Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

Chapter 13: Administering Web Resources

Objectives

Install and congure Internet Information Services (IIS) Create and congure Web-site virtual servers and virtual
directories

Congure Web-site authentication Congure and maintain FTP virtual servers Update and maintain security for an IIS server Create and modify Web folders Install and use the Remote Administration (HTML) tools Install and congure Web-based printing and printer
management

Troubleshoot Web client-browser connectivity

Installing and Conguring Internet Information Services

Current version is Internet Information Services (IIS) 6.0 IIS provides Web-related services that can be implemented to
host a corporate intranet or to provide an Internet presence

IIS has four main components:

World Wide Web (HTTP) services File Transfer Protocol (FTP) services Network News Transfer Protocol (NNTP) services Simple Mail Transfer Protocol (SMTP) services

1 of 16

07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

IIS 6.0 is not installed by default Individual IIS components can be manually installed through
the Add or Remove Programs applet in the Control Panel Activity 13-1: Installing Internet Information Services

Objective: To install IIS components Start Control Panel Add or Remove Programs
Add/Remove Windows Components

Select and install individual components as directed Note changes on the server, folders created during IIS
installation, new accounts in Active Directory, operating system services, Web sharing feature Activity 13-2: Viewing System Changes after Installing IIS

Objective: To view the changes made to Windows Server 2003

after installing IIS

Open Active Directory and browse for the new accounts that
have been added: 2 new user accounts and 1 new group account

Browse various folders that contain les needed for IIS

services and open the Services utility: FTP Publishing Service IIS Admin Service Network News Transfer Protocol (NNTP) Simple Mail Transfer Protocol (SMTP) World Wide Web Publishing Service

Browse properties of a service

2 of 16 07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

Stop a service and congure its startup options

Architectural Changes in IIS 6.0

IIS 6.0 is similar to IIS 5.0 with Windows 2000 Changes relate to how processes are managed and
maintained and updated metabase les

Metabase now stored in 2 standard XML les

MetaBase.xml and MBSchema.xml Human-readable Better read performance Industry-standard data representation Found in %systemroot%\system32\inetsrv Conguring Web Server Properties

Primary tool used for conguration of Web Server properties

is IIS MMC snap-in

Available on Administrative Tools menu Default sites and services include:

FTP Sites Application Pools Web Sites Web Service Extensions Default SMTP Virtual Server Default NNTP Virtual Server Activity 13-3: Exploring the Internet Information Services MMC Snap-in

Objective: To explore the basic MMC snap-in console and

3 of 16 07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

navigation

Start Administrative Tools Internet Information Services

(IIS) Manager

Explore the FTP Sites, Application Pools, Web Sites, Web

Service Extensions, Default SMTP Virtual Server, and Default NNTP Virtual Server nodes

Using the IIS tool, master properties can be congured for

Web and FTP sites from site-folder level

If an individual site is pre-congured when master properties

are set, you are prompted whether or not to change the site settings Activity 13-4: Viewing and Conguring the Master Properties of the WWW Service

Objective: To explore the use of master properties through

the conguration of the WWW service

From the open IIS Manager window, open the Web Sites
folder properties

Congure the folder properties as directed Test setting inheritance by viewing the Default Web Site
properties Creating and Conguring Web-Site Virtual Servers

A virtual server is a unique Web site that behaves as if it

were on a dedicated server

IIS can support many virtual servers on a single server Conguration conicts are avoided by identifying the IP
address, TCP port, and host header name of each Web site and ensuring that the site is uniquely identied through these features Activity 13-5: Creating a New Web Site Using the Web Site Creation Wizard

4 of 16

07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

Objective: To become familiar with the Web Site Creation

Wizard

Change the port number of the Default Web Site as directed

and verify the change

Create a new Web site using the Web Site Creation Wizard Create a default HTML index page for the new site
Activity 13-6: Creating a New Web Site Using the IISWEB.VBS Script

Objective: To explore using the IISWEB.VBS script as an

alternative to the IIS tool for Web site creation

Start Run type cmd OK Make a new Web site home directory as directed Run the IISWEB.VBS script as directed Verify that the Web site has been created and congured
correctly Modifying Web-Site Properties

Individual Web site parameters can be modied and

ne-tuned through the sites properties

Modifying an individual sites properties does not aect any

other sites

Modifying an individual sites properties overrides any

congurations set in the master properties at the server level Activity 13-7: Conguring Web-Site Properties

Objective: To explore and congure the available properties

for an individual Web site

Open IIS and the Properties of the site to be congured Congure settings as directed
5 of 16 07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

Create an html le and congure it as a footer Customize an error message Verify the congured settings
Creating Virtual Directories

A virtual directory points to a shared folder on the server An alias name can be created
Hides the real directory name Can simplify the path to the folder

Clients can access a virtual directory by appending the alias

name to the Web-site host name Activity 13-8: Creating and Conguring a Virtual Directory

