Presentation is loading. Please wait.

Presentation is loading. Please wait.

12/02/2004Nicolas Paour1 Internet Information Server 4.0 (and 5.0) By Nicolas PAOUR 12 January 2004.

Published by Modified over 10 years ago

Similar presentations

Presentation on theme: "12/02/2004Nicolas Paour1 Internet Information Server 4.0 (and 5.0) By Nicolas PAOUR 12 January 2004."— Presentation transcript:

1 12/02/2004Nicolas Paour1 Internet Information Server 4.0 (and 5.0) By Nicolas PAOUR 12 January 2004

2 12/02/2004Nicolas Paour2 Contents Introduction Required configuration to setup IIS IIS Setup (HowTo) Web Setup FTP Setup SMTP Setup Security within IIS What are FrontPage extensions Using FrontPage with IIS Frequent TroubleShooting

3 12/02/2004Nicolas Paour3 Overview What is IIS –Questions/Answers Aim –Product overview –Getting information –Understanding security –Managing IIS & FrontPage

4 12/02/2004Nicolas Paour4 Basic concepts under NT Fat : No Valid SecurityNTFS : Security Possible Any user who reaches a NT station by shared or Internet must be identified by Login and Password (Local or Global) Overview

5 12/02/2004Nicolas Paour5 Required configuration to set up IIS Windows NT4 Server –Partition NTFS (Yes) –Index Server (Yes) –Multi Virtual Site (Yes) Windows Workstation –Partition NTFS (Yes) –Index Server (No) –Multi Virtual Site (No) Windows 95/98 –Partition NTFS (No) –Index Server (No) –Multi Virtual Site (No) Windows 2000 Server –Partition NTFS (Yes) –Index Server (Yes) –Multi Virtual Site (Yes) Windows 2000 Pro –Partition NTFS (Yes) –Index Server (Yes) –Multi Virtual Site (No)

6 12/02/2004Nicolas Paour6 IIS Set up – 1/6 Check that D drive is NTFS partition Set –administrators (Full) (Full) –system (Full) (Full) –remove Everyone Check if IIS3 does exist Uninstall IIS3 Check that « Regional Settings » is US. Copy in c:\install –NT4_IIS4_serveur files (no space in folder name) –FP2k_4.0.2.4317-(SR1.2) server extensions –Metaedit files –MDAC (2.52.6019.2) –ADSI (2.5)

7 12/02/2004Nicolas Paour7 IIS Set up – 2/6 Run NT4_IIS4_serveur\install.exe –Disabled “Certificate Server” –Disabled “FrontPage 98 Server Extensions” –Disabled “Internet Connection Services for RAS –Internet Information Server (IIS) Disabled “documentation” Enabled “FTP” Disabled “Internet NNTP Service” Enabled “Internet Service Manager” Disabled “Internet Service Manager (HTML)” Enabled “SMTP Service” Disabled “World Wide Web Sample Site” Enabled “World Wide Web Server” –Enabled “Microsoft Data Access Components 1.5” (All)

8 12/02/2004Nicolas Paour8 IIS Set up – 3/6 –Enabled “Microsoft Index Server” (default) Language Resources –French Language –UK English Language –US English Language –Enabled “Microsoft Management Console” –Disabled “Microsoft Message Queue” –Disabled “Microsoft Script Debugger” –Disabled “Microsoft Site Server Express 2.0” –Enabled “NT Option Pack Common Files –“Transaction Server” (Default) –Disabled “Visual Interdev RAD Remote Deployment Support” –Enabled “Windows Scripting Host” Select folders –D:\wwwroot\application_name.hp.com\_shareweb (_fpweb if frontpage used) –D:\ftproot\public –C:\program files

