Index
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X
A
Access control lists (ACLs), 143, 307, 427, 474-482
IP and domain restrictions for, 475-477
request filtering for, 477-482
worker process identity and, 643
Access denied errors, 467
accessPolicy attribute, 419, 463
Acquire State stage, in request processing, 48, 374
Actions pane of IIS Manager, 12, 157, 174-175
Active Base Objects (ABO) mapper, 40, 82
Active Directory, 498, 500-501, 646
Active Directory Certificate Services, 511
Active Directory Domain Service (AD DS), 543
Active Directory Service Interfaces (ADSI), 15, 117, 602
Add Roles Wizard, 132
Add verb, 191, 203-204
Address bar, 159
Admin Base Objects (ABO) Mapper, 40
Administration extensions, 436-440
actions of, 438-439
installing, 439
overview of, 436-438
securing, 439-440
Administration stack
configuration extensions and, 421-423
extensibility of, 369
for configuration delegation control, 527
in IIS architecture, 30, 39-40
tools not installed for, 602
Administration tools for IIS, 10-13. See also IIS (Internet Information Services), introduction to; Remote administration
Administration.config files
feature delegation and, 252
for IIS Manager, 73, 182-183, 442
post-installation, 140
sections declared by, 430
Advanced digest authentication, 449, 490-491, 495
Affinity, sessions and, 651-652
AHADMIN (Application Host Administration) objects, 85
allowDefinition attribute, 433
allowOverrideDefault attribute, 433-434
Anonymous authentication, 6
application pool identity for, 341, 345, 448, 468
for security, 306, 491-493
IIS Manager feature for, 176
impersonation and, 417
IUSR account for, 448
module for, 128, 412
overview of, 490
worker processes and requests and, 467
Anonymous users. See IUSR accounts
Appcmd.exe command line tool, 187-222
Add verb in, 203-204
administrative extensions disabled by, 440
Appcmd Lock Config command of, 434
as scripts replacement, 11
as Vista requirement, 552-556
avoiding pitfalls of, 201
benefits and limitations of, 188
binding setting by, 272
configuration history and, 96
connection limits and bandwidth throttling setting by, 274
Delete verb in, 205
for application pools, 213-214, 303-304, 308
for applications, 213-214
for backing up server configuration, 95, 140
for CGI configuration, 363
for compression, 645
for configuration delegation, 102
for configuration editing, 206-213
- backing up in, 213
- delegation and, 434
- delegation of, 212-213
- List Config command in, 207-208
- overview of, 85-86
- security and, 457
- Set Config command in, 208-212
- verbs supported for, 206-207
for configuration logging, 550-552
for executing requests list, 318
for extension addition, 480
for failed request tracing, 217-222, 571
for Fast CGI applications, 360
for IIS client certificate mapping authentication, 505-506
for locking extensibility, 419
for module management, 390, 403-408
for permission setting, 463
for recycling events logging, 313-314
for remote logging setup, 544
for troubleshooting, 586
for URL authorization editing, 488
for user profile loading, 311
for Web applications
- changes in, 295
- creation of, 293-294
- list of, 298
for Web server modules, 214
for Web site management, 266
for worker processes and requests, 215-217, 315, 317
- help system of, 194-196
- List verb in, 201-203
-.NET Framework version and, 84
- output of, 196-198
- overview of, 30, 189-191
- parameters of, 199
- parent paths enabled by, 344
- range operators of, 200-201
- Set verb in, 204-205
- supported objects of, 193
- syntax of, 191-193
- to unlock sections
- virtual directories and, 213-214
- configuration of, 281
- creation of, 278-279, 288
- searching of, 283-284
- Web site addition syntax in, 268-269
AppDomains, .NET applications running in, 41
Application development platform, IIS as, 323-365
application frameworks and, 325-327, 353-364
- ASP.NET handlers for deploying, 357
- CGI and, 362-364
- Fast CGI and, 358-362
- ISAPI extensions for deploying, 358
- native modules for deploying, 356
- static file extensions and, 354-356
ASP applications and, 342-345
ASP.NET applications and, 327-342
- backward compatibility for, 327-328
- breaking changes in, 340-341
- deploying, 334-340
- installing, 332-334
- integrated and classic modes of, 328-330
- multiple ASP.NET versions and, 330-332
- remote hosting of, 341-342
overview of, 323-325
PHP applications and, 345-352
- availability of, 352
- deploying, 346-350
- execution identity of, 350-351
- history of, 345-346
- remote hosting of, 352
Application Host Administration (AHADMIN), 229
Application Host Helper Service, 428
Application Pool Identity as Anonymous account, 306
Application pools, 299-315
access to identity of, 469
adding, 302-305
advanced configuration of, 309-315
- recycling events monitoring in, 312-315
- user profile loading in, 309-311
anonymous authentication and, 448, 468, 492
Appcmd.exe command line tool for, 213-214
applicationPoolName precondition of, 387
applications assigned to, 21-22
ASP.NET version and, 335-336
capacity analysis for, 301-302
classic to integrated, 113
configuration files of, 517
considerations for, 300-301
creation of, 20-21
Fully Qualified Domain Names (FQDN) and, 500
identities of, 305-309, 378
isolation of, 41-42
isolation strategy for, 520
least privilege identity configuration for, 466-468
Microsoft.Web. Administration and, 223-224
NETWORK SERVICE and, 543
performance and, 645
request processing by, 42-55
- classic pipeline mode for, 43-46
- modules for, 51-53
-.NET integrated pipeline mode for, 46-51
- non-HTTP, 53-55
- overview of, 40-43
SIDs of, 473
temporary configuration files for, 73-74
version types of, 632
Web gardens for, 299-300
Web sites and, 265-266
worker process boundaries for, 41
Application Programming Interfaces (APIs). See also Component Object Model (COM) API; ISAPI (Internet Server Application Programming Interface)
for editing configuration, 85
for IIS Manager administration, 182-184
native server, 59
.NET, 4
public extensibility, 4
Run-time State and Control (RSCA), 13-14, 64
Application surface area reduction
minimum enabled modules for, 460-461
minimum handler mappings for, 461-462
minimum MIME Types for, 464-465
Web site permissions for, 462-464
ApplicationHost.config files, 38, 60
automatic isolation of, 474
backing up, 131, 140
description of, 430-431
editing, 62-63
for configuration changes, 177-178
for IIS features, 179
global configuration settings in, 519
granular configuration locking and, 107
location tags in, 80
root Web.config files versus, 178
server-level configuration in, 70-72
Sysprep and, 138
unlocking sections and, 103
virtual directory user credentials in, 282
Applications
Appcmd.exe command line tool for, 213-214
application pool assignment of, 21-22
availability of, 265
- FastCGI, 361-362
- load balancing for, 652
- PHP, 352
- requirements for, 635
compatibility of, 15
creation of, 17-18
development of, 4, 24
IIS Manager feature for, 164, 175-176
logging of, 557-558
modules specific to, 51
performance counters for, 626-631
performance of, 645-646
remote content and, 285
sandboxing of, 307
scalability in design of, 649
Web, 291-299
- creating, 292-296
- listing, 297-299
Web sites and, 262-264
Web.config files and, 178
worker process failure in, 34