Objective: To familiarize students with the process of creating

and conguring a virtual directory

Create and congure a new shared folder Create a new index le for the Web site Open and use the Virtual Directory Creation Wizard to create
a virtual directory with an alias

Explore Properties and verify proper conguration of the site

Conguring Authentication for Web Sites

Authentication is the determination of whether or not a user

account has the proper permissions to access a resource such as a Web site

IIS provides ve levels of authentication:

Anonymous access Basic authentication
6 of 16 07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

Digest authentication Integrated Windows authentication .NET Passport authentication Anonymous Access and Basic Authentication

Anonymous access
Users do not need to provide a user name and password Uses the IUSR_servername user account to provide authentication credentials

Basic authentication
User is prompted to supply a user name and password User needs a valid Windows Server 2003 user account One drawback is that information is transmitted using unencrypted Base64 encoding (easy to hack) Digest Authentication and Integrated Windows Authentication

Digest authentication
Similar to basic authentication but hashes user name and password using MD5 algorithm Has specic software and Active Directory requirements

Integrated Windows authentication

Does not prompt for password Uses clients logged on credentials Used primarily for internal intranets, has specic permissions requirements .NET Passport Authentication and Multiple Authentications

7 of 16

07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

.NET Passport authentication

New method currently in testing to use the .NET Passport service Will require preproduction tests and a registration process

If multiple authentication methods are congured, specic

rules apply concerning precedence and applicability

Activity 13-9: Conguring and Testing Web-Site Authentication Options

Objective: To congure and compare two of the Web-site

authentication options

Discover the current conguration using the IIS Manager tool Explore the eect of the current conguration on Web-site
access

Change the conguration and explore the eect of the change

Conguring Server Certicates and Secure Sockets Layer

The Secure Sockets Layer (SSL) protocol encrypts Web

trac between a client and a Web server

Congured from the Directory Security tab of the properties

of a Web site

Users access a secure server using https:// prex SSL requires a server certicate from a certicate authority
or from installed certicate services Conguring FTP Virtual Servers

The File Transfer Protocol (FTP) is used for le transfers

between computers running TCP/IP

FTP service is included with IIS 6.0

8 of 16

07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

FTP uses two ports (TCP ports 20 and 21)

Port 21 carries connection initiation and diagnosis information Port 20 carries data

FTP uses Transmission Control Protocol (TCP)

Connection-based protocol, session precedes data transfer File Transfer Protocol

Features of TCP include:

Sending computer waits for an acknowledgement and retransmits data if it is not received Packets are assigned a sequence number Packets contain a checksum for ensuring integrity

FTP requires a server running FTP server software and

clients must run FTP client software

There are many free and shareware utilities that can be

downloaded for running FTP Conguring FTP Properties

Multiple FTP sites can be congured on a single IIS 6.0

server

Each site operates independently and runs transparently Each site has property sheets that can be customized
independently Activity 13-10: Conguring and Testing the Default FTP Site

Objective: To become familiar with the process of conguring

and testing an existing Web site

Open the IIS Manager tool and the Properties of the Default
9 of 16 07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

FTP Site

Browse and congure various settings of the site Log on as an anonymous user to test the site conguration
Activity 13-11: Creating and Testing a New FTP Site and Conguring a Virtual Directory

Objective: To create an FTP site that includes a virtual

directory located on a dierent server

Create new folders for FTP site and congure permissions

and IP address as directed

Use the FTP Site Creation Wizard to create a site Use the Virtual Directory Creation Wizard to create a new
virtual directory

Test the site by logging on and transferring a le

Updating and Maintaining Security for an IIS Server

Sensitivity to security issues is always important for

information published on the Internet

Issues of importance in security and maintenance for an IIS

server: Alternatives to securing access to information Performing backups Stopping and starting IIS related services Applying updates Resource Permissions

Two types of permissions to secure Web resources

NTFS permissions IIS permissions

10 of 16

07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

The eective permission is always the most restrictive of

congured permissions

NTFS permissions
Normal NTFS le permissions can be applied to Web pages and virtual directories Can be assigned to users and groups individually

IIS permissions
Always global Can be congured for Web sites and FTP virtual servers, virtual directories, physical directories, les Can set Read and/or Write permissions Can set Execute permission if site contains scripts or executables Activity 13-12: Conguring IIS and NTFS Permissions

Objective: To explore the use of both IIS and NTFS

permissions for protecting Web content

Open the IIS Manager tool and access the Properties of a Web
site to congure IIS permissions

Test the IIS permissions as directed Open the Properties of the Web content folder to congure
NTFS permissions

