Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources

1
Managing a Microsoft Windows Server 2003
EnvironmentChapter 13 Administering Web
Resources
2
Objectives

• Install and configure Internet Information
  Services (IIS)
• Create and configure Web-site virtual servers and
  virtual directories
• Configure Web-site authentication
• Configure and maintain FTP virtual servers
• Update and maintain security for an IIS server

3
Objectives (continued)

• Create and modify Web folders
• Install and use the Remote Administration (HTML)
  tools
• Install and configure Web-based printing and
  printer management
• Troubleshoot Web client-browser connectivity

4
Installing and Configuring Internet Information
Services

• Current version is Internet Information Services
  (IIS) 6.0
• IIS provides Web-related services that can be
  implemented to host a corporate intranet or to
  provide an Internet presence

5
Installing and Configuring Internet Information
Services (continued)

• IIS has four main components
• World Wide Web (HTTP) services
• File Transfer Protocol (FTP) services
• Network News Transfer Protocol (NNTP) services
• Simple Mail Transfer Protocol (SMTP) services

6
Installing Internet Information Services

• IIS 6.0 is not installed by default
• Individual IIS components can be manually
  installed through the Add or Remove Programs
  applet in the Control Panel

7
Installing Internet Information Services
(continued)
8
Activity 13-1 Installing Internet Information
Services

• Objective To install IIS components
• Start ? Control Panel ? Add or Remove Programs ?
  Add/Remove Windows Components
• Select and install individual components as
  directed
• Note changes on the server, folders created
  during IIS installation, new accounts in Active
  Directory, operating system services, Web sharing
  feature

9
Activity 13-2 Viewing System Changes after
Installing IIS

• Objective To view the changes made to Windows
  Server 2003 after installing IIS
• Open Active Directory and browse for the new
  accounts that have been added
• 2 new user accounts and 1 new group account

10
Activity 13-2 (continued)

• Browse various folders that contain files needed
  for IIS services and open the Services utility
• FTP Publishing Service
• IIS Admin Service
• Network News Transfer Protocol (NNTP)
• Simple Mail Transfer Protocol (SMTP)
• World Wide Web Publishing Service
• Browse properties of a service
• Stop a service and configure its startup options

11
Architectural Changes in IIS 6.0

• IIS 6.0 is similar to IIS 5.0 with Windows 2000
• Changes relate to how processes are managed and
  maintained and updated metabase files
• Metabase now stored in 2 standard XML files
• MetaBase.xml and MBSchema.xml
• Human-readable
• Better read performance
• Industry-standard data representation
• Found in systemroot\system32\inetsrv

12
Architectural Changes in IIS 6.0 (continued)
13
Configuring Web Server Properties

• Primary tool used for configuration of Web Server
  properties is IIS MMC snap-in
• Available on Administrative Tools menu
• Default sites and services include
• FTP Sites
• Application Pools
• Web Sites
• Web Service Extensions
• Default SMTP Virtual Server
• Default NNTP Virtual Server

14
Activity 13-3 Exploring the Internet Information
Services MMC Snap-in

• Objective To explore the basic MMC snap-in
  console and navigation
• Start ? Administrative Tools ? Internet
  Information Services (IIS) Manager
• Explore the FTP Sites, Application Pools, Web
  Sites, Web Service Extensions, Default SMTP
  Virtual Server, and Default NNTP Virtual Server
  nodes

15
Activity 13-3 (continued)

• Using the IIS tool, master properties can be
  configured for Web and FTP sites from site-folder
  level
• If an individual site is pre-configured when
  master properties are set, you are prompted
  whether or not to change the site settings

16
Activity 13-4 Viewing and Configuring the Master
Properties of the WWW Service

• Objective To explore the use of master
  properties through the configuration of the WWW
  service
• From the open IIS Manager window, open the Web
  Sites folder properties
• Configure the folder properties as directed
• Test setting inheritance by viewing the Default
  Web Site properties

17
Creating and Configuring Web-Site Virtual Servers

• A virtual server is a unique Web site that
  behaves as if it were on a dedicated server
• IIS can support many virtual servers on a single
  server
• Configuration conflicts are avoided by
  identifying the IP address, TCP port, and host
  header name of each Web site and ensuring that
  the site is uniquely identified through these
  features

