Figure 26.6).The home directory is where the physical files of a Web site reside. All the content and executable files are stored here. 8. Enter the path to find the ASP.NET files that associate with the Web site. In my example, the files are found at c:\inetpub\wwwroot\testWebSite directory.Therefore, when a user enters www.mytestwebsite.com, it will point to this directory. Microsoft strongly recom- mends that the home directory volume is an NTFS drive. Please click the Browse button and navigate to that folder.The Allow anonymous access to this web site flag is checked by default. Allowing anonymous access will enable the users to navigate the site without authenticating themselves.This is not recommended for sites with sensitive busi- ness information. Please refer to the Configuring Authentication Settings section for further details. Click Next to navigate to the next window. 908 Chapter 26 • Managing Web Servers with IIS 6.0 Figure 26.5 Entering IP Address and Port Settings for a Web Site Figure 26.6 Entering the Home Directory for a Web Site 301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 908 9. The next window is the Web Site Access Permissions screen.This is a very important screen. We can configure the access to our Web site using this screen.The Read and Run scripts options are ticked by default.The Execute option refers to granting execute per- mission for Dynamic Link Libraries (such as ISAPI DLLs or CGI applications) in IIS space. Most of the business logic and interfaces to 3 rd -party business models will be stored as ISAPI DLLs or CGI Applications.Therefore we may need to enable Execute access to communicate with these entities.The Write option will enable the user of the Web site to upload/write data into the Web site’s source directories (in this case, c:\inetpub\www- root\testWebSite directory). Finally, the Browse option will enable directory browsing on the Web site.This option will produce a complete directory information list (files and their attributes – size, last modified time stamp, etc.) when a user navigates to the directory. Therefore, we can get a complete file list using a Web browser interface.This is not widely recommended. (Since it exposes all the files and interfaces to Web site users. It will be a large security breach if Anonymous access is also enabled.) I have selected the default options and the screen should be similar to Figure 26.7. Finally, click Next to finish the creation of the Web site.You will get a window confirming your creation of the Web site. Setting up an FTP Server The FTP site setup is similar to Web site setup. Most of the setup has the same information as the Web site setup. FTP site will enable the user to share data with others.The users can upload data or download data from our FTP site. Let’s learn how to create an FTP site using IIS Manager. 1. Open IIS Manager. 2. Click the FTP sites, right-click and select New. 3. Select FTP Site from the context menu. (You can also read the FTP site settings from an XML configuration file.) 4. Click Next from the Welcome to the FTP site Creation Wizard. Managing Web Servers with IIS 6.0 • Chapter 26 909 Figure 26.7 Entering Access Permissions for a Web Site 301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 909 5. Enter the FTP site name in the FTP Site Description window. We will name our FTP site “TestFTPSite” and click Next. 6. Let’s enter the IP address and the port number for the Web site in the IP Address and Port Settings window.The default port number for an FTP site is 21.You can use a dif- ferent port number than 21. (Most corporate firewalls will open port 80 for Web and 21 for FTP access. If you change the FTP port to another number, we need to reconfigure the firewall to let the traffic into the enterprise.The next step is to select the correct IP address from the combo box. We will use the default (All Unassigned) for our demon- stration.You can also assign a dedicated IP address for the FTP site.The user will use this IP address to access the FTP site. (We are using the IP address of the IIS machine if we leave the (All Unassigned) option selected.) The screen should be similar to Figure 26.8. Click Next to navigate to the next window. 7. The next window is the FTP User Isolation window.This window will enable you to configure the security settings for the FTP site.The user access for FTP server can be managed in several ways.The default setting is that every user has access to other user directories.This will not be a problem in many cases since a company FTP site will dis- tribute generic information regardless of the user (e.g., enable Beta product download to the test users).The user will have access to all files if the user is authenticated. In some cases this model may not work. We may need to give different users to access different information. We need to isolate users to different directories in this case. FTP user isolation prevents users from accessing the FTP home directory of another user on this FTP site. We can select the Isolate users to accommodate this scenario.This option uses NTFS directory authentication to perform this task. We can also go a step further by asking Active Directory to authenticate the user and assign an FTP home directory for the user. This can be configured using the Isolate the users using Active Directory option. We can also use iisftp.vbs script to perform these functions at a command line with the /iso- lation switch.This will be discussed later in the chapter. We will stick with the default and click the Next button. (Figure 26.9 shows the isolation options.) 