Welcome to the second installment of Internet Information Services 6.0 on Windows Server 2003. This series of articles is designed as both a refresher for the IT professional familiar with designing and administrating IIS 4 and IIS 5, and for newcomers looking to get their feet wet.
|SWatch Reader Favorite! Learn how to install IIS 6.0 using the ‘Manage Your Server’ wizard as well as how to set the Application Server role on the system.|
Unsure About an Acronym or Term?
This installment continues our introduction to IIS 6.0 on Windows Server 2003 by providing an overview of how to install IIS 6.0 using the “Manage Your Server” wizard to install the Application Server role on the system, which configures the system with a base installation and deployment of IIS 6.0.
IIS 6.0 on Windows Server 2003 is not installed by default when the operating system is installed (a departure from the Windows 2000 Server era when IIS 5.0 was installed by default). Even when an administrator opts to install the application, the default installation sets IIS 6.0 as a static-content Web server only. ASP and ASP.NET must be explicitly installed by the administrator for dynamic content to be available for use on the particular system.
In situations in which a Windows 2000 Server with IIS 5.0 is installed and subsequently upgraded to Windows Server 2003, IIS 6.0 will be installed as a simple static content Web server unless an administrator installed and ran the IIS Lockdown Tool or configured the RetainW3SVCStatus registry key to secure the Windows 2000 Server operating system and the IIS 5.0 installation.
NOTES FROM THE FIELD — IIS Lockdown Tool version 2.1 turns off unnecessary features and services of IIS 4.0, 5.0, and 5.1 in an effort to reduce the available attack surface for would-be attackers.
The tool can be run to secure IIS 4.0 on Windows NT 4.0 Server systems when IIS 4.0 is installed from the NT4 Option Pack. The tool can also lock down IIS 5.0, which is installed by default on Windows 2000 Server installations. IIS 5.1, which is found under the Windows XP family of operating system (but not installed by default), can also be locked down via the tool.
Version 2.1 of IIS Lockdown Tool can use supplied templates for Microsoft Exchange 5.5 and 2000, Commerce Server, BizTalk, Small Business Server 4.5 and 2000, SharePoint Portal Server, FrontPage Server Extensions, and SharePoint Team Server in an effort to lock down these IIS-dependent applications when they are installed and using IIS.
URLscan 2.5 has been integrated with the IIS Lockdown tool as well.
UrlScan blocks specific HTTP requests in an effort to restrict the types of calls that can be made to the IIS server. It runs on IIS 4.0, 5.0, 5.1, and 6.0.
Future articles will cover both tools in greater depth.
Original date of publication, 07/31/2003