18
Activity 13-5 Creating a New Web Site Using the
Web Site Creation Wizard

• Objective To become familiar with the Web Site
  Creation Wizard
• Change the port number of the Default Web Site as
  directed and verify the change
• Create a new Web site using the Web Site Creation
  Wizard
• Create a default HTML index page for the new site

19
Activity 13-6 Creating a New Web Site Using the
IISWEB.VBS Script

• Objective To explore using the IISWEB.VBS script
  as an alternative to the IIS tool for Web site
  creation
• Start ? Run ? type cmd ? OK
• Make a new Web site home directory as directed
• Run the IISWEB.VBS script as directed
• Verify that the Web site has been created and
  configured correctly

20
Modifying Web-Site Properties

• Individual Web site parameters can be modified
  and fine-tuned through the sites properties
• Modifying an individual sites properties does
  not affect any other sites
• Modifying an individual sites properties
  overrides any configurations set in the master
  properties at the server level

21
Modifying Web-Site Properties (continued)
22
Activity 13-7 Configuring Web-Site Properties

• Objective To explore and configure the available
  properties for an individual Web site
• Open IIS and the Properties of the site to be
  configured
• Configure settings as directed
• Create an html file and configure it as a footer
• Customize an error message
• Verify the configured settings

23
Creating Virtual Directories

• A virtual directory points to a shared folder on
  the server
• An alias name can be created
• Hides the real directory name
• Can simplify the path to the folder
• Clients can access a virtual directory by
  appending the alias name to the Web-site host name

24
Activity 13-8 Creating and Configuring a Virtual
Directory

• Objective To familiarize students with the
  process of creating and configuring a virtual
  directory
• Create and configure a new shared folder
• Create a new index file for the Web site
• Open and use the Virtual Directory Creation
  Wizard to create a virtual directory with an
  alias
• Explore Properties and verify proper
  configuration of the site

25
Configuring Authentication for Web Sites

• Authentication is the determination of whether or
  not a user account has the proper permissions to
  access a resource such as a Web site
• IIS provides five levels of authentication
• Anonymous access
• Basic authentication
• Digest authentication
• Integrated Windows authentication
• .NET Passport authentication

26
Anonymous Access and Basic Authentication

• Anonymous access
• Users do not need to provide a user name and
  password
• Uses the IUSR_servername user account to provide
  authentication credentials
• Basic authentication
• User is prompted to supply a user name and
  password
• User needs a valid Windows Server 2003 user
  account
• One drawback is that information is transmitted
  using unencrypted Base64 encoding (easy to hack)

27
Digest Authentication and Integrated Windows
Authentication

• Digest authentication
• Similar to basic authentication but hashes user
  name and password using MD5 algorithm
• Has specific software and Active Directory
  requirements
• Integrated Windows authentication
• Does not prompt for password
• Uses clients logged on credentials
• Used primarily for internal intranets, has
  specific permissions requirements

28
.NET Passport Authentication and Multiple
Authentications

• .NET Passport authentication
• New method currently in testing to use the .NET
  Passport service
• Will require preproduction tests and a
  registration process
• If multiple authentication methods are
  configured, specific rules apply concerning
  precedence and applicability

29
Activity 13-9 Configuring and Testing Web-Site
Authentication Options

• Objective To configure and compare two of the
  Web-site authentication options
• Discover the current configuration using the IIS
  Manager tool
• Explore the effect of the current configuration
  on Web-site access
• Change the configuration and explore the effect
  of the change

30
Configuring Server Certificates and Secure
Sockets Layer

• The Secure Sockets Layer (SSL) protocol encrypts
  Web traffic between a client and a Web server
• Configured from the Directory Security tab of the
  properties of a Web site
• Users access a secure server using https//
  prefix
• SSL requires a server certificate from a
  certificate authority or from installed
  certificate services