910 Chapter 26 • Managing Web Servers with IIS 6.0 Figure 26.8 Entering IP Address and Port Numbers for an FTP Site 301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 910 8. The next window will enable you to enter a physical directory path where the FTP site refers. We will put C:\Inetpub\ftproot\TestFTPSite as the physical directory for our FTP site.This directory will be exposed to the public access.Therefore, make sure the data in this directory is not sensitive to the organization. Click Next. 9. The Next window is FTP Site Access Permission window. The default is just read access to users.You can also enable the Write access if the users need to upload files to the server.This option can be helpful in some cases (for example, your sales team needs to upload sales data to the FTP server for the weekly accounting purposes).This option will enable users to upload malicious content to the server.Therefore, it is not recommend to enable write access unless necessary.The screen should be similar to Figure 26.10. Click Next and the FTP site creation process will be completed. Managing Web Servers with IIS 6.0 • Chapter 26 911 Figure 26.9 FTP Site User Isolation Options Figure 26.10 FTP Site Access Permissions Window 301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 911 Setting up an SMTP Server We can also set up a virtual SMTP server using IIS Manager. SMTP servers help IIS to deliver simple e-mail functionality to its Web sites. E-mail delivery is a common task for Web sites. We use e-mails to transmit business information or for administration purposes (e.g., e-mail error message to the system administrators) from our IIS components.Therefore, Microsoft included the SMTP server to be installed with IIS 6.0. SMTP server fully supports Simple Mail Transfer Protocol and is compatible with SMTP clients. SMTP servers use Transport Layer Security (TLS) encryption to protect the e-mail information.The SMTP server will communicate with the Domain Name System (DNS) to validate the recipient’s e-mail address.The sent e-mails are transferred to the drop directory.The SMTP server will transmit all the messages in the drop directory.Therefore, other non-IIS 6.0 applications can also send e-mail by putting the application messages in the drop direc- tory.The delivered e-mail will be picked up from a pickup directory. Let’s learn the process to set up an SMTP server. 1. Start IIS Manager. 2. Navigate to the correct computer and select Default SMTP Server. 3. Right-click and select New. Then select Virtual Server. 4. Enter the SMTP site name in the New SMTP Virtual Server Wizard. We will use “TestSMTPServer” for our demonstration. Click Next.You should have a screen similar to Figure 26.11. 5. Select the correct IP address settings from the Select IP Address window. We will select 127.0.0.1. Click Next. 6. Select a home directory for the virtual server by using the Browse button of the Select a Home Directory screen. We will refer to C:\Inetpub\mailroot\Mailbox for our home directory. Non-IIS 6.0 applications can also use the SMTP server to send e-mail. Therefore, it is a good practice to have general access to the home directory. (It shouldn’t have any restricted NTFS permissions on it. It shouldn’t be an OS drive to make generic mail access from other applications.) Click Next. 912 Chapter 26 • Managing Web Servers with IIS 6.0 Figure 26.11 Entering the Name of the SMTP Virtual Server 301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 912 7. Enter the domain name of the SMTP server at the Default Domain window and click Finish. You will get a message to confirm the creation of the server. Setting up an NNTP Server The Network News Transfer Protocol (NNTP) server helps the IIS 6.0 server to facilitate discussion group functionalities.The IIS setup creates an NNTP server by default. Let’s try to create a new NNTP server. 1. Load IIS Manager. 2. Navigate to the correct computer and select Default NNTP Server. 3. Right-click and select New. Then select Virtual Server. 4. Enter the NNTP site name in the New NNTP Virtual Server Wizard. We will use “TestNNTPServer” for our demonstration. Click Next.The screen should be very similar to the initial SMTP screen. 