Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 81 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
81
Dung lượng
2,36 MB
Nội dung
132 Part II: Deployment Preparing Local User Administrator Security Make sure to either log on using the built-in Administrator account or else to explicitly start your applications by using the built-in Administrator account credentials You can use the runas command line tool For example, to launch Notepad, you could run the following command: runas /user:Administrator Notepad.exe You will then be prompted for the password of the Administrator account Note It’s useful to have a command prompt shell that already has elevated credentials You can start such a shell with the following command: runas /user:administrator cmd.exe Every application you run from the resulting command prompt will use elevated credentials as well, and you will not need to use the runas command line tool from that command prompt Installing IIS 7.0 Using Server Manager Server Manager provides a single console to perform all administrative functions on Windows Server 2008 When you first log into Windows Server 2008, Server Manager should automatically launch To manually launch Server Manager, from the Start menu, click All Programs, Administrative Tools, and then Server Manager Follow these steps to install the Web Server (IIS) Server Role using Server Manager: Start Server Manager Select Roles and then click Add Roles Follow the Add Roles Wizard prompts and select the IIS features you want to install Note The following article walks you through an installation of IIS 7.0 using Server Manager: http://www.iis.net/articles/view.aspx/IIS7/Deploy-an-IIS7-Server/Installing-IIS7/Install-IIS7-onLonghorn-Server?Page=2 Using Package Manager Windows optional features in both Windows Vista and Windows Server 2008 can be installed using Package Manager (pkgmgr) The command line syntax using Package Manager is as follows: start /w pkgmgr.exe /iu:update1:update2 Chapter 5: Installing IIS 7.0 133 Note If you run Package Manager without the start /w prefix, the pkgmgr command will return immediately, and you will not know when the installation has completed See the following list for the most common Package Manager commands For a complete list of available commands, run the following command: Pkgmgr.exe /? ■ /iu:{update name}; Specifies updates to install by update name You can specify multiple updates to install by separating each update with a semicolon ■ /uu:{update name}; Specifies updates to uninstall You can specify multiple updates to uninstall by separating each update with a semicolon At least one update name must be specified ■ Specifies an XML file that provides information for an unattended installation (For information about performing an unattended installation, see the section titled “Unattended Answer Files” later in this chapter.) /n:{unattend XML} Note For more information about IIS.NET and Package Manager, see http://www.iis.net// articles/view.aspx/IIS7/Deploy-an-IIS7-Server/Installing-IIS7/Install-IIS7-from-theCommand-Line Using ServerManagerCMD ServerManagerCMD, along with the GUI version of Server Manager, enables you to query, install, and remove roles and features from the server ServerManagerCMD also displays all roles, role services, and available features, and it shows which are installed on the computer You can run the following command from the command prompt: ServerManagerCMD.exe -query Figure 5-2 shows an example of the resulting output If you want to install the Web Server role, for example, you could use the following command: ServerManagerCmd -install Web-Server You can also place the installation actions in an XML document like this (the xmlns string has been formatted on multiple lines to fit on the printed page): 134 Part II: Deployment Figure 5-2 ServerManagerCMD query of current modules If the XML were saved in a file named WebServerInstall.xml, you could then use the following -whatIf switch from a command prompt to determine what would be installed based on the input file ServerManagerCmd.exe -inputPath WebServerInstall.xml –whatIf The resulting output is shown in Figure 5-3 Figure 5-3 ServerManagerCMD output from the -whatIf switch Chapter 5: Installing IIS 7.0 135 To actually perform the Web Server installation, run this command: ServerManagerCmd –inputPath WebServerInstall.xml Recall that if you want to find out what roles and features are installed, you can use the following query: ServerManagerCmd -query To save the list of installed roles and features to an XML file, use the following command: ServerManagerCmd -query currentConfig.xml Viewing the Currentconfig.xml file gives you all the information you need to figure out which roles and features are installed on a server Here is the complete syntax for ServerManagerCMD: -query [] [-logPath ] -install [-setting =]* [-allSubFeatures] [-resultPath [-restart] | -whatIf] [-logPath ] -remove [-resultPath [-restart] | -whatIf] [-logPath ] -inputPath [-resultPath [-restart] | -whatIf] [-logPath ] -help | -? -version Switch Parameters: -query [] Display a list of all roles, role services, and features available, and shows which are installed on this computer (Short form: -q) If is specified, the information is also saved to a query.xml file, in XML format -inputPath Installs or removes the roles, role services, and features specified in an XML answer file, the path and name of which is represent by (ShortForm: -ip) -install Install the role, role service, or feature on the computer that is specified by the parameter (Short form: -i) -setting = Used with the -install parameter to specify required settings for the installation (Short form: -s) -allSubFeatures Used with the -install parameter to install all subordinate role services and features along with the role, role