Share via


Configure Application Isolation Settings for IIS 5.0 Isolation Mode

Applies To: Windows Server 2003, Windows Server 2003 with SP1

Isolating applications means configuring them to run in a process (memory space) that is separate from the Web server core (the core components required to run Internet Information Services (IIS), such as IISAdmin, the metabase, and so on) and other applications. You can configure applications into one of three levels of application protection:

  • Low (IIS process)

  • Medium (pooled)

  • High (isolated)

Note that server-side includes (SSI), Internet Database Connector (IDC), and other InProcessISAPIApps applications (special applications that must be run in process) cannot be run in medium or high isolation.

Requirements

  • Mode: This feature of IIS 6.0 is available only when IIS is running in IIS 5.0 isolation mode.

  • Credentials: Membership in the Administrators group on the local computer.

  • Tools: Iis.msc.

Recommendation

As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type **runas /user:**administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc.

Procedures

To set or change the level of application protection

  1. In IIS Manager, expand the local computer, right-click the Web site or the starting-point directory for the application you want to configure, and then click Properties.

  2. Click the Home Directory, Virtual Directory, or Directory tab, depending on whether you are configuring a Web site, a virtual directory, or an application.

  3. In the Application protection box, click the appropriate level of protection, and then click OK.

The Web server finishes processing any current requests for the application before it creates a separate process. At the next request for the application, the application will run in the appropriate memory space.