Chapter 9

IIS--Internet Information Server

Is a service that enables your computer to provide standard Internet service. IIS 2.0 is included with NT 4.0

Its primary services include:

• WWW
• FTP
• Gopher publishing

It also comes with an Internet Service Manager (ISM). This manager is used to handle all Internet services installed on an NT system. The ISM is designed so that all the other TCP/IP services you add can be managed from a single tool. This would include Proxy server, NetShow, and Transaction Server.

The standard ISM runs an application on the NT computer.

IIS provides several advantages over other methods of publishing. It has built-in IP addressing filtering (using ISAPI -- Internet Server Application Programming Interface -- filters). It can restrict access to NT domain users only by using encrypted passwords, has the ability to add server extensions as a DLL (instead of a separate process that has to be launched every time someone hits the page, Active Server Page.

Installing IIS

    Installation is broken down into three steps:

• Preparing for installation
• Installation process
• Testing IIS

Preparing for installation

• Need to configure TCP/IP on computers that are participating
• Select NT Server that will host IIS (Which computer do you want to install and administer IIS from)
• Remove third-party software for WWW, FTP, and Gopher (another service may be registered with port)
• Should be installed on an NTFS partition (allows for greatest security)
• Enable auditing (optional)
• Finally setup a name resolution (WINS or DNS)

Installation Process (you can install IIS in one of three ways)

• During initially NT Server install
• By selecting IIS shortcut on desktop
• Adding the service in network dialog box

For the most part, during an install you will usually accept the defaults

• License Agreement (read and accept)
• List of products to install (p. 156 fig 9.1 shows list)
• Directories to install products (p. 156 fig 9.1 shows default directories)
• Home Directories (p. 156 fig 9.2, shows the home directories for each service that you are installing)
• ODBC Drivers (Open Database Connectivity), this install only option is to install MS SQL Server, enables you to to create pages that query a database and show results on your web page

After installation, you will find a new common program group added to start menu. This contains the following shortcuts

• IIS setup
• ISM (Internet Service Manager)
• Key Manager
• Product Documentation

You will also find a new user account has been created (IUSR_computername). This is the account anonymous users can use to log on to your site. This account has the right to logon locally. By default, this account has no password, which should be changed.

Testing IIS

To test IIS server, launch IE on a computer in the network (on same subnet). Chose File, Open, and then enter the computer name for the computer running IIS. (in a single segment environment (netBIOS) you can enter NetBIOS name) If you are in a routed environment, need to implement some type of name resolution (WINS or DNS).

Managing IIS

All IIS services are managed from the Internet Service Manager (ISM). It displays the services and the state of the service. There are three states to a service.

• Running service is started and operating normally.
• Paused service continues to run, but doesn't permit new users to connect.
• Stopped service is no longer operating.

On page 159 see bullets that describe ISM.

Selecting IIS Views

• Report View (p. 159 fig 9.5)
• Server View (p. 159 fig 9.6)
• Services View (p. 159 fig 9.7)

Setting Up the IUSR_comoputername Account

All users who access your WWW server inherit the permissions given to the IUSR_computername account.  These permissions are usually Read to WWW, FTP, and Gopher directory trees. It also grants permissions to the group Everyone. It is recommended you change the password for this account.

Configuring the HTTP Server (WWW Service)

A WWW server provides HTTP services that enable your users to connect to your web page (site).  Configuration is done through ISM.

Managing WWW Server Properties

Select server you want to configure and choose Service Properties in Properties Menu.  The WWW server dialog box has four tabs.

Service tab

• Connection Timeout--determines length of time the server permits a connection to remain idle.
• Maximum Connections--determines number of users who can connect at a given time.
• Anonymous Logon Username--to permit anonymous logins must select Allow Anonymous log on check box
• Allow Anonymous--when this is select, users can logon to IIS server without entering a user name or password.
• Basic (Clear Text)--by checking this box, users can logon with a username and password.  By using clear text, users can logon with an browser, but provides no security.
• Windows CHAP--by checking this box, users are forced to log on with a secure NT logon. Passwords are encrypted, supported automatically with IE 2.0 and higher.