Arbitrary protocol listeners, 53
Architecture, 29-56. See also Modules
application pool request processing in, 42-55
- classic pipeline mode for, 43-46
- modules for, 51-53
-.NET integrated pipeline mode for, 46-51
- non-HTTP, 53-55
- overview of, 40-43
content placement and, 650
core components of, 33-42
- configuration store as, 38-40
- HTTP.sys as, 33-35
- Windows Process Activation Service (WAS) as, 37-38
- worker process role as, 40-42
- World Wide Web Publishing Service (W3SVC) as, 35-37
for extensibility, 368-370
of IIS Manager extensions, 182-183
overview of, 29-33
shared hosting, 4
Area grouping, in features view, 167
ASCII characters, 201, 254
ASP (Active Server Pages)
applications in, 4, 342-345
for installing IIS 7.0, 121-122
for Web applications, 323
IIS Manager feature for, 176
logging, 558
script error details for, 596
Web farm session management in, 651
ASP.NET
application framework deployment and, 357
application pool versions and, 632
applications of, 4, 327-342
- backward compatibility for, 327-328
- breaking changes in, 340-341
- deploying, 334-340
- installing, 332-334
- integrated and classic modes of, 328-330
- multiple ASP.NET versions and, 330-332
- remote hosting of, 341-342
aspnet isapi.dll for content types of, 44-45
CGI (Common Gateway Interface) and, 7-8
Code Access Security (CAS) of, 375, 416, 439, 471
directories used by applications of, 473
extensibility model of, 59, 368
failed request tracing and, 574
for installing IIS 7.0, 120-121
for Web applications, 323
Forms authentication of, 48
handler mapping types in, 394
integrated pipeline mode of, 20, 31, 376-377
least privilege application configuration for, 470-472
logging in, 558
Membership and Role Services of, 485, 489
migration to IIS and, 382
root Web.config files for, 179
run-time settings in, 265
server extension with, 324, 326
special directories of, 481
tracing integrated with, 576-577
unified authentication model of, 490
Unified Security Model of, 62
Web.config files for settings of, 4
ASP.NET URL authorization, 483
Aspnet_regiis.exe tool, 331-332, 334, 341
ASPX pages, 59
Attack surface area reduction, 450-460
in IIS 7.0 installation, 131
minimum CGI programs for, 458-459
minimum FastCGI programs for, 459-460
minimum ISAPI extensions for, 455-458
minimum ISAPI filters for, 454-455
modules and, 61
overview of, 4, 7
Web server installation and, 368
Web server installation for, 411-414, 451-454
Attributes
accessPolicy, 419, 463
allowDefinition, 433
allowOverrideDefault, 433-434
as encryption level, 84, 435
configuration history, 96
configuration section, 78, 88
enabled, 105
for collection elements, 212
handler mapping-specified, 393
image, 378
List command for, 202
lock, 105-106
managedPipelineMode, 386
overrideMode, 80, 99, 102-103
overrideModeDefault, 526
path, 103, 394, 434
requiredPermission, 525
Set command for, 204
setting configuration, 209-211
state, 439
Auditing, 287
Authentication, 490-511. See also Security
access control and, 474
advanced digest, 449
anonymous
- application pool identity for, 306, 345, 448, 468
- description of, 491-493
- impersonation and, 341, 417
- in IIS 7.0 installation, 128
- in IIS Manager, 176
- IUSR account for, 448
- worker processes and requests and, 467
as request processing stage, 47, 374
basic, 176, 493-495
client certificate mapping, 501-503
connection, 238-240
delegation of, 509-511
digest, 176, 449, 495-497
errors in, 603
failed request tracing and, 574
Forms, 48, 65, 176
- for Web sites, 324, 339
- overview of, 6
- root Web.config files for, 178
- strong name for, 383
IIS client certificate mapping, 449, 503-507
IIS Manager feature for, 164
in ASP.NET applications, 450
in worker process, 63
membership-based, 5
modules for, 6, 58, 412-414
of user, 467
overview of, 490-491
pass-through mechanism for, 278, 286
performance and, 610-611
remote logging and, 541
server, 235
UNC, 508-509
Windows, 61
- description of, 497-501
- IIS Manager extensions and, 444
- IIS Manager feature for, 176
- Kerberos protocol and, 448
Authorization, 483-489
access control and, 474-475
declarative rules for, 287
failed request tracing and, 574
file, 413
IIS Manager feature for, 176
NTFS ACL-based, 483-485
URL, 414, 449, 485-489
Authorize Request stage, in request processing s, 47, 374
Automatic IIS IUSRS Membership account, 306
Availability of applications, 265
FastCGI, 361-362
load balancing for, 652
PHP, 352
requirements for, 635
B
Back button, for navigation, 159
Backing up configuration, 86, 91, 94-95, 109, 213, 384, 428
Backward compatibility. See also Metabase Compatibility Layer
classic request pipeline mode for, 45
for ASP.NET applications, 327-328
of configuration, 82
overview of, 10-11
Bandwidth throttling, 273-274, 613. See also Network
Basic authentication, 61
for security, 493-495
IIS Manager feature for, 176
module for, 412
overview of, 6, 490
Begin Request stage, of request processing, 47, 374, 642
Best practices
for application performance, 646
for security, 267, 293
for Web sites, 266
Binaries, 61
Bindings
Appcmd.exe tool and, 203
collection elements as, 89
configuration of, 260, 270-273
for Web sites, 15
HTTPS protocol, 512
SSL configuration for, 611
Bit mode (64 versus 32), performance and, 631-632
Bitness32 load precondition, 387-389
Bottlenecks, memory, 617, 620, 646
Boundaries, application pool, 20, 41
Breadcrumb path, in Address bar, 159
Browsing, IIS Manager feature for, 164, 175-176
C
C++ extensibility model
administration stack and, 422
for Web server modules, 368, 372
managed versus native modules and, 375-377
module implementation and, 46
overview of, 7-8
Caching
Global Assembly Cache (GAC) for, 182, 382-383, 398, 401, 442
HTTP Cache Module for, 413
HTTP.sys, 636-640
IIS Manager feature for, 166, 177
kernel mode, 34, 621, 635-636, 649
modules for, 64
of compressed files, 643
output, 635
Output Cache Module for, 413
performance and, 614
Resolve Cache stage in request processing and, 47
response, 34
Update Cache stage in request processing and, 48
URL Authorization and Output Caching for, 330
user-mode, 640-642
Capacity analysis
for application pools, 301-302
Web Capacity Analysis Tool (WCAT) for, 636-637, 647
Case sensitivity in Appcmd.exe tool, 210
Catch-all mapping, 396
Category grouping, in features view, 167-168
Centralized binary logging format, 541
Centralized configuration, 111
Certificate Authorities (CA), 234, 511
Certificate mapping authentication
client, 501-503
IIS client, 503-507
module for, 412
overview of, 490
Certificate Revocation List (CRL), 514
Certificates
for Secure Sockets Layer (SSL), 514-515
IIS Manager feature for, 166, 175, 177
in HTTP.sys, 512
trust model based on, 445
Web Management Service (WMSvc) and, 232, 234
CGI (Common Gateway Interface)
application frameworks and, 362-364
as handler mapping type, 395, 402
ASP.NET and, 7
attack surface area reduction and, 458-459
FastCGI and, 5, 459
IIS Manager feature for, 165, 176-177
ISAPI restriction list of, 409-410
legacy programs of, 326
module for, 64
PHP applications and, 345
Challenge-based authentication, 493, 495, 497
Child elements of configuration sections, 78, 88-89
Classic pipeline mode, 20-21
ASP.NET applications in, 328-330, 332
overview of, 31, 43-46
preconditions of, 386
Classic.NET AppPool application pool, 300
