Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.

Published byOliver Fowler Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS."— Presentation transcript:

1 1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS

2 2 Creating Web Sites and FTP Sites By default, Microsoft Windows 2000 Server installs a basic Microsoft Internet Information Services (IIS) configuration during the operating system installation. You can modify this configuration during installation of Windows 2000 or by using Add/Remove Programs after the installation is completed.

3 3 Installing IIS When a clean installation of Windows 2000 Server is performed, IIS is installed, by default, with these components: Common Files Documentation Microsoft FrontPage 2000 Server Extensions Internet Information Services Snap-In Internet Services Manager (HTML) SMTP Service World Wide Web Server

4 4 Installing IIS (Cont.) When you upgrade from Microsoft Windows NT, Microsoft Windows 98, or Microsoft Windows 95 to Windows 2000, the Setup program attempts to detect a previous version of IIS. If it detects a previous version, Setup installs IIS version 5. IIS requires Transmission Control Protocol/Internet Protocol (TCP/IP). If TCP/IP is not installed, Setup automatically installs it. To install IIS on a computer running Windows 2000 Server, or to install additional components to IIS (such as FTP Server, which is not installed by default), use Add/Remove Programs.

5 5 The Windows Components Page in the Windows Components Wizard

6 6 The Subcomponents Of Internet Information Services (IIS) List

7 7 IIS Snap-In Components After installing IIS, when you launch the IIS snap-in, three components are added to the console tree: Default Web Site: represents the primary public Web site hosted by the server Administration Web Site: represents a protected site you can use to configure IIS from a remote computer Default SMTP Virtual Server: represents the e-mail forwarding server hosted by the server

8 8 Getting Started Web content is published by placing Web files in folders on the server so that users can establish a Hypertext Transfer Protocol (HTTP) connection with the server and view the Web files. The first step in deploying a Web site is determining how to organize the files you want to publish. Next, use the IIS snap-in (in the Internet Services Manager console) to specify the folders that are part of the site.

9 9 Getting Started (Cont.) You can publish documents by copying them into the home folder of the default Web site, C:\Inetpub\Wwwroot by default. Users can access files in this folder by using any of these URLs: http://computer_name/file_name http://fully_qualified_domain_name/file_name http://IP_address/file_name (where computer_name, fully_qualified_domain_name, and IP_address identify the Web server)

10 10 Creating Sites IIS can host multiple Web or File Transfer Protocol (FTP) sites on a single computer. Because each site appears as an individual computer to Web clients, the sites are sometimes called virtual servers. You can create multiple Web and FTP sites on a computer running Windows 2000 Server in three ways: Use a nonstandard port number with the Internet Protocol (IP) address. Use multiple IP addresses. Assign multiple Web sites to one network adapter card by using host header names.

11 11 An Intranet Web Server with Multiple Sites

12 12 Creating a Web Site Use the IIS snap-in to create a Web site. To create a Web site, right-click the server in the console tree, point to New, and then select Web Site to launch the Web Site Creation Wizard. You specify the following information for the site: Site name IP address TCP port number Host header name (optional) Path to the site’s home directory (folder) Permissions you want to grant users to the files in the home directory

13 13 The IP Address And Port Settings Page in the Web Site Creation Wizard

14 14 Creating an FTP Site Before you can use the IIS snap-in to create an FTP site, the FTP Server component must be installed on the Windows 2000 IIS server. To create an FTP site, in the IIS console tree, right-click the server, point to New, and then select FTP Site to launch the FTP Site Creation Wizard. You specify the following information for the site: Site name IP address TCP port number Path to the site’s home directory Permissions you want to grant users to the files in the home directory

15 15 The IP Address And Port Settings Page in the FTP Site Creation Wizard

16 16 Administering Web Sites and FTP Sites During IIS installation, default values are assigned to various properties of the server and its sites. You can modify the values of these properties at the site level, the folder level, or the file level. You can access the master properties, server extensions, bandwidth throttling, and Multipurpose Internet Mail Extensions (MIME) mapping for an IIS server from the Properties dialog box for the server in the IIS snap-in.

17 17 The WWW Service Master Properties Dialog Box for an IIS Server

18 18 Starting and Stopping Services and Sites By default, IIS services and sites are configured to start automatically with Windows 2000. To use the IIS snap-in to start, stop, or pause a site, select a site in the console tree, and then click the Start Item, Stop Item, or Pause Item button on the toolbar. To use the IIS snap-in to stop, start, or restart all of the IIS services or reboot the server, right-click the server in the console tree, and then select Restart IIS to display the Stop/Start/Reboot dialog box.