31
Configuring FTP Virtual Servers

• The File Transfer Protocol (FTP) is used for file
  transfers between computers running TCP/IP
• FTP service is included with IIS 6.0
• FTP uses two ports (TCP ports 20 and 21)
• Port 21 carries connection initiation and
  diagnosis information
• Port 20 carries data
• FTP uses Transmission Control Protocol (TCP)
• Connection-based protocol, session precedes data
  transfer

32
File Transfer Protocol

• Features of TCP include
• Sending computer waits for an acknowledgement and
  retransmits data if it is not received
• Packets are assigned a sequence number
• Packets contain a checksum for ensuring integrity
• FTP requires a server running FTP server software
  and clients must run FTP client software
• There are many free and shareware utilities that
  can be downloaded for running FTP

33
Configuring FTP Properties

• Multiple FTP sites can be configured on a single
  IIS 6.0 server
• Each site operates independently and runs
  transparently
• Each site has property sheets that can be
  customized independently

34
Configuring FTP Properties (continued)
35
Activity 13-10 Configuring and Testing the
Default FTP Site

• Objective To become familiar with the process of
  configuring and testing an existing Web site
• Open the IIS Manager tool and the Properties of
  the Default FTP Site
• Browse and configure various settings of the site
• Log on as an anonymous user to test the site
  configuration

36
Activity 13-11 Creating and Testing a New FTP
Site and Configuring a Virtual Directory

• Objective To create an FTP site that includes a
  virtual directory located on a different server
• Create new folders for FTP site and configure
  permissions and IP address as directed
• Use the FTP Site Creation Wizard to create a site
• Use the Virtual Directory Creation Wizard to
  create a new virtual directory
• Test the site by logging on and transferring a
  file

37
Updating and Maintaining Security for an IIS
Server

• Sensitivity to security issues is always
  important for information published on the
  Internet
• Issues of importance in security and maintenance
  for an IIS server
• Alternatives to securing access to information
• Performing backups
• Stopping and starting IIS related services
• Applying updates

38
Resource Permissions

• Two types of permissions to secure Web resources
• NTFS permissions
• IIS permissions
• The effective permission is always the most
  restrictive of configured permissions
• NTFS permissions
• Normal NTFS file permissions can be applied to
  Web pages and virtual directories
• Can be assigned to users and groups individually

39
Resource Permissions (continued)

• IIS permissions
• Always global
• Can be configured for Web sites and FTP virtual
  servers, virtual directories, physical
  directories, files
• Can set Read and/or Write permissions
• Can set Execute permission if site contains
  scripts or executables

40
Activity 13-12 Configuring IIS and NTFS
Permissions

• Objective To explore the use of both IIS and
  NTFS permissions for protecting Web content
• Open the IIS Manager tool and access the
  Properties of a Web site to configure IIS
  permissions
• Test the IIS permissions as directed
• Open the Properties of the Web content folder to
  configure NTFS permissions
• Test the NTFS permissions as directed

41
IP Address and Domain Name Security

• Can secure Web content by controlling access
  based on the IP address of the client
• Access can be explicitly granted or denied
• Access can be controlled for a specific IP
  address or a range of IP addresses

42
Activity 13-13 Testing IP Address Restrictions

• Objective To explore securing Web content using
  restrictions on IP addresses
• Open the IIS Manager tool and the Properties of
  the Web site
• From the Directory Security tab, edit the IP
  Address and Domain Name Restrictions to deny
  access to a specific IP address
• Test the restrictions as directed

43
Starting and Stopping Services and Backing UP the
IIS Configuration

• IIS 6.0 allows you to start and stop services
  through the IIS console
• IIS 6.0 stores configuration settings in the IIS
  metabase that can be backed up
• Using the Backup utility in the IIS console
• By copying contents of the backup directory to a
  folder
• By exporting contents using the metabase editor
• By using the IISBACK.VBS script
• By backing up System State data using Backup
  utility

44
Activity 13-14 Backing Up the IIS Configuration

• Objective To explore the use of the backup and
  restore facilities of IIS
• Open the IIS Manager tool and Backup/Restore
  Configuration facility for the server
• Create a backup as directed
• Verify the backup
• Restore the metabase from the backup as directed