service, or feature named with the -install parameter (Short form: -a) -remove Removes the role, role service, or feature from the computer that is specified by the parameter (Short form: -r) 136 Part II: Deployment -resultPath Saves the result of the ServerManagerCmd.exe operation to a file, in XML format (Short form: -rp) -restart Restarts the computer automatically, if restarting is necessary to complete the operation -whatIf Display the operations to be performed on the current computer that are specified in the answer.xml file (Short form: -w) -logPath Specify the non-default location for the log file (Short form: -l) -help Display help information (Short form: -?) -version Display the version of the Server Manager command that is running, Microsoft trademark information, and the operating system (Short form: -v) Examples: ServerManagerCmd.exe -query ServerManagerCmd.exe -install Web-Server -resultPath installResult.xml ServerManagerCmd.exe -inputPath install.xml -whatIf Unattended Answer Files Windows Server 2008 unattended answer files, including IIS 7.0, are now formatted as XML, unlike in previous versions of Windows An answer file can provide a consistent, repeatable approach when you need to install IIS 7.0 on many servers You can use an answer file with Package Manager and ServerManagerCMD Each tool requires a slightly different format when using an answer file This section examines a sample answer file for each tool Package Manager is a Windows Server 2008 native tool provided to install IIS 7.0 To experiment with an unattended installation, use Notepad to create the following sample answer file and then save it as Unattend.xml On the Disc This answer file is also included on the companion media You’ll need to determine the version and processorArchitecture settings for your environment and appropriately change the bold type lines shown in the following code before proceeding with an unattended install using Package Manager Note To obtain the version number, open Windows Explorer, navigate to %windir%\System32, right-click Regedt32.exe, and select Properties Select the Details tab, locate the File Version property (as shown in Figure 5-4), and use this value for the version setting in your Unattend.xml file To obtain the architecture, run Set from a command prompt and look for the processor_architecture variable Chapter 5: Figure 5-4 Installing IIS 7.0 Determining the file version To run the installation process, enter the following command at the command prompt: pkgmgr /n:unattend.xml 137 138 Part II: Deployment You can save your XML unattended answer file on a network share and point Package Manager to this file Maintaining a single installation file helps streamline administration of your installation processes ServerManagerCMD is the command line version of Server Manager The syntax for the unattended answer file is slightly different than the Package Manager syntax You can use ServerManagerCMD on all versions of Windows Server 2008 except Server Core Here is a sample file you can use with ServerManagerCMD This example shows installing a Static Content Web Server Save the following content as Default.xml in your local disk (again, the xmlns string has been split to fit on the printed page) On the Disc This file is also provided on the companion media To use this answer file with ServerManagerCMD, open a command prompt and type the following: ServerManagerCMD.exe –inputPath Default.xml Note For more information about ServerManagerCMD and various workloads, see http://blogs.iis.net/metegokt/archive/2007/04/13/installing-iis-7-0-using-servermanagercmdexe.aspx Sysprep/New Setup System Sysprep has been used for years to prepare standard image files as part of a server deployment process Windows Server 2008 and IIS 7.0 support Sysprep-based deployments As an alternative approach to running an unattended install every time you deploy a new server, you can build a single server and install and configure IIS 7.0 on the server to fit your environment Once you run Sysprep, you can use an image capture program such as ImageX, which is included in the Windows Automated Installation Kit (WAIK) You could then use Windows Deployment Services (WDS) to deploy the image to servers in your environment One limitation to be aware of when using Sysprep with an IIS 7.0 installation is that the original machine key values are encrypted and stored in the ApplicationHost.config file When the image is rolled out to a new machine, you’ll need to correct the machine key value as part of your post-build process that occurs as part of the first logon procedure The first logon procedure can vary, depending on which tools you use to deploy images in your environment Chapter 5: Installing IIS 7.0 139 Auto-Installs Microsoft introduced Windows Deployment Services (WDS) in Windows Server 2003 Service Pack (SP2) Windows Server 2008 includes Windows Deployment Services (WDS), which is the successor to Remote Installation Services (RIS) WDS uses Pre-boot Execution Environment (PXE) to deploy a Sysprep image or a scripted installation Whatever tools you decide to use, Windows Server 2008 and IIS 7.0 provide a variety of options to help streamline your server deployment Note For more information about WDS, see http://technet2.microsoft.com/WindowsVista/ en/library/9e197135-6711-4c20-bfad-fc80fc2151301033.mspx?mfr=true For more information about the WDS role that is included in Windows Server 2008, see http://technet2.microsoft.com/windowsserver2008/en/library/b279dfef-892e-4b12bb6b-c250cf8c95f41033.mspx?mfr=true Windows Server 2008 Setup for Optional Features The tools introduced in Windows Server 2008 completely replace previous installation tools such as Sysocmgr.exe and Setup.exe A common install base provides many benefits Windows Server 2008 offers a componentized install