IIS - Information Technology Gate
Download
Report
Transcript IIS - Information Technology Gate
Course ILT
Internet/intranet support
Unit objectives
Use the Internet Information Services
snap-in to manage IIS, Web sites,
virtual directories, and WebDAV
publishing directories.
View and manage printers through a
Web browser and set resource access
permissions for a Web site.
Course ILT
Internet/intranet support
Topic A: Internet Information Server
overview
Topic B: Managing Web access
Centralized administration
Course ILT
Internet Information Services snap-in
Centralized administration
Course ILT
Internet Services Manager (HTML)
Centralized administration
Course ILT
Delegated administration
– Delegate IIS 5.0 administration
permissions to other users by adding
them to the Operators list on a Web site’s
Operators properties tab
Centralized administration
Course ILT
Multisite hosting
– IIS 5.0 has the ability to host multiple
Web sites from a single physical server.
You can distinguish between the servers
in any of the following ways:
Assign each Web site a different TCP/IP
port number.
Assign each Web site a different IP address.
Assign each Web site a different host
header name.
Process and bandwidth throttling
Dfs (distributed file system) support
Course ILT
IIS installation
IIS is included in the default installation of Windows
2000 Server.
Add/Remove Windows Components
Available IIS components
–
–
–
–
–
–
–
–
–
–
Common Files
Documentation
File Transfer Protocol (FTP) Server
FrontPage 2000 Server Extensions
Internet Information Services Snap-in
Internet Service Manager (HTML)
NNTP Service
SMTP Service
Visual InterDev RAD Remote Deployment Support
World Wide Web Server
Course ILT
IIS installation
During installation, a folder named Inetpub will be
created on your system drive.
Inetpub subfolders will be created for things such
as Web content, scripts, and samples.
In addition, the following two users will be created:
– IUSR_servername
This is the built-in account for managing anonymous
access to IIS.
– IWAM_servername
This is the built-in account that is used by IIS for starting
out-of-process applications.
The IIS server’s name will appear as servername.
The IUSR and IWAM users will be created as local users
when installing IIS on a member server, and as Active
Directory users when installing IIS on a domain controller.
IIS configuration
Course ILT
Internet Information Services snap-in
– Local IIS server (if any) will be displayed
automatically
IIS configuration
Course ILT
Web site properties
Course ILT
IIS configuration
Tab
Description
Web Site
This is where you set the Web site identification, limit
connections, and set your logging option.
Operators
Allows you to add operators as delegated administrators for
the Web site.
Performance
You can tune Web site performance based on expected hits
per day. You can also set process throttling and bandwidth
throttling options for the Web site.
ISAPI Filters
This is where you add, remove, edit, or disable ISAPI filters
for the Web site.
Home Directory
This sets the home directory and options, including basic
security options for the home directory.
Documents
This is where you identify and enable the default document.
Directory Security
This is where you set access and authentication, filter access
by IP address or domain name, and enter certification
information for security communications.
HTTP Headers
This is where you set content expiration, content rating, and
MIME mapping.
Custom Errors
This is where you edit custom HTTP errors for use by this
Web site.
Course ILT
Activity
A-1: Configuring IIS
Course ILT
Internet/intranet support
Topic A: Internet Information Server
overview
Topic B: Managing Web access
Server access security
Course ILT
IIS security overview
1. Request
4. Response
2. Authentication
3. Check NTFS
Permissions
Course ILT
Server access security
Authentication options for Web
resources
Server access security
Course ILT
Authentication methods
Server access security
Course ILT
Setting server access restrictions
You are given the option of setting the default action to either
grant or deny computers access. You can then add
exceptions to the default for any of the following:
A single computer, by IP address
A group of computers, by IP address and subnet mask
A domain, by domain name
Course ILT
Activity
B-1: Setting Web server access
permissions
File and folder resources
Course ILT
Home directory
File and folder resources
Course ILT
You are given the following three options for setting
the source of the home directory:
– A directory located on this computer
– A share located on another computer
– A redirection to a URL
If you choose one of the first two options, to set the
source as a local directory or network share, you
can also set the following options:
–
–
–
–
–
–
Script source access
Read
Write
Directory browsing
Log visits
Index this resource
Course ILT
File and folder resources
If you choose the third option for the
source of the home directory, setting
the source as a URL, you can set the
following options to indicate where the
client will be sent:
– The exact URL entered above
– A directory below this one
– A permanent redirection for this resource
Course ILT
Virtual directories
Virtual Directory Wizard, which is
launched through the Internet
Information Services snap-in.