19 19 Restarting Internet Services

20 20 Defining Home Directories Each Web and FTP site must have a home directory, which is the central location for published pages. If you have both a Web site and an FTP site on the same computer, each service should have its own home directory. To change a home directory for a Web site or an FTP site, in the IIS snap-in, right-click the site in the console tree, click Properties, and then click the Home Directory tab.

21 21 The Home Directory Tab in a Web Site’s Properties Dialog Box

22 22 Defining a Default Document When a client connects to a Web site, the Web server typically transmits a home page, called the default document, for the site. By default, an IIS Web site’s default documents are Default.htm and Default.asp. To configure default documents for a Web site, in the IIS snap-in, open the site’s Properties dialog box, and then click the Documents tab. When the default document list contains more than one document, IIS attempts to transmit the first document in the list.

23 23 The Documents Tab in a Web Site’s Properties Dialog Box

24 24 Lesson Summary IIS 5 is installed with Windows 2000 Server by default. You can install additional IIS components by using Add/Remove Programs. Use the IIS snap-in to create, configure, and administer Web and FTP sites.

25 25 Creating Virtual Directories The simplest possible IIS Web site or FTP site is one in which all of the site’s files are located in the home directories of the site. IIS allows you to add files from other locations to your sites without moving them. These added files are called virtual directories.

26 26 Creating Virtual Directories A virtual directory is not contained in the site’s home directory but appears to client browsers as though it were. A virtual directory has an alias, a name that Web browsers use to access the directory. An advantage of using virtual directories is that you can publish files from various locations without having to move the files. Aliases provide a measure of security, because users do not know where the files are physically located.

27 27 Creating Virtual Directories (Cont.) To use the IIS snap-in to create a virtual directory on an IIS Web site or FTP site, in the console tree, right-click the site, point to New, and then select Virtual Directory to launch the Virtual Directory Creation Wizard. You specify the following information: The alias for the virtual directory The path to the folder containing the files you want to publish The permissions you want to grant users to the files in the virtual directory

28 28 Using Web Sharing Another method for creating a virtual directory on a Web site is to configure a folder for Web Sharing in Windows Explorer. Only folders on the Windows 2000 IIS Web server itself can be shared in this way—you cannot create a virtual directory out of a folder on a remote computer by using this method. When you configure Web Sharing in Windows Explorer, you specify an alias for the folder and the access and application permissions for users of the folder.

29 29 The Edit Alias Dialog Box

30 30 Redirecting Requests When you move a page on a Web site, you can instruct the Web server to give browsers the new URL of the page when they request that page by its old URL. This process is called redirecting a browser request, or redirecting, to another URL. You use the IIS snap-in to redirect requests to a Web site, a virtual directory, or a directory.

31 31 The Home Directory Tab in a Web Site’s Properties Dialog Box

32 32 A Home Directory Tab with URL Redirection Controls

33 33 Options for Redirecting Requests When you redirect a site, virtual directory, or directory in the IIS snap-in, you specify the URL that you want the site, virtual directory, or directory to be redirected to. You can select one or more options that further define how the redirection to the new URL will be handled: The Exact URL Entered Above A Directory Below This One A Permanent Redirection For This Resource

34 34 Lesson Summary A virtual directory is not contained in the site’s home directory but appears to client browsers as though it were. Virtual directories are identified by aliases, which appear as subdirectories beneath a Web site’s home directory or an FTP site’s home directory. You can use the IIS snap-in to create a virtual directory. You can configure Web Sharing for a folder on the Windows 2000 IIS Web server by using Windows Explorer. You can use the IIS snap-in to redirect requests to a Web site, a virtual directory, or a directory to a different URL.

35 35 Managing Site Security Security is an important part of IIS administration. IIS can use a variety of security mechanisms, including port assignments, authentication, IP address and domain name restrictions, access permissions, and Secure Sockets Layer (SSL).

36 36 Using Port Assignments One of the simplest and weakest forms of site protection is to use an alternate port number for the site. Standard port for Web (HTTP) communications: 80 Standard port for FTP communications: 21 You can configure IIS to use a nonstandard port number for a Web site or FTP site, but standard requests for site access will fail unless clients specify the correct port number. To view or configure a site’s port number, in the IIS snap-in, use the Web Site tab in the site’s Properties dialog box.

