Beruflich Dokumente
Kultur Dokumente
Table of Contents
Scenario Windows® Server™ 2003 Active Directory® has improvements in such areas as
performance, management and security. Over the course of the next hour, we
will step through some of the improvements available through Internet
Information Services 6.0, which provides significantly improved security. To
reduce the attack surface of systems, IIS 6.0 is not installed by default on
Windows Server 2003 – administrators must explicitly select and install it. IIS
6.0 ships in a locked-down state, serving only static content. Using the Web
service extension node, Web site administrators can enable or disable IIS
functionality based on the individual needs of the organization.
The IIS 6.0 fault-tolerant process architecture isolates Web sites and
applications into self-contained units called application pools. IIS 6.0 worker
process isolation mode also enables multiple worker processes to be configured
to service requests for a given application pool, a configuration known as a
Web garden.
IIS 6.0 features many new management tools designed to reduce the amount of
time it takes to manage your Web server infrastructure. These features include a
plain text XML configuration file that can be modified without having to stop
the server.
Estimated time to
complete this lab: 50
minutes
4 Internet Information Services 6.0
Paris
Madrid
Exercise 1
Installation and Lockdown of IIS 6.0
Scenario
In this exercise, you will install IIS 6.0 and examine the default configuration. The Remote Desktop
Web Connection is used as a sample Web site. Additionally, we will create a simple Active Server
Page (ASP) file.
Complete this Exercise using:
Paris
Madrid
Complete the following 4 tasks a. Click the Paris link in the My Machines browser.
on: b. Click in the virtual machine window.
c. Press Right-ALT + DEL.
Paris
d. Log on as CONTOSO/Administrator with a password of password.
1. First, we will use Manage
e. Click Start | Manage Your Server.
Your Server to examine the
current server roles. Note: The Manage Your Server window shows that Paris currently has two
roles: Domain Controller (Active Directory) and DNS Server.
f. In the Manage Your Server window, click Add or remove a role.
Info: The Configure Your Server wizard starts. This wizard is also
available from the Administrative Tools menu.
g. On the Preliminary Steps screen, click Next.
h. On the Server Role screen, in the Server Role list box, select
Application server (IIS, ASP.NET).
Info: When IIS is installed on Windows Server 2003, the server is said to
have the Application server role. By default, IIS is NOT installed on
Windows Server 2003.
i. On the Server Role screen, click Cancel to close the Configure Your
Internet Information Services 6.0 5
Server wizard.
Info: In order to see and install custom configurations of components for
IIS 6.0, you must use Add or Remove Programs from the Control Panel.
j. Close Manage Your Server.
2. Now we will perform a a. Click Start | Control Panel and click Add or Remove Programs.
manual install of IIS 6.0 so b. In Add or Remove Programs, click Add/Remove Windows
that we can take a closer Components.
look at its components. We c. On the Windows Components screen, select Application Server (do
will also install another Web NOT select the check box) and click Details.
site to use as an example
d. In the Application Server dialog box, select the Internet Information
during these exercises.
Services (IIS) subcomponent (do NOT select the check box) and click
Details.
e. In the Internet Information Services (IIS) dialog box, select World
Wide Web Service (do NOT select the check box) and click Details.
f. In the World Wide Web Service dialog box, click to select the World
Wide Web Service and the Remote Desktop Web Connection check
boxes and click OK.
Note: The Remote Desktop Web Connection is used as a sample Website in
this exercise.
g. In the Internet Information Services (IIS) dialog box, ensure that the
following subcomponents are enabled:
• Common Files
• Internet Information Services Manager
• World Wide Web Service (partly enabled)
h. Click OK.
i. In the Application Server dialog box, ensure that the following
subcomponents are enabled:
• Enable network COM+ access
• Internet Information Services (IIS) (partly enabled)
j. Click OK.
k. On the Windows Components screen, click Next.
Note: Please wait a few minutes while Setup installs and configures the
selected components.
l. On the Completing the Windows Components Wizard screen, click
Finish.
m. Close Add or Remove Programs.
3. We must use the new IIS a. Click Start | Administrative Tools and click Internet Information
Manager to examine or Services (IIS) Manager.
modify the default IIS 6.0 b. In Internet Information Services (IIS) Manager, ensure that Paris
configuration. (local computer) is expanded and, in the left pane, select Web Service
Extensions.
Info: By default, IIS is not installed on Windows Server 2003. And after it
is installed, only static Web content will be available. All other
functionality, such as Active Server Pages and WebDAV, has to be enabled
explicitly before it can be used.
c. In the left pane, right-click Web Sites and click Properties.
d. In the Web Sites Properties dialog box, click Service.
Note: IIS 6.0 has two distinct modes of operation, called isolation modes.
The default for new installations of IIS 6.0 is worker process isolation
mode. For compatibility reasons, upgrades from earlier version of IIS
default to IIS 5.0 isolation mode. Worker process isolation mode (and
6 Internet Information Services 6.0
Exercise 2
Application Pools, Worker Processes and Web Gardens
Scenario
In this exercise, you will examine the use of Application Pools, Worker Processes and Web
Gardens in IIS 6.0.