Clear verb, 206
Clear-text files, 29, 511
Client certificate mapping authentication, 490, 501-503
Client certificates for Secure Sockets Layer (SSL), 514-515
Client-side UI module, 441-442
cmdlets, in PowerShell, 226
Code Access Security (CAS), 375, 416, 439, 471, 525
ColdFusion application framework, 4, 327
Collections, configuration section, 78
adding to, 88-89
attributes and, 88
clearing, 90
matching, 211-212
removing items from, 89-90
Command line management tools. See Appcmd.exe command line tool; Component Object Model (COM) API; Microsoft.Web.Administration; PowerShell; Windows Management Instrumentation (WMI)
Comma-separated (CSV) files, 557, 598
Commit parameter, in Appcmd.exe tool, 208
Common Language Run time (CLR), 265, 330
Common Name (CN) entries, 512
Compatibility. See also Backward compatibility
application, 15
for ASP.NET applications, 327-328
Metabase Compatibility Layer for, 15, 40, 226, 333, 440
of IIS 6.0 metabase, 82-83
Compilation features, in IIS Manager,163, 175
Component Object Model (COM) API, 13
administration and, 422, 438-439
configuration and, 85, 188-189, 227
Compression
dynamic, 58
folder, 558-559
for performance, 642-645
for scalability, 649
IIS Manager feature for, 164, 176
ConfigAccess credentials, 110
Configuration, 67-114. See also Least privilege configuration; Remote administration
Appcmd.exe editing of, 206-213
- backing up in, 213
- delegation of, 212-213
- List Config command in, 207-208
- Set Config command in, 208-212
- verbs supported for, 206-207
backing up, 94-95
centralized logging, 538, 540-541
clear-text XML-based files for, 29
Component Object Model (COM) API and, 227
content view and, 174
delegation of, 97-107
- direct, 102-103
- feature, 97-99
- for remote administration, 104
- granular locking of, 104-107
- settings for, 99-102
disabling HTTP logging of, 539
distributed file-based, 4
editing, 85-94
- errors and, 90-94
- placement of, 86-87
- settings of, 87-90
exporting and importing, 96-97
features view of settings of, 177-180
fine-grain locking of, 460, 464
for performance, 632-646
- at server level, 633-634
- compression in, 642-645
- HTTP.sys cache in, 636-640
- IIS, 634
- load optimization in, 634-635
- NLB (network load balancing) in, 645
- of application pools, 645
- of applications, 645-646
- user-mode caching in, 640-642
hierarchy of, 69-74
history of, 95-96
IIS 6.0 metabase and, 81-83
IIS settings for, 8-10
logging, 547-556
Microsoft.Web. Administration and, 224-225
modules and, 59-60
.NET system of, 83-85
of application pools, 309-315
of applications, 285
of Secure Sockets Layer (SSL), 511-512
of virtual directories, 278-282
of Web Management Service (WMSvc), 232-240
of Web site bindings, 270-273
of Windows authentication, 498-501
overview of, 67-69
sandboxed, 4
security for, 515-530
- by restricting access, 516-520
- delegation control for, 525-530
- sensitive, 520-525
server sharing of, 107-113, 166, 177
storage of, 30, 38-40
syntax of, 74-80
- location tags in, 80
- overview of, 74-75
- section declarations in, 75-76
- section elements in, 77-79
- section groups in, 76-77
- section schema in, 79
- Web.config file size and, 75
Windows Process Activation Service (WAS) and, 37
Configuration extensions, 421-436
administration stack and, 421-423
overview of, 423-425
schema and, 425-427
section declaration and, 428-430
section installation and, 431-432
section securing and, 432-436
Configuration names, 172
Configuration view, of Appcmd.exe output, 197-198
ConfigurationValidationModule, 65, 412
Configure Trace command, 218
Connect to Site Wizard, 161-162
Connection authentication, 238-240
Connection limits, 273-274
Connection pane, of IIS Manager, 11
content view and, 173
in application creation, 17-18
in application pool assignment, 21-22
in application pool creation, 20-21
in virtual directory creation, 19
in Web site creation, 16
overview of, 157, 159-161
Connection time-out, 274
Connections, 25, 164, 176, 180
Constrained Delegation and Protocol Transition, 470, 496, 510
Content
in IIS 7.0 installation, 141-142
Content view, in IIS Manager workspace
description of, 157-158
details of, 173-174
overview of, 11-12
Context switching, 34
Cookie-based session state, 513
Core server, 5-8
CPU (central processing unit), performance of, 612-617
Crashes, 602, 617
Credentials. See also Authentication; Certificates
ConfigAccess, 110
fixed, for virtual directories, 342, 448, 467, 469-470, 473, 508-509
for remote content, 286-288
for user management, 242-243
for virtual directory access, 278
IIS Manager, 12, 238-239
Windows, 240-242
Cryptographic exchange, in authentication, 497
Currentconfig.xml file, 135
Custom Site Delegation mode, 245, 248
D
Database, SQL Server user, 63
Declarations, configuration section, 75-76, 102-103, 428-430
Declarative authorization rules, 287
Default authentication,, 413
Default Delegation mode, 245
Default Document feature
configuration section for, 426, 428
in IIS Manager, 164, 169, 176
module for, 183
performance and, 607
Delegation
feature, 97-99, 165, 180, 245-248, 252, 444
IIS Manager for, 12
of authentication, 509-511
of configuration, 97-107
- controlling, 433-435
- direct, 102-103
- feature, 97-99
- for remote administration, 104
- granular locking of, 104-107
- hierarchy levels of, 10
- managing, 212-213
- placement and, 87
- security for, 525-530
- settings for, 99-102
- strategy for, 209
- Web.config files and, 73
of failed request tracing settings, 566
to reduce cost of ownership, 4
Web.config files and, 431
Delete verb, 191, 205
Denial-of-service (DOS) attacks, 75
Dependencies, 51, 140
Design of applications, scalability and, 649
Details view of IIS Manager workspace, 169
Deterministic state machine, 372
Device driver, kernel-mode, 33, 535
Diagnostics, 13-14, 24, 30. See also Failed Request Tracing (FRT); Troubleshooting
Dialog pages, in features view, 170, 172
Digest authentication
for security, 449, 495-497
IIS Manager feature for, 176
module for, 413
overview of, 490
Direct configuration delegation, 102-103
Directory browsing, IIS Manager and, 164, 175-176
Directory Services Mapper (DS Mapper), 501-502
Distributed Component Object Model (DCOM), 12
Distributed File System (DFS), 285, 541
Distributed file-based configuration system, 4
Distributed Web.config files, 430, 517
Documentation, 87-88, 225
Documents. See Default Document feature
Domain controllers, 496, 498
Domain Name System (DNS), 476, 583
Domain restrictions, 474-477
Dynamic application technologies, 456
Dynamic compression, 58, 644, 649
Dynamic-link libraries (DLLs). See also Modules
in server core Web edition IIS installation, 130
in worker process, 606-607
module implementation as, 46
native modules as, 59, 372
E
ECN (Explicit Congestion Notification), 624
Editing configuration, 85-94
errors and, 90-94
placement of, 86-87
settings of, 87-90
Elements, configuration section, 77-79
enabled attribute, 105
Encryption
backing up and, 95
built-in support for, 515
configuration, 435-436, 521-522
limitations of, 524
Microsoft Advanced Encryption Standard (AES) for, 282
of SSL in HTTP.sys, 611-612
providers of, 522-524
section-level, 84
server keys for, 97
shared server configuration and, 110-111
End Request stage, in request processing, 48, 374
