Internet Information Services (IIS) in Windows Server 2003

IT Support Forum Forums Windows Windows Server 2003 R2 General Discussion Internet Information Services (IIS) in Windows Server 2003


Viewing 0 reply threads
  • Author
    • #2211

      Applies To:Windows Server 2003 with SP1
      What does Internet Information Services do?
      Windows Server 2003 Service Pack 1 includes Internet Information Services (IIS), Version 6.0, which makes it possiblefor you
      to hostyour own Web site on theInternet or your intranet.
      IIS is an optional component of Windows Server 2003, is notenabled by default,and must beinstalled separately.
      Who does this feature apply to?
      This featureapplies to thefollowing audiences:
      IT professionals that useIIS to hostand administer a Web site.
      Web developers that useIIS to develop Web content.
      What existing functionality is changing in Windows Server 2003 Service Pack 1?
      Metabase auditing
      Beginning with Windows Server 2003 Service Pack 1 (SP1), IIS 6.0 includes a metabaseauditing featurethatallows tracking of
      each changethat is madeto the metabase. Metabaseauditing is enabled by enabling an auditaccess control entry (ACE) on a
      nodein the metabase. After the ACE is enabled, whenever a metabasechangetakes place on that node,an auditevent is
      published in theSecurity event log. Using metabaseauditing,you can keep track of:
      What was changed (metabase node, property,and old and new values).
      When thechange was made(dateand time).
      Who madethechange(domain and user name).
      Success or failure of thechangeattempt (HRESULT).
      When a changeis maderemotely (client IP number).
      To avoid disclosing sensitiveinformation, such as passwords,values of secure properties do notappear in auditevent log
      Request tracing
      The Windows operating system includes theEventTracing for Windows (ETW) infrastructureto help individuals troubleshoot
      problems in the operating system, including problems in HTTP components. If an HTTP request in IIS fails or becomes
      unresponsive whileETW is enabled,you can view ETW trace data,called events, to determine which component caused the
      failure. IIS includes thefollowing tracing features:
      IIS Currently-executing Requests Tracing:This tracing feature provides general statistics and details aboutall requests
      executing on theserver at the moment tracing was started.
      IIS Request-Based Tracing:This tracing featuretracks HTTP requests as they movethrough IIS components.
      Windows Server 2003 Service Pack 1 or later also includes a provider for tracing theIIS Admin service during startup and
      Kernel-mode SSL.
      You can run SecureSockets Layer (SSL) in kernel mode, instead of the default user mode. Running in kernel mode means that
      components or processes run in thecoreaddress space of the operating system. Moving encryption and decryption operations
      to thekernel improves SSL performance by reducing the number of transitions between kernel modeand user mode.Enabling
      kernel-modeSSL requires setting a new registry key, EnableKernelSSL.
      SSL host headers
      IIS 6.0 now supports using SSL to secure Web sites that use host headers — a security featurethat many users want to have.
      SSL host header support requires obtaining a wildcard server certificateand specifying theSSL port number on the
      SecureBindings metabase property.
      Running 32-bit applications on 64-bit Windows
      Windows Server 2003 Service Pack 1 enables IIS 6.0 to run 32-bit Web applications on 64-bit Windows using the Windows-
      32-on-Windows-64 (WOW64) compatibility layer. IIS 6.0 using WOW64 is intended to run 32-bit personal productivity
      applications needed by software developers and administrators, including 32-bit IIS Web applications.
      W3C centralized logging
      World Wide Web Consortium (W3C) centralized logging is a global configuration on theserver whereall Web sites write data
      to a singlelog file. Data is stored in thelog file using the W3C Extended log fileformat.Thelog filecan beviewed in a text
      editor, unlikeIIS Centralized Binary Logging, which writes data in binary formatand requires a parsing tool to view the data.
      Secure configuration for Web servers
      Windows Server 2003 Service Pack 1 includes aSecurity Configuration Wizard (SCW), which is a role-based tool you can use
      to createa policy thatenables theservices, inbound ports,and settings required for a selected server to perform a specific role.
      If you select the Web Server rolein the wizard,SCW configures IIS 6.0 to help further reducetheattack surface of your Web

Viewing 0 reply threads
  • You must be logged in to reply to this topic.