9 12/02/2004Nicolas Paour9 IIS Set up – 4/6 MTS (default) Index Server on on D:\wwwroot\application_name.hp.com\_catalog Reboot Remove “Administration Web Site ” Delete all virtual directory –IISsample –IISadmin –IIShelp –Scripts –IISadmPwd –msadc Remove folders: –D:\wwwroot\application_name.hp.com\iissample –D:\wwwroot\application_name.hp.com\scripts –D:\wwwroot\application_name.hp.com\_shareweb\phone book service

10 12/02/2004Nicolas Paour10 IIS Set up – 5/6 Install Metaedit Run metaedit and add Update MDAC and ADSI (Reboot) Update SP6a + Hotfix (Reboot) LM/W3SVC LM/MSFTPSVC ID:6013 (LogonMethod) attributes:inherit user type:file data type:DWORD value:3 (for SP3 and SP5) value:2 (for SP4, SP5 and SP6) ID:6013 (LogonMethod) attributes:inherit user type:file data type:DWORD value:3

11 12/02/2004Nicolas Paour11 IIS Set up – 6/6 Open User Manager –Remove from “access this computer from network” IUSR account IWAM account –Add in “access this computer from network” “authenticated Users ” –Remove from “Logon Locally” IUSR account IWAM account

12 12/02/2004Nicolas Paour12 Web Set up It is a FrontPage server: –Install FP2K Server extensions –set with FP2K “browse access” It is not a FrontPage server, –set IUSR_ComputerName (RX)(R) on d:\wwwroot\application_name\_shareweb folder Enabled “Basic Authentication” –Netscape access (to validate !) Setup IP, Port, Host for each website –(don’t use “All unassigned”) Create d:\weblog folder –set new virtual web Login in this folder –Administrators (Full)(Full) –System (Full)(Full)

13 12/02/2004Nicolas Paour13 FTP Set up NTFS right for d:\ftproot\public: –administrators (full)(full) –system (full)(full) –Everyone (RWX)(R) Open mmc and select all options

14 12/02/2004Nicolas Paour14 SMTP Set up NTFS right for mailroot folder: –mailroot and all subfolder without pickup: administrators (full)(full) system (full)(full) –mailroot\pickup: administrators (full)(full) system (full)(full) everyone (RWX)(RX) Add IWAM_ServerName account in iis->SMTP properties as operators –If not, a website using CDONTS.NewMail object in isolated process return the following error "permission denied". http://msdn.microsoft.com/library/pe riodic/period99/asp9951.htm

15 12/02/2004Nicolas Paour15 Security within IIS « Hardware » :o) –NTFS « Software » :o( –Fat and NTFS Note: Any user who reaches a NT station by shared or Internet must be identified by Login and Password (Local or Global)

16 12/02/2004Nicolas Paour16 Security within IIS – Anonymous 1/2 D: └─wwwroot └──home.grenoble.hp.com ├──_catalog │ └──catalog.wci ├──_fpweb ├──_report ├──_sharetools │ ├──cgi │ ├──database │ └──upload ├──_shareweb.null └──_ssl2 Adm+SysWeb-admIUSREveryone (F)(F)--- --- --- --- --- (RWXD)(RWD)(RX)(R)- (F)(F)(RX)(R)-- (F)(F)(R)(R)-- (F)(F)(RWXD)(RWD)-(RWX)(RW) (F)(F)(RWXD)(RWD)-(RWX)(RW) (F)(F)(RWXD)(RWD)-(RWX)(RWD) (F)(F)(RWXD)(RWD)(RX)(R)- (F)(F)(RWXD)(RWD)--

17 12/02/2004Nicolas Paour17 Security within IIS – Anonymous 2/2 Access to Data Web Server(IIS) To acceded the data via Internet, WEB server give an anonymous login/password Login : IUSR_Serveur Pass : ****** NT’s authentication successful IUSR_Serveur (RX) (R)