Error pages feature, 176, 180
Errors. See also Failed request tracing (FRT); Troubleshooting
access denied, 467
client certificate required, 514
configuration locking and, 464
CustomError module for, 413
features view pages for, 170
HTTP 500, 382
IIS Manager feature for, 164
in authentication, 603
in configuration editing, 90-94
log, 558
Not Found 404.3, 396
service unavailable 503, 600
tracing, 566-571
ESTATS network statistics, 624
Event Tracing for Windows (ETW), 315, 556
Event Viewer, 591-592, 648
EventLog error, 92-93
Events. See also Failed Request Tracing (FRT); Logging
for installation troubleshooting, 144
global Web server, 379
IIS, 558
in request processing, 46-48, 372-374
modules and, 58
monitoring recycling of, 312-315
recycling options for, 557
Execute Handler stage, in request processing, 48, 374, 393
Execution identity, in PHP applications, 350-351
Exporting and importing configuration, 96-97, 109
Extensibility. See also Administration extensions; Configuration extensions; IIS Manager; Web server modules
for logging, 546
in installing IIS 7.0, 123-124
locking down, 371, 418-420
modules and, 59, 63-64
.NET Extensibility component and, 50
of IIS architecture, 7-8, 29
of IIS Manager, 181
of servers, 324
of user interface, 58
overview of, 4
tracing, 578
F
Failed Request Tracing (FRT), 564-576
Appcmd.exe command line tool for, 217-222
authentication errors and, 603
bottlenecks identified by, 646
enabling and configuring, 565-572
for performance monitoring, 648
for troubleshooting, 320, 592
for Web sites, 275-276
IIS Manager feature for, 165, 176
module for, 64
overview of, 4, 14
reading logs of, 572-576
Failover, clustering for, 651
Failure, 34, 36
FastCGI
application frameworks and, 324, 327, 358-362
as handler mapping type, 395, 402
attack surface area reduction and, 459-460
for installing IIS 7.0, 122-123
module for, 64
overview of, 5
PHP applications and
- availability of, 352
- handler mapping for, 348-350
- history of, 346-347
- settings for, 348
Fastest reply option, for load balancing, 652
Fault isolation, 42
Feature configuration, 97-99, 104
Feature delegation, 97-99, 165, 180, 245-248, 252, 444
Features view, in IIS Manager workspace, 11, 162-173
configuration settings and, 177-180
content view versus, 158
details view of, 169
grouping of, 167-168
home page in, 162-166
module mapping to, 175-177
names for, 172-173
overview of, 157
page layouts for, 170-172
scope of, 180-181
File Transfer Protocol. See FTP Publishing Service
File Version property, 136
fileExtensions collection, 480
Filters, IIS Manager feature for, 177
Fine-grained configuration locking, 460, 529
Firewalls
IIS Manager support of, 12, 154
logs for, 597
troubleshooting, 252, 600-601
Web Management Service (WMSvc) and, 232, 235
Fixed credentials
for remote content, 286-288
for virtual directories, 342, 448, 467, 469-470, 473, 508-509
Flash Server applications, 323
Folder compression, 558-559
Folders, in IIS 7.0 installation, 141-142
Forms authentication
ASP.NET, 324
for Web sites, 339
IIS Manager feature for, 176
module for, 65, 413
overview of, 6
root Web.config files for, 178
security and, 490
strong name for, 383
unsecure connections and, 513
Forward button, for navigation, 159
Fragmentation of disks, 622
Framework Machine.config files, 430
Framework root Web.config files, 430
Friendly names, 172
FTP Publishing Service
for logging, 539
for remote logging, 545
IIS 6.0 MMC snap-in and, 11
overview of, 5, 25
security accounts and, 306
Fully Qualified Domain Name (FQDN), 500
G
Get cmdlet, in PowerShell, 226
Global Assembly Cache (GAC), 182, 382-383, 398, 401, 442
Global Web server events, 379
Globalization feature, in IIS Manager, 163, 175
GlobalModules section, of ApplicationHost.config, 60
Granular locking of configuration delegation, 104-107
Groups
configuration section, 76-77, 87
for features view, 167-168
in Windows Server 2008, 143
GUI management console, 30
Gzip tool, 559
H
Handler mappings
additions to, 392-394
for application frameworks, 326
for application surface area reduction, 461-462
for ASP.NET handler-based deployment, 357
for CGI programs, 458
for FastCGI programs, 348-350, 460
for multiple ASP.NET versions, 330, 334
for PHP applications, 348-350, 418
IIS Manager and, 165, 176, 400-403
IIS migration of, 382
installing, 381
ISAPI-based, 386, 456
management of, 408-410
module preconditions and, 385, 393
module-based, 359
permissions not required for, 464
scriptmap-based, 362
subscription-based, 358
types of, 394-396
wildcard, 464
Handlers section, of ApplicationHost.config, 60
Hanging servers, 603
Hard disks, performance of, 621-623
Hardware upgrades, 652
headerLimits collection, 479
Health. See Diagnostics; Troubleshooting
Health model, for IIS 7.0, 591
Help system, 159, 194-196
Home button, for navigation, 159
Home page, in IIS Manager, 162-166
Host Header configuration, 260
HTTP 500 error, 382
HTTP features
in Windows Server 2008, 24
log checking in, 596-598
troubleshooting, 594-596, 598-601
HTTP proxies, 498
HTTP.sys
certificates and, 512
in IIS architecture, 30, 33-35
in request processing, 33
logging and, 535, 556-557, 559
performance and, 636-640
Secure Sockets Layer (SSL) and, 611-612
Windows Process Activation Service (WAS) and, 37-38
HTTPCache Module, 413
HTTPLogging Module, 413, 622-623
HTTPRedirection Module, 413
HTTPS connection
binding protocols in, 270-271, 512
digest authentication and, 495
for Web site access, 16
IIS Manager support of, 12
remote administration and, 154, 230
I
IA64 (Itanium-based 64-bit) system, 631
Icons view, in features view, 169
Identifier, in Appcmd.exe tool, 191-192, 201, 205
Identities
anonymous authentication and, 448, 492
application pool, 305-309, 378
delegation of authenticated, 510
PHP application, 350-351
process, 4, 508
Idle time, 274
IETF draft RFC 4898, 624
IHTTPModule API, 7
IIS (Internet Information Services), introduction to, 3-27. See also Installing IIS 7.0
administration tools of, 10-13
application compatibility in, 15
basic administration tasks in, 15-22
- application creation in, 17-18
- application pool creation in, 20-22
- virtual directory creation in, 19
- Web site creation in, 15-17
configuration of, 8-10
core server in, 5-8
diagnostics of, 13-14
in Windows Server 2008 and Windows Vista, 22-25
- application development features in, 24
- diagnostic features in, 24
- FTP Publishing Service features in, 25
- HTTP features in, 24
- management tools in, 25
- performance features in, 25
- security features in, 24-25
- simultaneous connection limits in, 25
- Windows Process Activation Service features in, 25
overview of, 3-5
Windows Process Activation Service of, 14
IIS 6.0 metabase, 81-83
IIS 6.0 MMC snap-in, 11
IIS client certificate mapping authentication, 413, 449, 490, 503-507
IIS IUSR accounts, 306, 469
IIS IUSRS group, 448
IIS Manager, 153-186
Actions pane of, 174-175
administration API for, 182-184
Administration.config files for, 73
connections pane of, 159-161
content view of, 158, 173-174
credentials of
- for connection authentication, 238-239
- for user management, 242-243
delegation settings in, 98-100
extensibility of, 440-446
- actions in, 441-443
- installing extensions for, 443
- overview of, 181
- securing extensions for, 443-446
features view of, 162-173
