Before Configuring IIS

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Before configuring IIS, it is important to understand issues users sometimes face. By addressing these issues now, you can enjoy a smoother configuration process. This topic outlines these issues and also links you to additional information that you might want to review before beginning your IIS configuration.

This topic includes the following information:

  • Internet Connection Firewall

  • Remote Administration

  • IP Address and Domain Name Registration

  • Permissions and Access Control

Internet Connection Firewall

The Windows ServerĀ 2003 family provides a software-based firewall to prevent unauthorized connections to your server from remote computers. The Internet Connection Firewall is disabled by default; however, if you have enabled the firewall in its default configuration after installing a member of the Windows ServerĀ 2003 family and before installing IIS, clients will not be able to connect to your server. The following procedure configures Internet Connection Firewall to allow clients to initiate Web and other IIS-related connections to your server.

To configure Internet Connection Firewall for IIS

  1. From the Start menu, click Control Panel.

  2. Double-click Network Connections.

  3. Right-click the Local Area Connection, and click Properties.

  4. Click the Advanced tab.

  5. If you do not want to use the Internet Connection Firewall, make sure the Protect my computer and network by limiting or preventing access to this computer from the Internet check box is disabled, and click OK.

  6. If you do want to use the Internet Connection Firewall, make sure the Protect my computer and network by limiting or preventing access to this computer from the Internet check box is enabled, and click Settings.

  7. On the Services tab, enable a service to which you want to allow access to clients.

  8. In the Service Settings dialog box that appears after enabling a service, do one of the following:

    • If you are enabling a service on the same computer on which you are working, the correct computer name is already filled in. Click OK.

    • If you are enabling a service on a different computer on your network, type the name or IP address of the computer hosting the service you are enabling, and click OK.

  9. Repeat steps 7 and 8 until all the services you want accessible to clients are enabled.

Remote Administration

Many network administrators configure servers remotely, that is, from a computer other than the server being configured. If you are installing IIS on one server, and configuring and administering that IIS installation from a different computer, you should configure Remote Administration on the server running IIS. You can use the following tools for this purpose:

  • IIS Manager: You can use IIS Manager on your server to remotely connect to and administer an intranet server running IIS 4.0, IIS 5.0, or IIS 5.1 (IIS 3.0 is not supported).

  • Terminal Services: Terminal Services does not require you to install IIS Manager on the remote client computer because, once connected to the server running IIS, you use IIS Manager on the Web server as if logged on locally.

  • Remote Administration (HTML) Tool: You can use the Remote Administration (HTML) tool to administer your IIS Web server from any Web browser on your intranet. This version of the Remote Administration tool runs only on servers running IIS 6.0.

For information about how to configure remote administration, see Administering Servers Remotely in IIS 6.0.

IP Address and Domain Name Registration

If you are configuring IIS on a server connected directly to the Internet, that is, not within a corporate network or behind a router, you must have on hand the IP address and domain name of each site you will create in this IIS configuration. For more information, see Domain Name Resolution and Hosting Multiple Web Sites on a Single Server.

If you are configuring IIS on a server within a corporate network or behind a router, you must ask the network administrator for an IP address, and if applicable, to configure the router and/or firewall to allow traffic to flow to and from the IIS server. Registering a domain name is usually not necessary in these cases because IIS servers within a corporate network are typically for Intranet use only.

When obtaining IP addresses for your Web sites, make sure they are static IP addresses. Dynamic IP addresses are not suitable for any kind of IIS configuration.

Permissions and Access Control

If you are configuring IIS so that it will be relying on other servers or network components, such as routers, to serve content, make sure that the other servers or network components have been configured to allow access to the IIS server, and that you have the appropriate authentication information on hand before you begin configuring IIS. For more information, see Authentication in IIS 6.0 and Access Control in IIS 6.0.

  • For a checklist of additional issues to consider before configuring IIS, see "Application server role: Configuring an application server" in Windows Help.