Application pools are used to isolate Web applications. One or more worker processes handle
requests for those applications. The number of worker processes, their identity and other worker
process parameters related to health monitoring, are configured per application pool.
Complete this Exercise using:
Paris
Madrid
Complete the following 3 tasks a. Click the Paris link in the My Machines browser.
on: b. In Information Services (IIS) Manager, right-click Web Sites in the
left pane and click Properties.
Paris c. In the Web Sites Properties dialog box, click Service.
1. To begin, we will look at d. In the Web Sites Properties dialog box, click Help.
two diagrams explaining the e. In the Internet Information Services (IIS) 6.0 help window, scroll to
differences between worker the Related Topics section at the end of the text and click Isolation
process isolation mode and Modes.
IIS 5.0 isolation mode in
The Internet Information Services 6.0 Administrator Guide opens on the IIS
IIS 6.0.
Isolation Modes page.
f. Close the small Internet Information Services (IIS) 6.0 help window
that stayed on top.
g. In the Internet Information Services 6.0 Administrator Guide, click
in the right pane, and scroll down the IIS 5.0 Isolation Modes text to
see the two diagrams that show the fundamentally different architecture
between worker process isolation mode and IIS 5.0 isolation mode.
Info: In both modes, for performance reasons, the HTTP listener (http.sys)
runs in kernel mode. It stores responses in a kernel-mode cache. In worker
process isolation mode, IIS 6.0 runs multiple Web applications in isolated
environments, called application pools. Worker processes (w3wp.exe)
assigned to the application pool handle the Web requests for each
application. In a separate process (svchost.exe), the WWW Service only
manages and monitors all the worker processes. In IIS 5.0 isolation mode,
the HTTP listener sends Web requests to the WWW Service, which are then
handled in-process (inetinfo.exe) or out-of-process (dllhost.exe).
h. Close the Internet Information Services 6.0 Administrator Guide.
Info: You can open the IIS 6.0 Administrator Guide on any Windows
10 Internet Information Services 6.0
DefaultAppPool Properties.
application pool to shut b. In the DefaultAppPool Properties dialog box, click Performance.
down the current worker
Info: The Idle timeout setting shows that worker processes are shut down
process in this application
after being idle for 20 minutes. That is the default setting for
pool.
DefaultAppPool and other application pools.
c. Click Cancel to close the DefaultAppPool Properties dialog box.
Note: Instead of waiting 20 minutes, we stop and start the DefaultAppPool
to shut down the current worker process in this application pool.
d. Right-click DefaultAppPool and click Stop.
Info: Do NOT click Recycle. That command restarts worker processes. It is
not the combination of Stop and Start for the application pool.
e. Right-click DefaultAppPool and click Start.
8. Again, we will view the a. Switch to the Command Prompt window, type cscript.exe
current worker processes %windir%\system32\iisapp.vbs and press Enter.
used by IIS 6.0. Note: The output of iisapp.vbs shows that only the worker processes in
Sample Pool is started. (If worker processes do not return refresh the
pages on Madrid and run command prompt again.)
Complete the following task a. Click the Madrid link in the My Machines browser.
on: b. In the Internet Explorer window that displays the contents of
http://paris/sampleweb/pool.asp click Refresh.
Madrid c. In the Internet Explorer window that displays the contents of
9. We need to refresh our http://paris/tsweb, click Refresh.
browser instances to Note: Internet Explorer connects to IIS on Paris to refresh the contents of
reconnect to IIS on Paris both Web pages.
and start the appropriate
worker processes.
Complete the following task a. Click the Paris link in the My Machines browser.
on: b. In the Command Prompt window, type cscript.exe
%windir%\system32\iisapp.vbs and press Enter.
Paris Note: The output of iisapp.vbs shows that a single worker processes in
10. Let’s list the current worker Sample Pool responded to the requests for sampleweb and for tsweb.
processes.
11. Now we will set up another a. In Internet Information Services (IIS) Manager, right-click Sample
new feature of IIS 6.0. We Pool and click Properties.
use IIS Manager to b. In the Sample Pool Properties dialog box, click Performance and set
configure the Sample Pool the Maximum number of worker processes to 2 in the Web garden
application pool to be a Web section.
garden with two worker Info: By default a single worker process handles the request in an
processes. application pool. You can configure an application pool to have more than
one worker process. An application pool that uses more than one worker
process is called a Web garden. This is an analogy to a Web farm that uses
more than one server for a Web site.
c. Click OK to close the Sample Pool Properties dialog box.
Complete the following task a. Click the Madrid link in the My Machines browser.
on: b. In the Internet Explorer window that displays the contents of
http://paris/sampleweb/pool.asp, click Refresh.
