September 8, 2017 at 3:42 pm #2211
Applies To:Windows Server 2003 with SP1
What does Internet Information Services do?
Windows Server 2003 Service Pack 1 includes Internet Information Services (IIS), Version 6.0, which makes it possiblefor you
to hostyour own Web site on theInternet or your intranet.
IIS is an optional component of Windows Server 2003, is notenabled by default,and must beinstalled separately.
Who does this feature apply to?
This featureapplies to thefollowing audiences:
IT professionals that useIIS to hostand administer a Web site.
Web developers that useIIS to develop Web content.
What existing functionality is changing in Windows Server 2003 Service Pack 1?
Beginning with Windows Server 2003 Service Pack 1 (SP1), IIS 6.0 includes a metabaseauditing featurethatallows tracking of
each changethat is madeto the metabase. Metabaseauditing is enabled by enabling an auditaccess control entry (ACE) on a
nodein the metabase. After the ACE is enabled, whenever a metabasechangetakes place on that node,an auditevent is
published in theSecurity event log. Using metabaseauditing,you can keep track of:
What was changed (metabase node, property,and old and new values).
When thechange was made(dateand time).
Who madethechange(domain and user name).
Success or failure of thechangeattempt (HRESULT).
When a changeis maderemotely (client IP number).
To avoid disclosing sensitiveinformation, such as passwords,values of secure properties do notappear in auditevent log
The Windows operating system includes theEventTracing for Windows (ETW) infrastructureto help individuals troubleshoot
problems in the operating system, including problems in HTTP components. If an HTTP request in IIS fails or becomes
unresponsive whileETW is enabled,you can view ETW trace data,called events, to determine which component caused the
failure. IIS includes thefollowing tracing features:
IIS Currently-executing Requests Tracing:This tracing feature provides general statistics and details aboutall requests
executing on theserver at the moment tracing was started.
IIS Request-Based Tracing:This tracing featuretracks HTTP requests as they movethrough IIS components.
Windows Server 2003 Service Pack 1 or later also includes a provider for tracing theIIS Admin service during startup and
You can run SecureSockets Layer (SSL) in kernel mode, instead of the default user mode. Running in kernel mode means that
components or processes run in thecoreaddress space of the operating system. Moving encryption and decryption operations
to thekernel improves SSL performance by reducing the number of transitions between kernel modeand user mode.Enabling
kernel-modeSSL requires setting a new registry key, EnableKernelSSL.
SSL host headers
IIS 6.0 now supports using SSL to secure Web sites that use host headers — a security featurethat many users want to have.
SSL host header support requires obtaining a wildcard server certificateand specifying theSSL port number on the
SecureBindings metabase property.
Running 32-bit applications on 64-bit Windows
Windows Server 2003 Service Pack 1 enables IIS 6.0 to run 32-bit Web applications on 64-bit Windows using the Windows-
32-on-Windows-64 (WOW64) compatibility layer. IIS 6.0 using WOW64 is intended to run 32-bit personal productivity
applications needed by software developers and administrators, including 32-bit IIS Web applications.
W3C centralized logging
World Wide Web Consortium (W3C) centralized logging is a global configuration on theserver whereall Web sites write data
to a singlelog file. Data is stored in thelog file using the W3C Extended log fileformat.Thelog filecan beviewed in a text
editor, unlikeIIS Centralized Binary Logging, which writes data in binary formatand requires a parsing tool to view the data.
Secure configuration for Web servers
Windows Server 2003 Service Pack 1 includes aSecurity Configuration Wizard (SCW), which is a role-based tool you can use
to createa policy thatenables theservices, inbound ports,and settings required for a selected server to perform a specific role.
If you select the Web Server rolein the wizard,SCW configures IIS 6.0 to help further reducetheattack surface of your Web
You must be logged in to reply to this topic.