Preparing to Install IIS 6.0
Applies To: Windows Server 2003, Windows Server 2003 with SP1
Before you install IIS and configure it as an application server, review the security considerations outlined in this section:
Avoid installing IIS on a domain controller.
Verify that all disk volumes on your application servers use the NTFS file system, not FAT or FAT32 file systems.
Ensure that your computer has network connectivity and a static or dynamic IP address. For more information, see Before Configuring IIS and Securing Sites with IP Address Restrictions.
Avoid installing IIS on a domain controller
Whenever possible, do not install IIS on a domain controller for the following reasons:
The networking and processor load generated by authentication and other domain controller processes can degrade IIS performance.
Adding users to a group that can log on locally to the domain controller can increase the attack surface that is exposed by a Web application. If security is compromised on the domain controller, security is compromised on the entire domain.
Verify that all disk volumes on your application servers use NTFS
To provide a more secure file system, use NTFS on your application servers. NTFS is a more powerful and secure file system than the FAT or FAT32 file system. When you use NTFS on your application servers, you can limit access to the files and directories on the server and configure the access level that you grant to a particular user or group. An added benefit of NTFS is that it allows larger volume sizes than FAT.
Table 3.2 compares the benefits of using the NTFS and FAT file systems.
Table 3.2 Comparison of Support Offered by NTFS and FAT File Systems
| Type of Support | NTFS File System | FAT File System |
|---|---|---|
Directory and file security |
Enables more secure directories and files through the use of NTFS permissions, which you can set at both the file and directory levels. |
Does not allow you to secure directories and files. |
The Active Directory® directory service and domain-based security |
Supports Active Directory and domain-based security. |
No support. |
File encryption |
Supports file encryption, which enhances file security. |
No support. |
To determine the type of file system used by a disk volume, view the properties of the volume (open My Computer, right-click the disk volume, and then click Properties). Windows provides a conversion utility (Convert.exe) that you can use to convert an existing FAT or FAT32 volume to NTFS without losing data. For more information about converting FAT or FAT32 volumes to NTFS, see "Reformatting or converting a partition to use NTFS" in Help and Support Center for Windows Server 2003.