5. Select the correct IP address settings from the Select IP Address window. We will select 127.0.0.1.You also need to provide a different port number for each NNTP server.The common port number associated with NNTP servers is 119.You can also use another port number. We will use 1001 for this demonstration.You can also have multiple NNTP servers.The best practice is to use different IP addresses for each NNTP site. If a lot of IP addresses are not available, then we can use multiple port numbers on a single IP address. Click Next. The screen should be similar to Figure 26.12. 6. The Next screen will be to select a home directory for the NNTP virtual server. We will select C:\Inetpub\nntpfile\root as our home directory. Click Next. 7. The next window is Select Storage Medium.This option will enable us to choose between File System and Remote Share.This is where the news messages are stored. The File System option will enable the user to store the news content on the local Managing Web Servers with IIS 6.0 • Chapter 26 913 Figure 26.12 Entering IP Address and Port Numbers for NNTP Server 301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 913 machine.The Remote Share option will enable it to be stored remotely. We need to know the machine name and user details (i.e., user name and password details) in order to store news content remotely. We will select the default File System option.The screen should be similar to Figure 26.13. Click Next. 8. The next screen will enable you to define the physical directory in which the messages are going to be stored. Click the Browse button and navigate to the directory. We will use C:\Inetpub\nntpfile\drop as our file system location. Click Finish to create the NNTP virtual server.You will get a message to confirm the creation of the server. Common Administrative Tasks We have learned to install Web, FTP, NNTP, and SMTP servers. Now we are in a stage to practice our knowledge and dive further into the IIS 6.0 world. Let’s concentrate on learning some common administrative tasks now. Enabling Web Service Extensions Web Service Extensions is a new feature in IIS 6.0.This utility will give a Control Panel-like function- ality on your IIS components. We will be able to allow, prohibit, or change the properties using this tool.This will also enable you to add new IIS extensions (ISAPI applications and 3 rd -party IIS tools) to the IIS 6.0 server.You can also enable or disable All Web Service Extensions by using this manage- ment console. Here is a list of components the Web service extensions can enable or disable. ■ ASP.NET executions ■ ASP executions ■ CGI and ISAPI Applications ■ Front Page Server Extensions 2000 and 2002 ■ WebDAV support for IIS directories 914 Chapter 26 • Managing Web Servers with IIS 6.0 Figure 26.13 Selecting a File System for NNTP Server 301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 914 We can get to the Web service extensions by using Start | Administrative Tools | IIS Manager and clicking on Web Server Extensions node on a selected server name. Figure 26.14 is similar to a default view of the Web service extensions window. Creating and Working with Virtual Directories Creating virtual directories is a simple task in IIS 6.0. A virtual directory is a reference to an existing directory by a Web or FTP site. We can get access to the subdirectories from a root Web or FTP directory. Sometimes we need to go beyond the root directory access information to process a Web request. We use virtual directories to remedy these scenarios. (For example, we can store all the images file in a large shopping catalogue in one directory.Then we can point multiple Web servers to access this images directory as a virtual directory. It will be low maintenance to modify one images directory.) The Web or FTP site will be able to refer to this directory as it exists within its directory structure (even if it physically exists out of its directory structure). One of the limitations will be the Web site deployment to a new server. Because the virtual directory is not a physical subdirectory (under the home FTP or Web directory) we simply cannot copy and paste the files to the new server. We also need to configure the virtual directories manually. Here is the process to create a virtual directory for a Web site. (The FTP server virtual directory creation process is very similar to this.) 1. Open IIS Manager. 2. Select the server and right-click on the Web site.This will be the Default Web Site for our demonstration purposes. 3. Select New | Virtual Directory.The screen should be similar to Figure 26.15 Managing Web Servers with IIS 6.0 • Chapter 26 915 Figure 26.14 Web Service Extensions View 301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 915 . 912 7. Enter the domain name of the SMTP server at the Default Domain window and click Finish. You will get a message to confirm the creation of the server. Setting up an NNTP Server The Network. FTP port to another number, we need to reconfigure the firewall to let the traffic into the enterprise .The next step is to select the correct IP address from the combo box. We will use the default. recipient’s e-mail address .The sent e-mails are transferred to the drop directory .The SMTP server will transmit all the messages in the drop directory.Therefore, other non-IIS 6.0 applications