Madrid c. In the Internet Explorer window that displays the contents of
12. We need to refresh our http://paris/tsweb, click Refresh.
browser instances to
reconnect to IIS on Paris
12 Internet Information Services 6.0
network access.
c. Click OK to close the TS Pool Properties dialog box.
Complete the following task a. Click the Madrid link in the My Machines browser.
on: b. In the Internet Explorer window that displays the contents of
http://paris/sampleweb/pool.asp, click Refresh.
Madrid c. In the Internet Explorer window that displays the contents of
19. We need to refresh our http://paris/tsweb, click Refresh.
browser instances to
reconnect to IIS on Paris
and start the appropriate
worker processes.
Complete the following 3 tasks a. Click the Paris link in the My Machines browser.
on: b. In the Command Prompt window, type cscript.exe
%windir%\system32\iisapp.vbs and press Enter.
Paris c. Remember the process ID (PID) for the AppPoolId for TS Pool for
20. Now we can use the use in the next task.
iisapp.vbs command to d. Close the Command Prompt window.
determine the process ID
(PID) of the worker process
in the TS Pool.
21. We use Task Manager to a. Right-click the current time in the System Tray and click Task
verify the process identity of Manager.
the worker process in the TS b. In the Windows Task Manager dialog box, click View and click
Pool application pool. Select Columns.
c. In the Select Columns dialog box, click to select the PID (Process
Identifier) check box and click OK.
d. On the Processes tab, select the worker process (w3wp.exe) with the
PID corresponding to the AppPoolId for the TS Pool that the
iisapp.vbs command displayed in the previous task.
Note: Task Manager shows that the worker process in the TS Pool
application pool run under the LOCAL SERVICE account. The other
worker processes (w3wp.exe) in the process list runs under the Network
Service account.
e. Close Task Manager.
22. To see what permissions are a. In Internet Information Services (IIS) Manager, right-click TS
set on a Web site, use IIS Pool and click Properties.
Manager to examine the b. In the TS Pool Properties dialog box, click the Identity tab.
default permissions of the
IIS_WPG group. Info: Instead of using one of the three predefined accounts, you can
configure the application pool identity to use a custom (configurable) user
account. When you configure a custom user account, also add the account
to the IIS_WPG group. The IIS_WPG group provides the minimum set of
rights and permissions required to run as worker process and to run Web
applications. An example of a custom user account that can be used as
application pool identity is the IWAM_PARIS user account.
c. Click Cancel to close the TS Pool Properties dialog box.
d. In the left pane, right-click Default Web Site and click Permissions.
Note: A dialog box appears, containing the Security tab for the NTFS
permissions of the c:\inetpub\wwwroot folder.
e. In the c:\inetpub\wwwroot dialog box, select the IIS_WPG group.
Note: By default the IIS_WPG group has Read & Execute, List Folder
14 Internet Information Services 6.0
Exercise 3
XML MetaBase
Scenario
In this exercise, you will back up the IIS 6.0 metabase files and edit the contents of the
XML-formatted metabase file, while IIS is running.
Complete this Exercise using:
Paris
1. First we will use IIS a. In Internet Information Services (IIS) Manager console, right-click
Manager to save the current Paris (local computer), point to All Tasks and click Save
metabase changes to disk. Configuration to Disk.
b. Click OK to confirm that the configuration changes have been saved.
Info: When IIS starts up, it reads all the configuration information for all
its Web sites and application pools from a file on the hard disk. This is
called the metabase. While running, IIS keeps this configuration
information in memory, and periodically saves configuration changes to
the metabase file. You can save the current configuration changes to the
metabase immediately by running the Save Configuration to Disk
command.
2. By browsing to the proper a. Click Start | Windows Explorer.
directory, we can identify b. Browse to C:\WINDOWS\system32\inetsrv.
the metabase files and the
Info: The two files MBSchema.xml and MetaBase.xml in the inetsrv folder
backup and history versions
form the metabase. MBSchema.xml contains the metabase schema
of the metabase files.
information. MetaBase.xml contains the actual IIS configuration
information. IIS 4.0 and IIS 5.0 used a binary file named Metabase.bin to
store the schema and configuration information. IIS 6.0 uses two plain text
XML-formatted files.
c. Browse to C:\WINDOWS\system32\inetsrv\History.
d. Expand the Name column.
Info: By default, IIS saves copies of the last 10 versions of the
MBSchema.xml and MetaBase.xml files. The file names include increasing
version numbers of the form Name_major#_minor#.xml. The major version
number increases when IIS saves a new copy of the metabase. The minor
version number increases when the administrator manually edits the
metabase.xml file.
e. Browse to C:\WINDOWS\system32\inetsrv\MetaBack.
Info: This is the default location to store backups of the metabase.
3. Now we will use the IIS a. In Internet Information Services (IIS) Manager, right-click Paris
Manager to backup the (local computer) point to All Tasks and click Backup/Restore
current metabase. Configuration.
Info: The Configuration Backup/Restore dialog box lists the current
16 Internet Information Services 6.0