18 12/02/2004Nicolas Paour18 Security within IIS – Secure access 1/2 D: └─wwwroot └──home.grenoble.hp.com ├──_catalog │ └──catalog.wci ├──_fpweb ├──_report ├──_sharetools │ ├──cgi │ ├──database │ └──upload ├──_shareweb.null └──_ssl2 Adm+SysWeb-admWeb-UsrEveryone (F)(F)--- --- --- --- --- (RWXD)(RWD)(RX)(R)- (F)(F)(RX)(R)-- (F)(F)(R)(R)-- (F)(F)(RWXD)(RWD)-(RWX)(RW) (F)(F)(RWXD)(RWD)-(RWX)(RW) (F)(F)(RWXD)(RWD)-(RWX)(RWD) (F)(F)(RWXD)(RWD)(RX)(R)- (F)(F)(RWXD)(RWD)--

19 12/02/2004Nicolas Paour19 Security within IIS – Secure access 2/2 Basic security To secure a web site, remove IUSR account from drive Login : Login_Name Pass : Password Login : IUSR_Serveur Pass : ****** NT’s authentication refused Login_Name (RX) (R) NT’s authentication successful

20 12/02/2004Nicolas Paour20 Security within IIS – SSL 1/2

21 12/02/2004Nicolas Paour21 Security within IIS – SSL 1/2 n SSL Encryption « https: » Https://serveur_name Private Key Public Key Session Key

22 12/02/2004Nicolas Paour22 What are FrontPage extensions FrontPage extensions allow : to use specific components like –Hit Counter –Scheduled Include Page –Categories –Search Form to publish your site quickly SSL FilterFrontPage Filter

23 12/02/2004Nicolas Paour23 Using FrontPage with IIS Frontpage interface is required for : Web site creation Site management (child site, move folder,…) Security setting Site Publishing Site deletion

24 12/02/2004Nicolas Paour24 Using FrontPage with IIS - Site creation - Web site creation YesNo

25 12/02/2004Nicolas Paour25 Using FrontPage with IIS - Site management - Site creation (FrontPage child site) Move folder – Use drag & drop Recalculate Hyperlinks

26 12/02/2004Nicolas Paour26 Using FrontPage with IIS - Security setting - Use FrontPage Security PermissionsDon’t use Directory Permissions

27 12/02/2004Nicolas Paour27 Using FrontPage with IIS - Site Publishing - Use FrontPage publishing toolDon’t use Share Directory

28 12/02/2004Nicolas Paour28 Using FrontPage with IIS - Site deletion - Use FrontPage delete optionDon’t use NT delete Directory

29 12/02/2004Nicolas Paour29 FrontPage extensions allow to use specific components: Insert menu, Component submenu –Hit Counter –Confirmation Field –Include Page –Scheduled Include Page –Categories –Search Form –Additional Components (not used) Using FrontPage with IIS - Components (bis) -

30 12/02/2004Nicolas Paour30 Frequent TroubleShooting http://membres.lycos.fr/paour/easy_doc/index.html

31 12/02/2004Nicolas Paour31 TroubleShootings TroubleTroubleShooting Security accessAcces denied Data area passed to a system call is too small Send mail with CDOAccess Is Denied Use of specific DLLDoesn’t work Secure SiteCan’t test secure access … Missing key 6013 Wrong value Wrong NTFS rigth in Pickup folder See aspupload example Don’t use your NT account (logon with a test account). Add these lines: TYPE PASSWORD USER

32 12/02/2004Nicolas Paour32 Example 1 ASPUload use: 1.Create d:\components\aspupload admin (full)(full) system (full)(full) 2.Copy aspupload.dll in « aspupload » folder 3.Test script : http://sopra100.sopra-hp.net/upload/default.htmhttp://sopra100.sopra-hp.net/upload/default.htm 4.Error : IIS 4IIS 5TroubleShooting Server.CreateObject Failed Library not registered. (Or invalide class ID) Server object, ASP 0177 (0x800401F3) Invalid ProgID. …Microsoft VBScript runtime error '800a01ad' ActiveX component can't create object Server object, ASP 0178 (0x80070005) The call to Server.CreateObject failed while checking permissions. Access is denied to this object. Acces DeniedServer object, ASP 0178 (0x80070005) The call to Server.CreateObject failed while checking permissions. Access is denied to this object. Persits.Upload.1 (0x800A0005) The system cannot find the file specified. regsvr32 D:\component\aspupload\bin \AspUpload.dll D:\component\aspupload\bin\ (RX)(RX) Or AspUpload.dll (RX) Upload folder : Everyone (RWX)(RX) OR