architecture Note For more information about installing optional features, see http://www.iis.net/ articles/view.aspx/IIS7/Deploy-an-IIS7-Server/Installing-IIS7/Understanding-Setup-in-IIS7 Direct from the Source: Debating Which Features to Include in IIS 7.0 During the design of Windows Vista, the IIS team started to consider how to integrate the new modular design of IIS 7.0 with the new installation technologies of Windows Vista (Windows Vista and Windows Server 2008 are based on the same code base, so the many technologies that appear in Windows Server 2008 first appeared in Windows Vista.) Although there were numerous technical issues to resolve, of course, the philosophical debate about what to install with IIS 7.0 by default was one of the hot topics When IIS 6.0 is installed, it has a lot of capabilities such as digest authentication, compression, default document handling, and other features that are more or less taken for granted, because they are always there With IIS 7.0, these and other features are individual dll files that can be installed or removed using the various operating system 140 Part II: Deployment installation technologies (Server Manager, ServerManagerCMD, or Package Manager) The question facing the IIS team was whether IIS 7.0 should be installed by default with features equivalent to those in the default installation of IIS 6.0, or—since the new architecture is modular—whether only a minimal set of features should be installed The argument for IIS 6.0 equivalency is that this is what customers are expecting, and IIS 6.0 was considered secure out of the box The argument for a reduced feature set is that it follows best practices to install only the minimal set required and have customers opt-in for features explicitly In the end, the minimal feature set was the choice, and I think it is the right choice If you decide to install the Web Server (IIS) role and no other options, the only capability IIS 7.0 will have is to deliver static, anonymous content You need to explicitly select additional capabilities The nice thing is that Server Manager and ServerManagerCMD will respect dependencies that are fully described in the underlying packages that make up the installation components for the various subsystems So, if a customer wants to install ASP.NET, they just need to select that option, and the installation system will automatically install ISAPI capabilities and any other features that may be required to support the requested feature In this way, the customer gets enhanced security out of the box, and an easy way to add functionality to the server Brett Hill Post Installation After your installation is complete, one of the first things you need to is back up your ApplicationHost.config, Administration.config, and Redirection.config files These are stored in the %windir%\System32\Inetsrv\Config folder You can either make copies of these files manually or use the Appcmd.exe Backup feature to make copies as follows: //How to make a backup using Appcmd %windir%\system32\inetsrv\appcmd.exe add backup “MyBackup” This process will place critical files in the %windir%\System32\Inetsrv\Backup\MyBackup folder The Administration.config, ApplicationHost.config, Mbschema.xml, Metabase.xml, and Redirection.config files are stored in this location After you back up your configuration, use the Web Server (IIS) Role Page to view the status of IIS Use the IIS Manager Console to configure the IIS features you installed Chapter 5: Installing IIS 7.0 141 Folders and Content Use the following list to validate your installation These key files and folders store the critical content and binaries for your IIS 7.0 installation ■ %windir%\system32\inetsrv Root install folder of all IIS processes ■ %windir%\system32\inetsrv\config Contains all configuration files related to IIS including the ApplicationHost.config, Administration.config, and Redirection.config files These configuration files store all critical configuration information and data related to IIS ■ %windir%\system32\inetsrv\config\schema Stores all XML schema definition files used by configuration files ■ Default root folder for IIS content Note that it is suggested you place your Web sites on a drive other than %SystemDrive% ■ %SystemDrive%\inetpub\AdminScripts Contains scripts used for administering IIS and related services This folder is not installed by default This folder is only installed when compatibility components are installed ■ %SystemDrive%\inetpub\custerr %SystemDrive%\inetpub Location for all IIS custom error Web pages This is a new location in IIS 7.0 ■ %SystemDrive%\inetpub\history Contains the automatic backups of the configuration made by the ConfigHistory features in IIS 7.0 See Chapter 4, “Understanding the Configuration System,” for details ■ %SystemDrive%\inetpub\ftproot Default FTP root folder for the built-in FTP Publishing Service ■ %SystemDrive%\inetpub\logs\failedreqlogfiles Location for all IIS Failed Request Event Tracing This is a new location in IIS 7.0 Note The built-in FTP Publishing Service and SMTP Service logs are stored by default in %windir%\System32\LogFiles ■ %SystemDrive%\inetpub\mailroot Root folder for all SMTP Service–related processes This is not installed by default ■ %SystemDrive%\inetpub\temp Used by ASP.NET and IIS to store ASP compiled templates and IIS temporary compressed files ■ %SystemDrive%\inetpub\wwwroot Root Folder for Default Web Site Note that it is suggested you place your Websites on a drive other than %SystemDrive% 198 Part III: Administration ParameterName is the attribute whose value you want to display Here is the output of the List Sites command when using the /text:name parameter to show just the site names Default Web Site TestSite Finally, you can use the configuration view to display the configuration element associated