70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources

Guide to MCSE , Enhanced 2 Objectives Install and configure Internet Information Services (IIS) Create and configure Web-site virtual servers and virtual directories Configure Web-site authentication Configure and maintain FTP virtual servers Update and maintain security for an IIS server

Guide to MCSE , Enhanced 3 Objectives (continued) Create and modify Web folders Install and use the Remote Administration (HTML) tools Install and configure Web-based printing and printer management Troubleshoot Web client-browser connectivity

Guide to MCSE , Enhanced 4 Installing and Configuring Internet Information Services Current version is Internet Information Services (IIS) 6.0 IIS provides Web-related services that can be implemented to host a corporate intranet or to provide an Internet presence

Guide to MCSE , Enhanced 5 Installing and Configuring Internet Information Services (continued) IIS has four main components: World Wide Web (HTTP) services File Transfer Protocol (FTP) services Network News Transfer Protocol (NNTP) services Simple Mail Transfer Protocol (SMTP) services

Guide to MCSE , Enhanced 6 Installing Internet Information Services IIS 6.0 is not installed by default Individual IIS components can be manually installed through the Add or Remove Programs applet in the Control Panel

Guide to MCSE , Enhanced 7 Installing Internet Information Services (continued)

Guide to MCSE , Enhanced 8 Architectural Changes in IIS 6.0 IIS 6.0 is similar to IIS 5.0 with Windows 2000 Changes relate to how processes are managed and maintained and updated metabase files Metabase now stored in 2 standard XML files MetaBase.xml and MBSchema.xml Human-readable Better read performance Industry-standard data representation Found in %systemroot%\system32\inetsrv

Guide to MCSE , Enhanced 9 Architectural Changes in IIS 6.0 (continued)

Guide to MCSE , Enhanced 10 Configuring Web Server Properties Primary tool used for configuration of Web Server properties is IIS MMC snap-in Available on Administrative Tools menu Default sites and services include: FTP Sites Application Pools Web Sites Web Service Extensions Default SMTP Virtual Server Default NNTP Virtual Server

Guide to MCSE , Enhanced 11 Creating and Configuring Web-Site Virtual Servers A virtual server is a unique Web site that behaves as if it were on a dedicated server IIS can support many virtual servers on a single server Configuration conflicts are avoided by identifying the IP address, TCP port, and host header name of each Web site and ensuring that the site is uniquely identified through these features

Guide to MCSE , Enhanced 12 Modifying Web-Site Properties Individual Web site parameters can be modified and fine-tuned through the site’s properties Modifying an individual site’s properties does not affect any other sites Modifying an individual site’s properties overrides any configurations set in the master properties at the server level

Guide to MCSE , Enhanced 13 Modifying Web-Site Properties (continued)

Guide to MCSE , Enhanced 14 Creating Virtual Directories A virtual directory points to a shared folder on the server An alias name can be created Hides the real directory name Can simplify the path to the folder Clients can access a virtual directory by appending the alias name to the Web-site host name

Guide to MCSE , Enhanced 15 Configuring Authentication for Web Sites Authentication is the determination of whether or not a user account has the proper permissions to access a resource such as a Web site IIS provides five levels of authentication: Anonymous access Basic authentication Digest authentication Integrated Windows authentication.NET Passport authentication

Guide to MCSE , Enhanced 16 Anonymous Access and Basic Authentication Anonymous access Users do not need to provide a user name and password Uses the IUSR_servername user account to provide authentication credentials Basic authentication User is prompted to supply a user name and password User needs a valid Windows Server 2003 user account One drawback is that information is transmitted using unencrypted Base64 encoding (easy to hack)

Guide to MCSE , Enhanced 17 Digest Authentication and Integrated Windows Authentication Digest authentication Similar to basic authentication but hashes user name and password using MD5 algorithm Has specific software and Active Directory requirements Integrated Windows authentication Does not prompt for password Uses client’s logged on credentials Used primarily for internal intranets, has specific permissions requirements

Guide to MCSE , Enhanced 18.NET Passport Authentication and Multiple Authentications.NET Passport authentication New method currently in testing to use the.NET Passport service Will require preproduction tests and a registration process If multiple authentication methods are configured, specific rules apply concerning precedence and applicability

Guide to MCSE , Enhanced 19 Configuring Server Certificates and Secure Sockets Layer The Secure Sockets Layer (SSL) protocol encrypts Web traffic between a client and a Web server Configured from the Directory Security tab of the properties of a Web site Users access a secure server using prefix SSL requires a server certificate from a certificate authority or from installed certificate services

Guide to MCSE , Enhanced 20 Configuring FTP Virtual Servers The File Transfer Protocol (FTP) is used for file transfers between computers running TCP/IP FTP service is included with IIS 6.0 FTP uses two ports (TCP ports 20 and 21) Port 21 carries connection initiation and diagnosis information Port 20 carries data FTP uses Transmission Control Protocol (TCP) Connection-based protocol, session precedes data transfer