33 12/02/2004Nicolas Paour33 Example 2 Find a dll if « Library not registered » or « ActiveX component can't create object » error. Read object : Server.CreateObject("Persits.Upload") Open regedit Search in HKEY_CLASSES_ROOT\Persits.Upload\CLSID the data. {B4E1B2EC-151B-11D2-926A-006008123235} Search {B4E1B2EC-151B-11D2-926A-006008123235} in HKEY_CLASSES_ROOT\CLSID keys Note the string data of HKEY_CLASSES_ROOT\CLSID\{…}\InprocServer32 Example : C:\wwwroot\SOPRA100\_dll\AspUpload.dll

34 12/02/2004Nicolas Paour34 Example 3 Secure access Add these lines: TYPE PASSWORD USER Anonymous access :..\Secure | IUSR_Computername (RX)(R) TYPE PASSWORD USER Challenge/Response (remove IUSR account):..\Secure | training (RX)(R) Or for IIS5 Digest (NT2000) – Integrated TYPE NTLM or Negotiate PASSWORD USER SOPRA-HP\training Basic (remove IUSR account):..\Secure | training (RX)(R) TYPE Basic PASSWORD trai123ning USER SOPRA-HP\training

35 12/02/2004Nicolas Paour35 Example 4 Secure access Challenge/Response (remove IUSR account):..\Secure | training (RX)(R) Change secure folder as IIS Application Access Denied !!! Remove global.asa Allow Everyone (RX)(R) on global.asa folder OR

Download ppt "12/02/2004Nicolas Paour1 Internet Information Server 4.0 (and 5.0) By Nicolas PAOUR 12 January 2004."

Similar presentations

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.

11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.
Installation and Deployment in Microsoft Dynamics CRM 4.0

Installation and Deployment in Microsoft Dynamics CRM 4.0
DT211/3 Internet Application Development Active Server Pages & IIS Web server.

DT211/3 Internet Application Development Active Server Pages & IIS Web server.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 7 Administering Web Resources in Windows Server 2003.

Hands-On Microsoft Windows Server 2003 Administration Chapter 7 Administering Web Resources in Windows Server 2003.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.

Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
4/8/99 C. Edward Chow Page 1 Internet Services Manager Click Start | Programs | Administrative Tools | Internet Services Manager.

4/8/99 C. Edward Chow Page 1 Internet Services Manager Click Start | Programs | Administrative Tools | Internet Services Manager.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Securing Windows Internet Servers 23.org / Covert Systems Jon Miller Senior Security Engineer Covert Systems, Inc.

Securing Windows Internet Servers 23.org / Covert Systems Jon Miller Senior Security Engineer Covert Systems, Inc.
Reliability and Performance Application protection IIS Reliable Restart Socket pooling Multisite hosting Process throttling Bandwidth throttling.

Reliability and Performance Application protection IIS Reliable Restart Socket pooling Multisite hosting Process throttling Bandwidth throttling.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
1 © 2001, Cisco Systems, Inc. All rights reserved. Voice Connector Features 4.0.5 Voicemail Interoperability – 4.0(5) Voice Connector features Rahul Singh.

1 © 2001, Cisco Systems, Inc. All rights reserved. Voice Connector Features Voic Interoperability – 4.0(5) Voice Connector features Rahul Singh.

Similar presentations

Ads by Google