- configuration settings and, 177-180
- content view versus, 158
- details view of, 169
- grouping of, 167-168
- home page in, 162-166
- module mapping to, 175-177
- names for, 172-173
- page layouts for, 170-172
- scope of, 180-181
for editing configuration, 85-86
for handler mapping management, 400-403
for logging, 536, 547-550
for module management, 396-399
for module ordering, 392
for Web server modules, 369
in troubleshooting, 589-591
navigation toolbar of, 159
overview of, 11-13, 30, 153-158
remote administration and, 184-185, 230
remote logging and, 542-544
shared server configuration and, 108
starting, 155-156
IISADMIN service, 40
Image attribute, 378
ImageX capture program, 138
Impersonation
anonymous authentication and, 417
in ASP.NET applications, 450
in ASP.NET handler-based deployment, 357
of PHP in FastCGI environment, 351
universal naming convention (UNC) shares and, 341
Importing and exporting configuration, 96-97, 109
Independent software vendors (ISVs), 368, 624
Index Server service, 623
Inetinfo.exe process, 40
Inetmgr.exe tool, 154
Inetsrv directory, 190
Inspect Trace command, 221-222
Installing IIS 7.0, 117-149
ASP.NET scenario for, 120-121
auto-installs for, 139
classic ASP scenario for, 121-122
FastCGI scenario for, 122-123
IIS full install scenario for, 124-128
- components of, 125-126
- ServerManagerCMD update names for, 127-128
IIS managed modules and .NET extensibility scenario for, 123-124
overview of, 117-119
Package Manager for, 132-133
post-, 140-143
removing IIS and, 145-148
Server Core Web Edition scenario for, 128-131
Server Manager for, 131-132
ServerManagerCMD for, 133-135
static content Web server scenario for, 119-120
Sysprep for, 138
troubleshooting, 143-145
unattended answer files for, 136-138
Window Server 2008 for, 139-140
Integrated pipeline mode, 20-21
advantages of, 339-340
ASP.NET applications in, 328-330, 332
for scalability, 649
logging and, 535
migrating to, 336-338, 382
.NET, 31, 46-51
preconditions of, 386
workings of, 376-377
Internet Explorer, 496, 594, 606
Internet Explorer enhanced security configuration (ESC), 572
Internet Information Services. See IIS (Internet Information Services)
Internet Protocol Security (IPsec) policies, 600
Intranet environments, 498
IP (Internet protocol), 474-477
IPv4, 177, 237
IPv6, 262
ISAPI (Internet Server Application Programming Interface)
application frameworks deployment and, 323, 358
ASP.NET content types and, 44
attack surface area reduction and, 454-458
bitness32 precondition and, 388
CGI restriction list of, 409-410
extensions and filters of, 15
filter preconditions for, 632
handler mappings based on, 386, 395, 402
IIS 7.0 support of, 7, 165, 177
in IIS 7.0 installation, 140
IsapiFilter module and, 413
legacy extensions of, 326-327, 342
native server APIs versus, 59
PHP applications and, 345
Isolation
application framework deployment and, 356
configuration, 448, 518-520
for application pools, 20-21, 41-42, 73
in ASP.NET handler-based deployment, 357
of bottlenecks, 646
process memory spaces for, 265
sandboxing for, 307
shared hosting architecture and, 4
Worker Process Isolation Mode for, 328
IUSR accounts, 96-97, 143, 306, 341, 345, 448
IWAM users, 96-97
J
Java Servlets, 323
K
Kerberos authentication, 448, 490, 497-498, 500, 510, 541
Kernel mode
caching in, 34, 621, 635-636, 639-641, 649
HTTP.sys as device driver in, 33, 535
memory in, 632
request queuing in, 34
Secure Sockets Layer (SSL) in, 611
Key Distribution Center (KDC), 498
L
Latency, 617, 620, 623-624
LDAP (Lightweight Directory Application Protocol), 646
Least privilege configuration, 465-474
in application pool identity, 466-468
in isolating applications, 472-474
in NTFS permissions, 468-470
in trust for ASP.NET applications, 470-472
Least-active option, for load balancing, 652
Least-privileged user accounts (LUA), 131
Legacy applications, 40, 82-83, 117. See also Compatibility
lisschema.exe tool, 432
List verb
for config object, 206-208
for enabled modules
for executing requests, 318-319
for failed request tracing logs, 220-221
for ordered modules, 398
for Web applications, 297-299
for worker processes, 215, 317
in Appcmd.exe syntax, 191-192
objects found by, 201-203
requests found by, 215-217
Web sites found by, 214
List view, in features view, 169-171, 174
Listener adapter interface, 37, 54
Load balancing, 107
as module precondition, 385
bitness32 load precondition and, 387-388
custom modules for, 63
for performance, 634-635
network (NLB), 645, 651-652
sticky state for, 651
Local Security Policy console, 363
Local user administrator security, 132
Localhost configuration, 179
Location tags
in configuration, 75, 80, 87
in delegation settings, 99
unlocking sections and, 103
lock attribute, 105
Lock verb, 206, 212
Lock violations, 91
lockAllAttributesExcept form, 106
lockAllElementsExcept form, 106
Locking configuration, 178-179, 460, 464, 529
lockItem directive, 106
Log Parser tool, 255-257, 559-560, 598
Log Request stage, in request processing, 48, 374
Logging, 535-561
application, 557-558
centralized configuration for, 538, 540-541
configuring IIS, 547-556
failed request tracing, 220-222, 573-574
file location for, 539
folder compression for, 558-559
HPPS.sys, 556-557
HTTP configuration disabling and, 539
HTTPLogging Module for, 413
IIS 7.0, 144
IIS Manager and, 165, 177, 536
in Web Management Service (WMSvc), 254-257
installation troubleshooting, 144
Log Parser for analyzing, 559-560
management service for, 540
operating system separate from, 622-623
Package Monitor, 145
remote, 541-547
ServerManagerCMD, 144-145
SiteDefaults configuration for, 538
status codes for, 540
UTF-8 encoding for, 539-540
Web sites, 275-276
XML-based schema for, 536-537
M
Machine key, IIS Manager feature for, 165, 177
Machine.config files, 8, 38, 70-71, 430
Maintenance overhead reduction, 61
Managed modules, 59, 123-124. See also ASP.NET; Web server modules
ManagedEngine Module, 50, 59, 64-65, 377, 381, 385
ManagedHandler precondition, 390-391, 400
managedPipelineMode attribute, 386
Management Service feature, 177, 184-185
Map Handler stage, in request processing, 47, 374
Mapping. See also Handler mappings
ABO Mapper for, 40
modules to features view, 175-177
virtual directories as, 264
Mbschema.xml file, 140
Membership service, 63
Membership-based authentication, 5
Memory
dump of, 602
footprint of, 4, 7, 301, 608
overhead of, 364
performance and, 617-620
random access (RAM), 606, 614
virtual versus kernel, 632
Windows Server 2008 limits for, 632
Merge append mode, 211
Message Queuing, 118, 260
Metabase Compatibility Layer, 15, 40, 226, 333, 440
Metabase Explorer, 67
Metabase, IIS 6.0, 81-83
Metabase.xml file, 140
Microsoft Advanced Encryption Standard (AES), 282
Microsoft Cluster, 285, 651
Microsoft Office 2007 file types, 354
Microsoft Silverlight file types, 354
Microsoft Visual Studio, 301, 342, 383
Microsoft.Web.Administration, 11, 188
administration stack and, 422
application pool creation with, 223-224
benefits and limitations of, 189
configuration section access by, 435
configuration setting with, 224-225
for editing configuration, 85-86
for Web site management, 266
IIS Manager and, 182
lisschema.exe tool and, 432
remote administration and, 229
site creation with, 222-223