Course ILT
Virtual directories
The directory will be listed under the Web site for
which it was created. If IIS cannot connect to the
directory, a stop sign (red octagon) with the word
“Error” will be displayed.
Course ILT
Network shares
With IIS installed,
each folder includes a
Web Sharing tab. You
can right-click a folder
in Windows Explorer,
choose Properties,
and select the Web
Sharing tab.
The Edit Alias screen
prompts you for the
virtual directory alias,
access permissions,
and application
permissions.
Course ILT
WebDAV
Web-based distributed authoring and
versioning
A protocol, which is an extension to the
HTTP 1.1 standard. WebDAV supports
remote file search, access, and
management through a browser.
WebDAV setup
– First step in setting up WebDAV publishing is to
create a publishing directory.
– Typically, you will want to create this as a
subfolder of the \Inetpub folder:
C:\Inetpub\WebDAV
Course ILT
WebDAV clients
Any client using a browser that supports the
industry-standard WebDAV protocol can
access your WebDAV directory.
Windows clients can connect to a WebDAV
publishing directory through Internet
Explorer 5.0. For example, you would use
an address similar to the following to
connect over the Internet:
– http://webserv.outlanderspices.com/webdav
To connect over a corporate intranet, you could use
an address similar to the following:
– http://outlanderspicespc/webdav
Course ILT
WebDAV clients
Create a connection to a WebDAV
publishing directory with the Add
Network Places Wizard
Course ILT
Virtual directory properties
Right-click the virtual directory and
choose Properties
Course ILT
Virtual directory navigation
You can navigate virtual and WebDAV
publishing directories through Internet
Explorer 5.0
Virtual directory navigation
Course ILT
WebDAV through Windows Explorer
Course ILT
Resource access security
The virtual directory properties tab lets you
set resource access permissions and
application permissions.
The Directory Security properties tab lets
you manage access and authentication, IP
address and domain name restrictions, and
certificate information.
In addition, security for folders residing on
an NTFS partition will be affected by NTFS
security settings. That is the case because
users connecting through a Web server are
authenticated as local users.
Course ILT
Permissions Wizard
Course ILT
Permissions Wizard
Setting
Public
Secure
Authentication Methods
Anonymous Users
Anonymous access denied
Basic authentication
Digest authentication
Windows 2000 authentication
Read
Read
Execute Scripts
only
Execute Scripts only
IP Address Restrictions
None
None
Administrators ACLs
Full Control
Full Control
Everyone ACLs
Read & Execute
Read & Execute
Access Permissions
Course ILT
Permissions Wizard
Course ILT
Troubleshooting overview
Most of the problems you encounter
with accessing resources through the
Internet are going to fall into one of
three general categories:
– Inability to connect to a Web server
– Inability to connect to a resource
– Wrong permission assignment
Troubleshooting overview
Course ILT
Web server access
– Web server communications
– Authorization
– Restricted access
Resource access
– Verify that the user can connect to the
resource.
– Verify connections with remote servers.
– Try directly connecting to the share
through the command line or Windows
Explorer.
Troubleshooting overview
Course ILT
Access permissions
– This is the same type of potential
problem as occurs with shared network
resources.
– Verify that access permissions have
been set appropriately for the user.
WebDAV troubleshooting
– Verify you can connect to the server.
– Verify you can connect to the resource
and have the appropriate permissions.
Internet printers
Course ILT
Connecting with the Add Printer Wizard
– Choose Start, Settings, Printers. Double-click Add Printer.
– Click Next to continue past the Welcome screen.
– On the Local or Network Printer screen, select Network
printer and click Next.
– On the Locate Your Printer screen, select the option to
connect to a printer on the Internet, and type the URL. A
printer’s URL uses the following convention:
http://domainname/printers/printername/.printer
– Be sure to include the period in front of the word “printer”.
An IP address can be substituted for the domain name.
– Click Next after you have correctly typed the URL.
– At this point, you will be prompted for your name and
password.
– After you click OK, the printer will be located either on the
local area network or across the Internet .
Internet printers
Course ILT
Connecting through Internet Explorer
– You can also connect to an Internet
printer using Internet Explorer 5.0. To
display a list of available printers, type
the following URL in the address bar:
http://domainname/printers
Course ILT
Viewing printer properties
Course ILT
Connecting to a printer
Course ILT
Activity
B-2: Working with Web-based resource
access
Course ILT
Internet/intranet support
Unit summary
This unit covered:
– How to use the Internet Information
Services snap-in to centralize the
management of IIS, Web sites, virtual
directories, and WebDAV publishing
directories
– How to view and manage printers
through a Web browser and set resource
access permissions for a Web site