with each object instance as a configuration fragment You can this by using the /config general parameter to display all explicitly set configuration or by using /config:* to display all configuration The Config object uses this format by default Here is the output of the List Sites commands with the /config switch You can also use the /xml switch to output the results of Appcmd commands in XML This switch can be used to pipe the results from one Appcmd command to chain multiple related commands together when using command pipelining Note For more information about command pipelining, see http://mvolo.com/blogs/ serverside/archive/2007/06/19/Do-complex-IIS-management-tasks-easily-with-appcmdcommand-piping.aspx The XML output mode can also be used to export results of Appcmd commands to other software programs and perform bulk operations Note For more information on bulk operations, see http://mvolo.com/blogs/serverside/ archive/2007/10/06/Create-IIS7-websites-and-application-pools-fast-with-appcmd.aspx Chapter 7: Using Command Line Tools 199 General Parameters In addition to verb-specific parameters, Appcmd also supports general parameters that affect the execution of all Appcmd commands These parameters are listed in Table 7-3 Table 7-3 Appcmd General Parameters Parameter Description /? Display context-sensitive help message For more information, see the section titled “Getting Help” earlier in this chapter /text Generate the output in text format This is the default You can also specify /text:* to show a detailed text view containing all attributes of each object being displayed Alternatively, you can also specify /text: attribute to display only the value of the specific attribute for each object For more information, see the section titled “Understanding Appcmd Output” earlier in this chapter /xml Generate the output in XML format You can use this format to store or transport the output of the tool to another program, and it is the basis for the command pipelining support - or /in Perform the command on the dataset provided from the standard input Use this parameter to execute Appcmd commands on sets of objects provided by the output of another command /config Show the configuration associated with each displayed object You can also use /config:* to display all configuration, including values that are inherited from the schema defaults /metadata Show the configuration metadata when displaying configuration objects and using /text:* This includes information about the type of each configuration attribute /commit Controls for which the command commits configuration By default, the configuration is written to the same configuration path where it applies, which by default favors delegated configuration when setting configuration at the Web site, application, or URL levels However, using this parameter allows you to control this independent of the configuration path to which the configuration is being applied You can specify a fixed configuration path, or apphost, machine, and webroot for the corresponding server-level configuration files Alternatively, you can use the Site, App, and Parent values to commit to a segment of the current configuration path For more information, see the sidebar titled “Understanding Where Configuration Is Saved” later in this chapter /debug Display debug information about the execution of each command, including the time taken to execute, the parameters passed in, how many objects were returned, and any errors You can use this to debug or optimize Appcmd commands If you need to pass a parameter to a command that has the same name as a general parameter, you can escape it with a ! sign For example, if you need to set the commit configuration attribute on the fictional mysection configuration section, you can use the following syntax appcmd set config /section:mysection /!commit:somevalue 200 Part III: Administration Using Range Operators When using the List verb on any Appcmd object, you can include parameters to filter the returned results by the values of the specified attributes For example, if you are looking for all sites that have the serverAutoStart attribute set to false, you can use the following syntax appcmd list sites /serverAutoStart:false Note For more information on using the List command to list objects, see the section titled “Using the List Command to List and Find Objects” later in this chapter However, filtering by exact values of object attributes may be limiting in some scenarios Often, you need the ability to search for objects that fall into a range of possible values To support this, Appcmd enables the use of range operators to filter for objects that satisfy an expression on each attribute, rather then a fixed value For example, if we wanted to find all Web sites that have ids larger than 300, we could use the >= operator as follows appcmd list sites "/id:$>=300" Note Because the > and < characters have special handling at the command line, be sure to enclose the entire parameter by placing the ranged operator in quotation marks You can specify the range operators for any supported attribute by using the $OPVAL syntax, where OP corresponds to the ranged operator, and VAL corresponds to the value for the operator Table 7-4 shows the supported operators Table 7-4 Appcmd-Supported Operators Operator Description > Greater than operator, for numeric attributes Matches all values of the attribute that are greater than the value specified For example, /id:$>10 matches 11 but not >= Greater than or equal to operator, for numeric attributes Matches all values of the attribute that are greater than or equal to the value specified For example, /id:$>=10 matches 10 but not < Less than operator, for numeric attributes Matches all values of the attribute that are less than the value specified For example, /id:$