Migrate verb, 206
MIME Type configuration
application surface area reduction and, 464-465
compression and, 644
for application file types, 354-356
IIS Manager feature for, 166, 177
Not Found 404.3 errors and, 396
static file extensions in, 325
Modularity, of core server, 6-7
Modules, 57-66. See also Dynamic-link libraries (DLLs); Web server modules
Appcmd.exe command line tool and, 214
application surface area reduction and, 460-461
authorization, 483
built-in, 64-65
compression, 642-645
concepts of, 57-58
configuration and, 59-60
default document, 183
DLL implementation of, 46
extensibility benefits of, 63-64
failed request tracing and, 574
features view mapping to, 175-177
for application framework deployment, 356
for IIS Manager extensions, 441-442
for installing IIS 7.0, 123-124
IIS Manager feature for, 166, 177
IIS Manager management of, 396-399
in ApplicationHost.config, 60
in ASP.NET integration, 50-51
in integrated pipeline mode, 339
ordering of, 391-392
overview of, 29, 51-53
performance benefits of, 63
request processing events and, 46, 48-49
security and, 61-63, 412-414
server pipeline and, 49
SQL logging, 546-547
types of, 58-59
MSDN documentation, 225
N
Named Pipes, 260
Names, for features view, 172-173
National Center for Supercomputing Applications (NCSA), 535
Native modules, 59. See also Web server modules
Navigation toolbar, IIS Manager, 157, 159
Nested section groups, 76
.NET Framework, 4
administration stack and, 422
application pool assignment and, 302, 304
core Web server extensions and, 7
extensibility component of, 50, 332-333, 381
for configuration, 8, 38, 83-85
for Web server modules, 372
globalization feature for, 163, 175
in installing IIS 7.0, 123-124
managed modules in, 59, 375-377
native modules in, 375-377
passport authentication of, 491
profile feature for, 163, 175
roles feature for, 164, 175
run-time settings in, 265
trust levels feature for, 164, 1
75
users feature for, 164, 175
NetBIOS, 500
NetMsmqActivator, 54
NetPipeActivator, 54
Netsh scripting utility, 611
Netstart tool, 582, 584
NetTcpActivator, 54
Network Attached Storage (NAS), 285
Network Monitor, 593-594
Network performance, 623-631
application-level counters for, 626-631
constraints on, 624-625
countermeasures for, 625-626
load balancing (NLB) for, 645, 651-652
monitoring, 624
pressure on, 623-624
NETWORK SERVICE, 543
New cmdlet, in PowerShell, 226
Next Generation TCP-IP stack, 623-625
Non-HTTP request processing, 38, 53-55
Nonphysical URLs, 80
Not delegated delegation setting, 99
Not Found 404.3 errors, 396
NT LAN Manager (NTLM) authentication, 490, 497-499
NT Service WMSvc, 232
NTFS ACL-based authorization, 475, 483-485
NTFS permissions, 95, 288-289, 468-470, 524, 543
NULL session for remote logging, 542-543
O
Object level, in features scope, 180
Objects in Appcmd.exe, 192
Add, 203-204
Delete, 205
help information on, 194
List, 202-203
Request, 320
Set, 204-205
site, 192
supported, 193
OS TrustedInstaller subsystem, 380
Output Cache Module, 413
Output caching, 635, 637, 639
Overhead measurement, 606-610
overrideMode attribute, 80, 99, 102-103
overrideModeDefault attribute, 526
P
Package Manager
for Installing IIS 7.0, 117-118, 121, 132-133
logs of, 145
to remove IIS, 147-148
Packet loss, 624
Packet sniffing, 511
Page layouts, for features view, 170-172
Pages and controls, IIS Manager feature for, 166, 177
Paging file, 620, 622
Parameters
for anonymous authentication, 493
for authentication configuration, 499
for basic authentication, 495
for certificate mappings, 505, 507
for CGI configuration, 363
for digest authentication, 497
for extension deletion, 480
for failed request tracing configuration, 572
for Fast CGI application definitions, 360
for request filtering limits, 479
for Secure Sockets Layer settings, 514
for URL authorization addition, 489
in Appcmd.exe tool
- as output view, 197
- commit, 208
- for Configure Trace command, 218
- for help output, 196
- for Inspect Trace command, 221
- for List requests command, 216-217
- for List Trace command, 220
- for module addition, 406
- for module installation, 404
- for Set command, 204
- general, 198-199
- in syntax, 192
- quotation marks for, 201
MIME Type addition, 355
Parent collection items, inheritance of, 90
Parent configuration files, 78, 179
Parent paths, 344, 601
Pass-through authentication, 278, 286, 508-509
Passwords, in shared server configuration, 111
Patching, 4, 61-62, 452-453
path attribute, 103, 394, 434
Performance, 605-653
bit mode (64 versus 32) effects on, 631-632
configuration for, 632-646
- application, 645-646
- application pools in, 645
- compression in, 642-645
- HTTP.sys cache in, 636-640
- IIS, 634
- load optimization in, 634-635
- NLB (network load balancing) in, 645
- server level, 633-634
- user-mode caching in, 640-642
constrained resources impact on, 612-617
degradation of, 216
failed request tracing and, 574
hard disks and, 621-623
IIS features for, 25
memory and, 617-620
modules and, 63
monitoring of, 647-648
network and, 623-631
- application-level counters for, 626-631
- constraints and, 624-625
- countermeasures for, 625-626
- monitoring, 624
- pressure on, 623-624
Reliability and Performance Monitor for, 593, 603, 612, 616, 621, 633, 647-648, 652
scalability for, 649-652
security versus, 606-612
- authentication in, 610-611
- overhead measurement for, 606-610
- Secure Sockets Layer (SSL) in, 611-612
tracing and, 577-578
W3SVC monitoring of, 36-37
PERL application framework, 4, 323-324, 327
Permissions. See also Authentication; Security
application surface area reduction and, 462-464
backing up configuration and, 95
for CGI frameworks deployment, 362
for configuration file access, 516-518
for remote content access, 288-289
for shared configurations, 520
IIS Manager feature for, 165, 176
in user management, 241-244
NTFS, 468-470, 524, 543
requiredPermission attribute for, 525
Web Management Service (WMSvc) and, 232, 240-245
PHP applications, 345-352
availability of, 352
deploying, 346-350
development of, 4
execution identity of, 350-351
FastCGI protocol in, 324
for Web applications, 323-324
handler mappings for, 418
history of, 345-346
privileges and, 417
remote hosting of, 352
Web.config file example for, 78
PHP Extension Community Library (PECL), 347
Ping tool, 583
Pipeline. See Classic pipeline mode; Integrated pipeline mode; Request processing pipeline
Pluggable architecture, 58
PortCheck tool, 583-584
Position qualifier, 211-212
Post events, 374
PowerShell, 11
advanced Appcmd.exe and, 555-556
for failed request tracing configuration, 571
for IIS management, 188-189, 225-226
for user and permission management, 244-245
Pre-boot Execution Environment (PXE), 139
Preconditions
application pool, 632
application surface area reduction and, 462
applicationPoolName, 387
bitness32 load, 387-389
for Managed Engine module, 385
handler mappings as module, 385, 393
managedHandler, 387, 390-391
of classic pipeline mode, 386
of integrated pipeline mode, 386
of versions, 386
of Web server modules, 385-388
Pre-execute Handler stage, in request processing, 48, 374
Prepend order, in collections, 89
Privileges. See also Least privilege configuration
for administrative extensions, 440
IIS Manager extensions and, 443
in ASP.NET modules, 375-376