37 37 The Web Site Tab in the Default Web Site’s Properties Dialog Box

38 38 Using Authentication Authentication is the most common mechanism used to restrict access to a Web site or FTP site. IIS supports four types of authentication: Anonymous authentication Basic authentication Digest authentication Integrated Windows authentication

39 39 Anonymous Authentication Most Web and FTP sites are public and provide free access to all users. Windows 2000 uses a special account, IUSR_computername, and a randomly chosen password to provide anonymous users with limited access to resources. By default, IIS Web and FTP sites permit anonymous access. To control anonymous access for a Web site, configure the Directory Security tab of the Web site’s Properties dialog box.

40 40 The Directory Security Tab in a Web Site’s Properties Dialog Box

41 41 The Authentication Methods Dialog Box

42 42 Basic Authentication Basic authentication provides more protection for a site than anonymous authentication. With basic authentication, every client must have a user account on the Web server and must supply a user name and password. The advantage of basic authentication is that it is supported by all browsers running on any operating system. The disadvantage is that the user’s name and password are transmitted in clear text and can be compromised.

43 43 Basic Authentication (Cont.) To configure basic authentication for a Web site on a Windows 2000 IIS server, select the Basic Authentication check box in the Authentication Methods dialog box, which is accessed from the Directory Security tab in the Web site’s Properties dialog box. During this process, you can specify that users authenticate to a different domain than the one where the IIS server resides.

44 44 The Internet Service Manager Message Box

45 45 The Basic Authentication Domain Dialog Box

46 46 Digest Authentication Digest authentication lets Web clients send logon credentials to the IIS server with the password encrypted. Digest authentication can be used with a proxy server.

47 47 IIS Server Requirements for Digest Authentication The accounts that clients use to authenticate must be located in an Active Directory domain. Each user account must have the Store Password Using Reversible Encryption option enabled in its user object properties. Configure this option in the Account tab of the user’s object’s Properties dialog box in the Active Directory Users And Computers console. IIS sites must be configured to use digest authentication. In the IIS snap-in, select the Digest Authentication For Windows Domain Servers check box in the Authentication Methods dialog box, which is accessed from the Directory Security tab in the Web site’s Properties dialog box.

48 48 Selecting the Store Password Using Reversible Encryption Option for a User Account

49 49 Integrated Windows Authentication Integrated Windows authentication is best suited for clients and servers on the same intranet. The Web client uses the credentials that the user logged on to the domain with to authenticate itself to the IIS server. To configure this type of authentication, select the Integrated Windows Authentication check box in the Authentication Methods dialog box, which is accessed from the Directory Security tab in the Web site’s Properties dialog box.

50 50 Using IP Address and Domain Name Restrictions Another method for restricting access to IIS sites is to specify the IP addresses and domain names that are to be granted or denied access. To create IP address and domain name restrictions, use the IIS snap-in to configure the IP Address And Domain Name Restrictions dialog box, which is accessed from the Directory Security tab in the Web site’s Properties dialog box.

51 51 The IP Address And Domain Name Restrictions Dialog Box

52 52 The Grant Access On Dialog Box

53 53 Using Access Permissions IIS permissions specify what users connected to a Web site or FTP site are permitted to do. IIS permissions can be set at any level of the IIS site hierarchy: the site level, the virtual directory level, or the directory level. To set IIS permissions, open the Properties dialog box for a site, virtual directory, or directory; and then click the Home Directory, Virtual Directory, or Directory tab, respectively.

54 54 Using Access Permissions (Cont.) You can select the following IIS permissions: Script Source Access Read Write Directory Browsing In addition, in the Execute Permissions drop- down list, you can set the permission that specifies whether users can execute scripts only, scripts and executables, or neither.

55 55 Using SSL The Secure Sockets Layer (SSL) protocol lets you configure IIS sites not only to authenticate users but also to encrypt data transferred between client browsers and the IIS server. SSL is commonly used on Web sites, such as banking and e-commerce sites, that require clients to transmit sensitive data. To use SSL on Windows 2000 IIS sites, you must first obtain a server certificate, either from a third-party vendor or by using Windows 2000 Certificate Services and the Web Server Certificate Wizard in IIS.