Test the NTFS permissions as directed

IP Address and Domain Name Security

Can secure Web content by controlling access based on the IP

address of the client

Access can be explicitly granted or denied Access can be controlled for a specic IP address or a range
11 of 16 07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

of IP addresses Activity 13-13: Testing IP Address Restrictions

Objective: To explore securing Web content using restrictions

on IP addresses

Open the IIS Manager tool and the Properties of the Web site From the Directory Security tab, edit the IP Address and
Domain Name Restrictions to deny access to a specic IP address

Test the restrictions as directed

Starting and Stopping Services and Backing UP the IIS Conguration

IIS 6.0 allows you to start and stop services through the IIS
console

IIS 6.0 stores conguration settings in the IIS metabase that

can be backed up Using the Backup utility in the IIS console By copying contents of the backup directory to a folder By exporting contents using the metabase editor By using the IISBACK.VBS script By backing up System State data using Backup utility Activity 13-14: Backing Up the IIS Conguration

Objective: To explore the use of the backup and restore

facilities of IIS

Open the IIS Manager tool and Backup/Restore Conguration

facility for the server

Create a backup as directed Verify the backup

12 of 16

07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

Restore the metabase from the backup as directed

Updating IIS 6.0

Common updates to IIS are service packs and hot xes Before updating, perform a full backup of server Updates are often released to x security issues Microsoft Baseline Security Analyzer helps determine which
IIS hot xes are installed Creating and Modifying Web Folders

A Web folder is a shared folder designed to be accessed using

HTTP or FTP

Use the Web Sharing tab of the folder Properties to congure

the folder

Web folders can use an alias name

The Edit Alias dialog box allows you to set the name, access permissions, and application permissions

Network clients can open a Web-based le using

Internet Explorer, My Network Places, Microsoft Oce XP Activity 13-15: Conguring Web Folders and Exploring Access Methods

Objective: To become familiar with conguring and accessing

a Web shared folder

Create a new folder and le Congure the folder using the Web Sharing tab of the folders
Properties

Open the IIS Manager tool and verify that the virtual
directory appears

13 of 16

07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

Open Internet Explorer to examine the folder and le

Installing and Using Remote Administration (HTML) Tools

Remote Administration (HTML) tools support the ability to

manage IIS servers remotely via a Web browser interface

On Windows Server 2003, these tools are not installed by

default

Tools must added manually via the Add/Remove Windows

Components feature of Control Panel Activity 13-16: Install and Explore the Remote Administration (HTML) Tools

Objective: To explore the installation process and to examine

various settings from Internet Explorer

Start Control Panel Add or Remove Programs

Add/Remove Windows Components

Install the tools as directed Open Internet Explorer, congure the site, and connect to the
Remote Administration Web site

Browse the site as directed

Installing and Conguring Internet Printing

Internet Printing Protocol (IPP)

Allows printers to be managed via a Web browser Allows clients to send print jobs using HTTP

Requires the installation of IIS and the Internet Printing

component

Internet Printing requires that the Internet Printing Web

Service Extension and the Active Server Pages Extension be explicitly enabled

14 of 16

07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

Activity 13-17: Conguring and Managing Internet Printing

Objective: to explore Internet Printing settings, manage

printers from IE, and install a printer to use Internet Printing

Use the IIS Manager tool to congure Internet Printing on the

server

Use Internet Explorer to view printers and their properties Install a printer to use Internet Printing and verify that the
printer port is congured correctly Troubleshooting Web Client Connectivity Problems

Client access problems are not uncommon If a user is unable to access an IIS Server
Check TCP/IP conguration settings, proxy settings, connections, set up error messages, use a protocol analyzer

If a user is unable to access a Web or FTP site

Check permissions, authentication methods, IP address and domain name restrictions, connection limits, port numbers, user accounts, invalid cached DNS information Summary

Internet Information Services (IIS) 6.0 is an application in

Windows Server 2003 used to develop and host Web- and FTP-based services

Four main components to IIS: World Wide Web (HTTP), File

Transfer Protocol (FTP), Network News Transfer Protocol (NNTP), and Simple Main Transfer Protocol (SMTP) services

IIS components must be manually installed IIS conguration information is stored in two XML les
known as the metabase

15 of 16

07/15/2011 05:12 PM

Chapter 13:

http://www.ronmar.netrms.com/ppc/pcs245/chap...

The IIS MMC snap-in (the IIS Manager tool) is the primary
tool for IIS conguration

Virtual servers are unique Web or FTP sites that behave as

though they are on dedicated servers

IIS provides ve levels of authentication to validate users

trying to access a Web site

Web communications can be encrypted using the Secure

Sockets Layer (SSL) protocol

To maintain an IIS server, an administrator should use

security features, perform backups, start and stop IIS services, and apply updates

Remote Administration (HTML) tools are used to manage IIS

6.0 servers remotely

The Internet Printing Protocol (IPP) allows printers to be

managed via Web browser and allows clients to sent print jobs using HTTP

Congurations can cause user access problems to either an

IIS Server or a Web or FTP site, note the things to check rst

16 of 16

07/15/2011 05:12 PM