least-privileged user accounts (LUA) and, 131
of code reduction, 414-418
Process identity (PID), 4, 215, 315, 508
Process Manager, 37-38
Process Monitor, 586-589
Process recycling logging, 557
Processor resources, performance and, 612-617
Profile feature, in IIS Manager, 163, 175
Progrid name, 439
Property pages, in features view, 170-171
Protocol listener, HTTP.sys as, 33-34
ProtocolSupportModule, 64
Providers, IIS Manager feature for, 166, 177
Provisioning, 240
Public extensibility APIs, 4
Publishing. See FTP Publishing Service
Python application framework, 323, 327
Q
QoS (Quality of Service), 624
Quotation marks, in Appcmd.exe tool, 201
R
Random access memory (RAM), 606, 614
Range operators of Appcmd.exe, 200-202
Rapid Fail Protection, 36, 309, 600, 613
Read Only delegation setting, 99-102
Read-Write delegation setting, 99-102
Recycling
event logs, 557
events, 312-315
limits on, 613
unexpected, 602
Redirection
configuration files for, 73, 140, 430
HTTPRedirection Module for, 413
IIS Manager feature for, 165, 176
Redundancy, 652
Redundant Array of Inexpensive Disks (RAID), 285, 621-622
Refresh Page button, for navigation, 159
Registry, 142, 236
Release State stage, in request processing, |48, 374
Reliability
of application pools, 301
Reliability and Performance Monitor for, 593, 603, 612, 616, 621, 633, 647-648, 652
shared hosting architecture and, 4
Remote administration, 229-257
configuration delegation for, 98, 104
IIS 6.0 MMC snap-in for, 11
IIS Manager and, 12, 154, 184-185, 230, 443
of ASP.NET applications, 341-342
of PHP applications, 352
shared server configuration and, 108
Web Management Service (WMSvc) and, 230-252
- configuration of, 232-240
- feature delegation in, 245-248
- installation of, 231-232
- logging, 254-257
- troubleshooting, 252-254
- users and permissions in, 240-245
- using, 249-252
Remote content
access to, 288-289
configuring applications for, 285
fixed credentials for, 287-288
overview of, 284-285
security for, 285-287
Remote Installation Services (RIS), 139
Remote logging, 541-547
Remove cmdlet, in PowerShell, 226
Remove Roles Wizard, 147
Request filtering, 449, 465, 474, 477-482
Request object, 320
Request processing pipeline, 6, 42-55. See also Worker processes and requests
actions of, 376-377
Appcmd.exe command line tool for, 215-217
ASP.NET requests and, 20-21
classic mode of, 43-46
description of, 33
failures ahead of, 592
modules for, 51-53, 58, 390-391
.NET integrated mode of, 46-51
non-HTTP, 53-55
overview of, 40-43
task ordering by, 51-53
Web server modules and, 372-375
Request queuing, kernel-mode, 34
RequestFiltering Module, 65, 414
RequestMonitorModule, 64
requiredPermission attribute, 525
Reset verb, 206
Resolve Cache stage, in request processing, 47, 374
Resources, constrained, 612-617
Response cache, 34
Response headers, IIS Manager feature for, 165, 176
Restoring configuration, 94-95, 213. See also Backing up
Right-click properties, 158
Role Service component, 50
RoleManager Module, 414
Roles feature, in IIS Manager, 164, 175
Root applications, 17
Root element of configuration, 87
Root virtual directories, 19, 263-264, 267
Root Web.config files, 38, 70-71, 178-179
Round robin option, for load balancing, 652
Routing table data, 34
Ruby on Rails applications framework, 4, 324, 327
Run-time container, 264-266
Run-time extensibility. See Web server modules
Run-time information, 4
Run-time State and Control API (RSCA)
accessing, 590-591
administration extensions and, 436, 438-439
overview of, 13-14, 318
RequestMonitorModule for, 64
troubleshooting and, 589
S
Sandbox, security, 4, 41, 265, 307, 439
Sc query tool, 582
Scalability, for performance, 649-652
Schema
administration extensions and, 439
changes in, 431
collection element flexibility of, 88
configuration section, 74, 79, 425-427
encryption provider selection and, 521
for logging, 536-537, 622-623
lisschema.exe tool for, 432
state attribute from, 439
Scripts. See also PowerShell
administration stack and, 422
application frameworks and, 326
application pool lists from, 437-438
errors in, 344
for editing configuration, 85
handler mappings based on, 362
IIS 6.0 legacy configuration, 266
Netsh scripting utility for, 611
permissions for, 362
PHP, 351
Windows Management Instrumentation (WMI) for, 11, 15
Search verb, 206, 220-222
Searching virtual directories, 282-284
Sections, configuration, 75-79
attributes for, 88
components of, 423-424
declarations of, 75-76, 102-103, 428-430
default delegation of, 527-529
elements in, 77-79
groups in, 76-77
installation of, 431-432
schema of, 79, 425-427
securing, 432-436
Secure Sockets Layer (SSL), 511-515
client certificate mapping authentication and, 502-503
client certificates for, 514-515
configuring, 511-512
FTP over, 5
HTTPS binding and, 271
IIS client certificate mapping authentication and, 503-505
IIS Manager feature for, 166, 177
multiple Web sites and, 271
performance and, 606, 611-612
requiring, 512-514
Web Management Service (WMSvc) and, 235
Security, 447-531. See also Encryption
access control for, 474-482
- IP and domain restrictions for, 475-477
- request filtering for, 477-482
application surface area reduction for, 460-465
- minimum enabled modules for, 460-461
- minimum handler mappings for, 461-462
- minimum MIME Types for, 464-465
- Web site permissions for, 462-464
attack surface area reduction for, 450-460
- minimum CGI programs for, 458-459
- minimum FastCGI programs for, 459-460
- minimum ISAPI extensions for, 455-458
- minimum ISAPI filters for, 454-455
- overview of, 450-451
- Web server minimal installation for, 451-454
authentication for, 490-511
- anonymous, 491-493
- basic, 493-495
- client certificate mapping, 501-503
- delegation of, 509-511
- digest, 495-497
- IIS client certificate mapping, 503-507
- overview of, 490-491
- UNC, 508-509
- Windows, 497-501
authorization for, 483-489
- NTFS ACL-based, 483-485
- URL, 485-489
backing up and, 95
best practices for, 267, 293
Code Access Security (CAS) for, 375, 439
for application pools, 301, 306-307
for configuration, 515-530
- by restricting access, 516-520
- delegation control for, 525-530
- sections of, 432-436
- sensitive, 520-525
for remote content, 285-287
for Web server modules
- locking down extensibility for, 418-420
- overview of, 410-411
- privilege of code reduction for, 414-418
- surface area reduction for, 411-414
Internet Protocol Security (IPsec) policies for, 600
least privilege configuration for, 465-474
- in application pool identity, 466-468
- in isolating applications, 472-474
- in NTFS permissions, 468-470
- in trust for ASP.NET applications, 470-472
local user administrator, 132
locking down extensibility for, 371
modules and, 58, 61-63
of administration extensions, 439-440
of IIS Manager extensions, 443-446
overview of, 447-450
performance versus, 606-612
- authentication in, 610-611
- overhead measurement for, 606-610
- Secure Sockets Layer (SSL) in, 611-612
sandbox for, 4, 30, 265, 307
Secure Sockets Layer (SSL) for, 511-515
- client certificates for, 514-515
- configuring, 511-512
- requiring, 512-514
user profile loading and, 309
Web.config file size and, 75
Security Identifiers (SIDs)
for application pools, 41, 306-307, 473
for IIS IUSRS group, 448
