Internet Information Services (IIS) in Windows Server 2003

IT Support Forum Forums Windows Windows Server 2003 R2 General Discussion Internet Information Services (IIS) in Windows Server 2003

Tagged: 

This topic contains 0 replies, has 1 voice, and was last updated by  Webmaster 2 weeks, 1 day ago.

  • Author
    Posts
  • #2211

    Webmaster
    Keymaster

    Applies To:Windows Server 2003 with SP1
    What does Internet Information Services do?
    Windows Server 2003 Service Pack 1 includes Internet Information Services (IIS), Version 6.0, which makes it possiblefor you
    to hostyour own Web site on theInternet or your intranet.
    IIS is an optional component of Windows Server 2003, is notenabled by default,and must beinstalled separately.
    Who does this feature apply to?
    This featureapplies to thefollowing audiences:
    IT professionals that useIIS to hostand administer a Web site.
    Web developers that useIIS to develop Web content.
    What existing functionality is changing in Windows Server 2003 Service Pack 1?
    Metabase auditing
    Beginning with Windows Server 2003 Service Pack 1 (SP1), IIS 6.0 includes a metabaseauditing featurethatallows tracking of
    each changethat is madeto the metabase. Metabaseauditing is enabled by enabling an auditaccess control entry (ACE) on a
    nodein the metabase. After the ACE is enabled, whenever a metabasechangetakes place on that node,an auditevent is
    published in theSecurity event log. Using metabaseauditing,you can keep track of:
    What was changed (metabase node, property,and old and new values).
    When thechange was made(dateand time).
    Who madethechange(domain and user name).
    Success or failure of thechangeattempt (HRESULT).
    When a changeis maderemotely (client IP number).
    Note
    To avoid disclosing sensitiveinformation, such as passwords,values of secure properties do notappear in auditevent log
    entries.
    Request tracing
    The Windows operating system includes theEventTracing for Windows (ETW) infrastructureto help individuals troubleshoot
    problems in the operating system, including problems in HTTP components. If an HTTP request in IIS fails or becomes
    unresponsive whileETW is enabled,you can view ETW trace data,called events, to determine which component caused the
    failure. IIS includes thefollowing tracing features:
    IIS Currently-executing Requests Tracing:This tracing feature provides general statistics and details aboutall requests
    executing on theserver at the moment tracing was started.
    IIS Request-Based Tracing:This tracing featuretracks HTTP requests as they movethrough IIS components.
    Windows Server 2003 Service Pack 1 or later also includes a provider for tracing theIIS Admin service during startup and
    shutdown.
    Kernel-mode SSL.
    You can run SecureSockets Layer (SSL) in kernel mode, instead of the default user mode. Running in kernel mode means that
    components or processes run in thecoreaddress space of the operating system. Moving encryption and decryption operations
    to thekernel improves SSL performance by reducing the number of transitions between kernel modeand user mode.Enabling
    kernel-modeSSL requires setting a new registry key, EnableKernelSSL.
    SSL host headers
    IIS 6.0 now supports using SSL to secure Web sites that use host headers — a security featurethat many users want to have.
    SSL host header support requires obtaining a wildcard server certificateand specifying theSSL port number on the
    SecureBindings metabase property.
    Running 32-bit applications on 64-bit Windows
    Windows Server 2003 Service Pack 1 enables IIS 6.0 to run 32-bit Web applications on 64-bit Windows using the Windows-
    32-on-Windows-64 (WOW64) compatibility layer. IIS 6.0 using WOW64 is intended to run 32-bit personal productivity
    applications needed by software developers and administrators, including 32-bit IIS Web applications.
    W3C centralized logging
    World Wide Web Consortium (W3C) centralized logging is a global configuration on theserver whereall Web sites write data
    to a singlelog file. Data is stored in thelog file using the W3C Extended log fileformat.Thelog filecan beviewed in a text
    editor, unlikeIIS Centralized Binary Logging, which writes data in binary formatand requires a parsing tool to view the data.
    Secure configuration for Web servers
    Windows Server 2003 Service Pack 1 includes aSecurity Configuration Wizard (SCW), which is a role-based tool you can use
    to createa policy thatenables theservices, inbound ports,and settings required for a selected server to perform a specific role.
    If you select the Web Server rolein the wizard,SCW configures IIS 6.0 to help further reducetheattack surface of your Web
    server

You must be logged in to reply to this topic.