Directories tab

• Enable Default Document--default documents automatically displays if this is selected
• Default Document--by editing this field, you can change the file name for your default document file(s)
• Directory Browsing Allowed--by enabling this, users can see a list of all the files in the home directory (this is not desirable)

When a user accesses a directory offered by a WWW server, there are three things that could happen

• If user hasn't specified an HTML file, the default document is sent
• If user hasn't specified an HTML file, and there is no default document, then WWW server sends a directory browsing document so users can browser directory
• If user hasn't specified an HTML file, and there is no default document, and directory browsing is not enabled, user receives an error message "Access Forbidden".

Logging tab

• Enabled Logging--checked by default (enables you to see who's accessing the server)
• Automatically open new log--new log files are created when certain defined criteria is met. (if selected)
• Log file directory--specifies directory in which log files will be stored. The log file is named by date..
• Log to SQL/ODBC Database--you can direct logs to a SQL database

Advanced tab

• Granted Access--if selected, computers with all IP addresses are permitted access.
• Denied Access--if selected, computers with all IP addresses are denied access.
• Access--computers listed here are the exceptions to the granted or denied access
• Limit Network Use by all Internet Services on this computer--this option allows you to limit the network traffic generated by this server, need to adjust the value for Maximum Network Use field.

Home Directories

Home directories are the root directories for each service. A home directory can be changed for a service by doing the following:

• Select service to change and open Property dialog box by double clicking
• Select the Directories Tab
• In directory list, select the directory that lists the alias
• Choose Edit properties to open Directory Properties dialog box.
• In directory box, specify the home directory for this service.
• In the Access box, specify whether users select Permission access to the directory
• Choose OK to save the changes

The above procedure does not create the new directory nor does it delete the old directory structure, you must create or delete the directories and their contents.

Setting Up Virtual Directories

Virtual Directories are created to make it possible to publish from multiple directories, which can be located on local or remote drives. Virtual Directories supplement the Home Directory.  Virtual Directories are made to appear as sub-directories to Home Directory, even though they may physically be on two different computers.

When a Virtual Directory is created, an alias is established that simplifies access to the Virtual Directory. A Virtual Directory is created by using the service's property dialog box.

Steps for creating a Virtual Directory

• Select service to change and open Property dialog box by double clicking
• Select the Directories Tab
• Choose Add to open Directory Properties dialog box
• In directory box, specify the directory you want to establish an alias.
• Select the Virtual Directory button
• In the Alias field, enter the name associated with virtual directory
• In the Access box, specify whether users select Permission access to the directory
• Choose OK to save the changes

Setting Up Virtual Servers

IIS has the capability of supporting virtual servers. These Virtual servers are running on the same IIS, even though they appear to be on separate computers. Each Virtual Server has its own IP address and DNS name, giving it a separate identity.

Steps for preparing  a Virtual Server

• Obtain a separate IP address for each virtual server
• Register each virtual server with DNS
• Create a content (home) directory for each virtual server

It is important to remember that the name of the home directory is arbitrary and has nothing to do with the way the virtual server is accessed. DNS name determines the name of the virtual server, not the file system directory name.

Configuring the IP Address

See page 171 fig 9.16 for configuring IP addresses. Computer needs to be restarted after configuration

Adding DNS Names

You must enter the virtual server names to DNS or WINS to enable users to resolve the names (p. 172 fig 9.17)

Creating the Virtual Server Home Directories

1. Open ISM
2. Double-click WWW service
3. Select Directories Tab
4. Choose Add to open Directory Properties dialog box (p. 173 fig 9.18 )
5. Browse server to locate home directory for the virtual server
6. Check Virtual Server
7. Enter IP address in Virtual Server IP Address field.
8. Choose OK
9. (If you are setting up more than one Virtual Server, repeat steps 4-8 for each virtual server that is to be established)
10. By default, wwwroot directory is not associated with an IP address and unless an IP address is associated with that directory, it is the default home directory for all TCP/IP addresses assigned to the server. Therefore, if you have virtual servers, this will need to be configured with an IP Address.

Configuring the FTP Service

Configuring FTP Service is identical to WWW Service with two exceptions Those exceptions are on the Message Tab in FTP service properties and a couple to the Directories Tab

Message Tab

• Welcome Message--is the message FTP users receive when they first connect to your system.
• Exit Message--is the message sent when the user logs off.
• Maximum connections message--message sent if you are at you maximum connections.

Directory Tab

• There are no virtual servers
• You are given the choice of UNIX (default) or MS-DOS directory listings

Configuring the Gopher Service

Very similar to configuring FTP, except there are some difference with the service properties which is the addition of the name and e-mail address of the administrator. There are no virtual gophers.