56 56 Lesson Summary Using a nonstandard port number provides weak security. Authentication is the most common mechanism used to control access to a Web site or FTP site. IIS supports anonymous, basic, digest, and integrated Windows authentication. You can specify the IP addresses and domain names that are to be granted or denied access to an IIS site. You can assign IIS permissions to specify what users connected to a Web site or FTP site are permitted to do. SSL lets you encrypt data transferred between client browsers and the IIS server.

57 57 Troubleshooting IIS An administrator must be familiar with common problems that can prevent clients from connecting to a Windows 2000 IIS Web server.

58 58 Common Client Connection Problems and Solutions Symptom: Clients fail to connect to a Web site. Cause: A network communications problem is preventing the connection. Solution: Check communications between the client and server by using Ping and by checking the name resolution mechanism used to resolve the computer or Domain Name System (DNS) name in the URL to an IP address.

59 59 Common Client Connection Problems and Solutions (Cont.) Symptom: Clients fail to connect to a Web site. (Cont.) Cause: The site is configured to use a TCP port number other than the default (80). Solution: Append the correct port number to the domain or computer name in the browser URL (as in http://www.microsoft.com:82).

60 60 Common Client Connection Problems and Solutions (Cont.) Symptom: Clients fail to connect to a Web site. (Cont.) Cause: The Web site is not configured to use anonymous access. Solution: Activate anonymous access in the site’s Properties dialog box, or supply the user with the credentials needed to connect to the site by using another type of authentication.

61 61 Common Client Connection Problems and Solutions (Cont.) Symptom: Clients fail to connect to a Web site. (Cont.) Cause: The anonymous access account is improperly configured. Solution: Make sure that the account used for anonymous access exists in the server’s account database or in Active Directory with the correct password, and that the account used for anonymous access has the Log On Locally and Access This Computer From The Network user rights.

62 62 Common Client Connection Problems and Solutions (Cont.) Symptom: Clients fail to connect to a Web site. (Cont.) Cause: The client does not have an appropriate user account for the authentication type the site is configured to use. Solution: If the site is configured to use digest authentication or integrated Windows authentication only, the client must have a Windows 2000 user account. In the case of digest authentication, the client must have an Active Directory user account.

63 63 Common Client Connection Problems and Solutions (Cont.) Symptom: Clients fail to connect to a Web site. (Cont.) Cause: The site, virtual directory, or directory containing the requested file is not configured with the correct permissions. Solution: If the default document or the requested file is a script or a program, the site, virtual directory, or directory must be configured with either the Scripts Only or Scripts And Executables permission, in addition to the Read permission.

64 64 Common Client Connection Problems and Solutions (Cont.) Symptom: Clients fail to connect to a Web site. (Cont.) Cause: The site requires an SSL connection. Solution: If the site is configured to require a secured connection using SSL, the URL in the browser must use the https:// prefix instead of http:// and must include the appropriate SSL port number (as in https://secure.microsoft.com:5000).

65 65 Lesson Summary When troubleshooting Web site connection problems, check for network communication and networking hardware failures. The type of authentication that a site is configured to use is a frequent source of logon failures. Digest and integrated Windows authentication require all Web client users to have Windows 2000 user accounts. Sites that use scripts or programs must be configured with the appropriate permissions for clients to be able to run those scripts or programs. To connect to a site that requires an SSL connection, the URL must specify both the https:// prefix and the correct SSL port number.

Download ppt "1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 7 Administering Web Resources in Windows Server 2003.

Hands-On Microsoft Windows Server 2003 Administration Chapter 7 Administering Web Resources in Windows Server 2003.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.

Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Ch 13 - Adminstering Web Resources1 Ch. 13 – Administering Web Resources MIS 431 – Created Spring 2006.

Ch 13 - Adminstering Web Resources1 Ch. 13 – Administering Web Resources MIS 431 – Created Spring 2006.
Domain Name Server © N. Ganesan, Ph.D.. Reference.

Domain Name Server © N. Ganesan, Ph.D.. Reference.
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.

1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
Reliability and Performance Application protection IIS Reliable Restart Socket pooling Multisite hosting Process throttling Bandwidth throttling.

Reliability and Performance Application protection IIS Reliable Restart Socket pooling Multisite hosting Process throttling Bandwidth throttling.
Printing Terminology. Requirements for Network Printing At least one computer to operate as the print server Sufficient RAM to process documents Sufficient.

Printing Terminology. Requirements for Network Printing At least one computer to operate as the print server Sufficient RAM to process documents Sufficient.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Similar presentations

Ads by Google