Guide to MCSE , Enhanced 21 File Transfer Protocol Features of TCP include: Sending computer waits for an acknowledgement and retransmits data if it is not received Packets are assigned a sequence number Packets contain a checksum for ensuring integrity FTP requires a server running FTP server software and clients must run FTP client software There are many free and shareware utilities that can be downloaded for running FTP

Guide to MCSE , Enhanced 22 Configuring FTP Properties Multiple FTP sites can be configured on a single IIS 6.0 server Each site operates independently and runs transparently Each site has property sheets that can be customized independently

Guide to MCSE , Enhanced 23 Configuring FTP Properties (continued)

Guide to MCSE , Enhanced 24 Updating and Maintaining Security for an IIS Server Sensitivity to security issues is always important for information published on the Internet Issues of importance in security and maintenance for an IIS server: Alternatives to securing access to information Performing backups Stopping and starting IIS related services Applying updates

Guide to MCSE , Enhanced 25 Resource Permissions Two types of permissions to secure Web resources NTFS permissions IIS permissions The effective permission is always the most restrictive of configured permissions NTFS permissions Normal NTFS file permissions can be applied to Web pages and virtual directories Can be assigned to users and groups individually

Guide to MCSE , Enhanced 26 Resource Permissions (continued) IIS permissions Always global Can be configured for Web sites and FTP virtual servers, virtual directories, physical directories, files Can set Read and/or Write permissions Can set Execute permission if site contains scripts or executables

Guide to MCSE , Enhanced 27 IP Address and Domain Name Security Can secure Web content by controlling access based on the IP address of the client Access can be explicitly granted or denied Access can be controlled for a specific IP address or a range of IP addresses

Guide to MCSE , Enhanced 28 Starting and Stopping Services and Backing UP the IIS Configuration IIS 6.0 allows you to start and stop services through the IIS console IIS 6.0 stores configuration settings in the IIS metabase that can be backed up Using the Backup utility in the IIS console By copying contents of the backup directory to a folder By exporting contents using the metabase editor By using the IISBACK.VBS script By backing up System State data using Backup utility

Guide to MCSE , Enhanced 29 Updating IIS 6.0 Common updates to IIS are service packs and hot fixes Before updating, perform a full backup of server Updates are often released to fix security issues Microsoft Baseline Security Analyzer helps determine which IIS hot fixes are installed

Guide to MCSE , Enhanced 30 Creating and Modifying Web Folders A Web folder is a shared folder designed to be accessed using HTTP or FTP Use the Web Sharing tab of the folder Properties to configure the folder Web folders can use an alias name The Edit Alias dialog box allows you to set the name, access permissions, and application permissions Network clients can open a Web-based file using Internet Explorer, My Network Places, Microsoft Office XP

Guide to MCSE , Enhanced 31 Installing and Using Remote Administration (HTML) Tools Remote Administration (HTML) tools support the ability to manage IIS servers remotely via a Web browser interface On Windows Server 2003, these tools are not installed by default Tools must added manually via the Add/Remove Windows Components feature of Control Panel

Guide to MCSE , Enhanced 32 Installing and Configuring Internet Printing Internet Printing Protocol (IPP) Allows printers to be managed via a Web browser Allows clients to send print jobs using HTTP Requires the installation of IIS and the Internet Printing component Internet Printing requires that the Internet Printing Web Service Extension and the Active Server Pages Extension be explicitly enabled

Guide to MCSE , Enhanced 33 Troubleshooting Web Client Connectivity Problems Client access problems are not uncommon If a user is unable to access an IIS Server Check TCP/IP configuration settings, proxy settings, connections, set up error messages, use a protocol analyzer If a user is unable to access a Web or FTP site Check permissions, authentication methods, IP address and domain name restrictions, connection limits, port numbers, user accounts, invalid cached DNS information

Guide to MCSE , Enhanced 34 Summary Internet Information Services (IIS) 6.0 is an application in Windows Server 2003 used to develop and host Web- and FTP-based services Four main components to IIS: World Wide Web (HTTP), File Transfer Protocol (FTP), Network News Transfer Protocol (NNTP), and Simple Main Transfer Protocol (SMTP) services IIS components must be manually installed

Guide to MCSE , Enhanced 35 Summary (continued) IIS configuration information is stored in two XML files known as the metabase The IIS MMC snap-in (the IIS Manager tool) is the primary tool for IIS configuration Virtual servers are unique Web or FTP sites that behave as though they are on dedicated servers IIS provides five levels of authentication to validate users trying to access a Web site Web communications can be encrypted using the Secure Sockets Layer (SSL) protocol

Guide to MCSE , Enhanced 36 Summary (continued) To maintain an IIS server, an administrator should use security features, perform backups, start and stop IIS services, and apply updates Remote Administration (HTML) tools are used to manage IIS 6.0 servers remotely The Internet Printing Protocol (IPP) allows printers to be managed via Web browser and allows clients to sent print jobs using HTTP Configurations can cause user access problems to either an IIS Server or a Web or FTP site, note the things to check first