45
Updating IIS 6.0

• Common updates to IIS are service packs and hot
  fixes
• Before updating, perform a full backup of server
• Updates are often released to fix security issues
• Microsoft Baseline Security Analyzer helps
  determine which IIS hot fixes are installed

46
Creating and Modifying Web Folders

• A Web folder is a shared folder designed to be
  accessed using HTTP or FTP
• Use the Web Sharing tab of the folder Properties
  to configure the folder
• Web folders can use an alias name
• The Edit Alias dialog box allows you to set the
  name, access permissions, and application
  permissions
• Network clients can open a Web-based file using
• Internet Explorer, My Network Places, Microsoft
  Office XP

47
Activity 13-15 Configuring Web Folders and
Exploring Access Methods

• Objective To become familiar with configuring
  and accessing a Web shared folder
• Create a new folder and file
• Configure the folder using the Web Sharing tab of
  the folders Properties
• Open the IIS Manager tool and verify that the
  virtual directory appears
• Open Internet Explorer to examine the folder and
  file

48
Installing and Using Remote Administration (HTML)
Tools

• Remote Administration (HTML) tools support the
  ability to manage IIS servers remotely via a Web
  browser interface
• On Windows Server 2003, these tools are not
  installed by default
• Tools must added manually via the Add/Remove
  Windows Components feature of Control Panel

49
Activity 13-16 Install and Explore the Remote
Administration (HTML) Tools

• Objective To explore the installation process
  and to examine various settings from Internet
  Explorer
• Start ? Control Panel ? Add or Remove Programs ?
  Add/Remove Windows Components
• Install the tools as directed
• Open Internet Explorer, configure the site, and
  connect to the Remote Administration Web site
• Browse the site as directed

50
Installing and Configuring Internet Printing

• Internet Printing Protocol (IPP)
• Allows printers to be managed via a Web browser
• Allows clients to send print jobs using HTTP
• Requires the installation of IIS and the Internet
  Printing component
• Internet Printing requires that the Internet
  Printing Web Service Extension and the Active
  Server Pages Extension be explicitly enabled

51
Activity 13-17 Configuring and Managing Internet
Printing

• Objective to explore Internet Printing settings,
  manage printers from IE, and install a printer to
  use Internet Printing
• Use the IIS Manager tool to configure Internet
  Printing on the server
• Use Internet Explorer to view printers and their
  properties
• Install a printer to use Internet Printing and
  verify that the printer port is configured
  correctly

52
Troubleshooting Web Client Connectivity Problems

• Client access problems are not uncommon
• If a user is unable to access an IIS Server
• Check TCP/IP configuration settings, proxy
  settings, connections, set up error messages, use
  a protocol analyzer
• If a user is unable to access a Web or FTP site
• Check permissions, authentication methods, IP
  address and domain name restrictions, connection
  limits, port numbers, user accounts, invalid
  cached DNS information

53
Summary

• Internet Information Services (IIS) 6.0 is an
  application in Windows Server 2003 used to
  develop and host Web- and FTP-based services
• Four main components to IIS World Wide Web
  (HTTP), File Transfer Protocol (FTP), Network
  News Transfer Protocol (NNTP), and Simple Main
  Transfer Protocol (SMTP) services
• IIS components must be manually installed

54
Summary (continued)

• IIS configuration information is stored in two
  XML files known as the metabase
• The IIS MMC snap-in (the IIS Manager tool) is the
  primary tool for IIS configuration
• Virtual servers are unique Web or FTP sites that
  behave as though they are on dedicated servers
• IIS provides five levels of authentication to
  validate users trying to access a Web site
• Web communications can be encrypted using the
  Secure Sockets Layer (SSL) protocol

55
Summary (continued)

• To maintain an IIS server, an administrator
  should use security features, perform backups,
  start and stop IIS services, and apply updates
• Remote Administration (HTML) tools are used to
  manage IIS 6.0 servers remotely
• The Internet Printing Protocol (IPP) allows
  printers to be managed via Web browser and allows
  clients to sent print jobs using HTTP
• Configurations can cause user access problems to
  either an IIS Server or a Web or FTP site, note
  the things to check first