Web Management Service (WMSvc) and, 232
selectiveLogging option, 622-623
Self-signed certificates, 234-235
Server Certificate Alert, 234
Server Core installation, 22
Server Core Web Edition scenario for Installing IIS 7.0, 128-131
Server Manager
IIS 7.0 installation by, 117-118, 131-132, 370
Web Management Service (WMSvc) installation by, 231
Server workload. See Installing IIS 7.0
ServerManagerCMD command line tool
IIS 7.0 installation by, 117-118, 133-135, 138
logs of, 144-145
to remove IIS, 148
update names in, 127-128
Web Management Service (WMSvc) installation by, 231-232
Servers
Appcmd.exe command line tool and, 214
baseline for, 606-608
certificates for, 166, 175, 177
configuration sharing by, 107-113
core, 5-8
hanging by, 603
IIS Manager feature for, 177
in Web farms, 650-651
performance of, 633-634
Server-Side Include (SSI) directives, 602
Server-side module service, 441-442
Service level agreements (SLAs), 635
Service Principal Name (SPN) registration, 498, 500
Service unavailable error 503, 600
Services, in Web server role installation, 142
Session state
affinity and, 651
cookie-based, 513
for remote logging, 542-543
IIS Manager feature for, 166, 172, 177
sticky, 651
System.Web.SessionState.SessionStateModule for, 64
Set cmdlet, in PowerShell, 226
Set verb
for application pool settings, 304
for config object, 206, 208-212
in Appcmd.exe syntax, 191
objects created by, 204-205
Setup.exe tool, 139
Shared configuration
delegation configuration storage for, 248
IIS Manager feature for, 166, 177
of servers, 80, 107-113
permissions for, 520
redirection.config for, 73
Shared hosting architecture, 4
Shockwave file types, 354
Simple Mail Transfer Protocol (SMTP), 141, 166, 539
Simultaneous connection limits, 25
Single parameter view, of Appcmd.exe output, 197
Site object, in Appcmd.exe, 192
SiteDefaults configuration, 538
Sites pages, 171
Smart Cards, 514
Speed. See Performance
Spindles, 622
SQL Server
affinity and, 651
logging module of, 546-547
Management Studio of, 546
user database of, 63
Start Site command, 214, 276-277
state attribute, 439
States, delegation, 246-247
Static compression, 642-644
Static Compression Module, 414
Static content Web server scenario for installing IIS 7.0, 119-120, 138
Static file extensions, 325, 354-356
Static IP address, 16
StaticFile Module, 58, 128, 325, 395-396, 461, 464-465
Sticky state, for load balancing, 651-652
Stop button, for navigation, 159
Stop Site command, 214, 276-277
Storage Area Network (SAN), 285
Striping technologies, 621
Strong name signature, 383
Switched networks, 623
Syntax
configuration, 74-80
- location tags in, 80
- overview of, 74-75
- section declarations in, 75-76
- section elements in, 77-79
- section groups in, 76-77
- section schema in, 79
- Web.config file size and, 75
for Appcmd.exe
- application pool configuration by, 303
- application pool identity configuration by, 308
- binding setting by, 272
- connection limits and bandwidth throttling setting by, 274
- overview of, 191-193, 195
- recycling events logging by, 313-314
- request list execution by, 318
- user profile loading by, 311
- virtual directory configuration by, 281
- virtual directory creation by, 279
- virtual directory searching by, 283
- Web application changes by, 295
- Web application creation by, 293-294
- Web application list by, 298
- Web site addition by, 268-269
- worker process list by, 317
Sysocmgr.exe tool, 139
Sysprep, for installing IIS 7.0, 138
System Center Operations Manager 2007, 648
System.Web.Caching.OutputCacheModule, 64
System.Web.Security.FormsAuthenticationModule, 65
System.Web.SessionState.SessionStateModule, 64
SystemEventLog, 92-93
SYSWOW64 emulation mode, 266
T
Tasklist tool, 584
Tcl application framework, 327
Tcpanalyzer.exe network analysis tool, 624
Text view, of Appcmd.exe output, 197
Throttling
bandwidth, 273-274
performance and, 613-614
value for, 273
Tiles view, in features view, 169
TokenCacheModule, 64
Top-level help, 194-195
Total cost of ownership (TCO), 4
Tracing, 563-578. See also Troubleshooting
ASP.NET integrated with, 576-577
failed request, 564-576
- enabling and configuring, 565-572
- reading logs of, 572-576
performance and, 577-578
Translation layer, for compatibility, 40
Transmission Control Protocol (TCP), 260, 583, 623-625
Transport Layer Security (TLS), 447, 511
Tree display, 159
Troubleshooting, 579-601. See also Diagnostics; Failure; Tracing
application availability, 312
HTTP, 594-602
- common problems in, 598-601
- error types in, 594-596
- log checking in, 596-598
installing IIS 7.0, 143-145
methodology for, 579-580
overview of, 30
request processing pipeline, 216
requests, 320
tools and utilities for, 581-594
- Appcmd.exe command line tool in, 586
- Event Viewer in, 591-592
- failed request tracing in, 592
- IIS Manager in, 589-591
- netstart and sc query in, 582
- Network Monitor in, 593-594
- overview of, 581-582
- ping in, 583
- PortCheck in, 583-584
- Process Monitor in, 586-589
- Reliability and Performance Monitor in, 593
- tasklist and netstart in, 584
- WFetch 1.4 in, 584-586
Web Management Service (WMSvc), 252-254
Trust levels
configuration access and, 525
for ASP.NET applications, 416-419
IIS Manager extensions and, 443, 445
IIS Manager feature for, 164, 175
least privilege configuration for, 470-472
TrustedInstaller-only access control list (ACL), 427
TTFB (time to first byte), 646
TTLB (time to last byte), 646
Tuning. See Performance
Two-factor authentication schemes, 514
U
Unattended answer files, 133, 136-138
Unauthorized user error message (404), 253-254
Unified Security Model, 62
Universal Naming Convention (UNC), 264
access errors in, 598-599
Access Security policy of, 342
authentication in, 490, 508-509
content based on, 650
IIS Manager credentials and, 239
remote logging and, 542
remote shares in
- for ASP applications, 345
- for ASP.NET applications, 341-342
- for PCP applications, 352
virtual directories and, 448
Unlock verb, 206, 212
Unlocked configuration, 178-179
Update Cache stage, in request processing, 48, 374, 642
Upgrades, hardware, 652
URL Authorization and Output Caching, 330
UrlAuthorizationModule, 65
URLs (Uniform Resource Locators), 48, 60
authorization for, 414, 449, 483, 485-489
denied sequences of, 482
hidden segments of, 481-482
specific configuration for, 9
User accounts
administrative extensions and, 440
least-privileged, 131
managing, 240-245
scalability and, 649
types of, 239-240
User Account Control (UAC) for, 190
User interface. See IIS Manager
User management, IIS Manager feature for, 165, 176
User profile loading, 309-311
User-mode caching, 637-642
Users feature, IIS Manager feature for, 164, 175
UTF-8 encoding for logging, 539-540
V
Validation, 88, 143
Verbosity level, 219, 568, 571
Verbs, in Appcmd.exe, 192, 194-196, 479. See also Add verb; Delete verb; List verb; Set verb
Versions
application pool, 632
ASP.NET mechanism for, 330-332, 335-336
preconditions of, 386
settings for, 71, 84, 136
Virtual directories
Appcmd.exe command line tool for, 213-214
AppDomains serving, 41
applications versus, 263
configuring, 279-282
creating, 19, 277-279, 288
fixed credentials for, 342, 448, 467, 469-470, 473, 508-509
NTFS ACL-based authorization and, 484-485
searching, 282-284
splitting, 341
UNC authentication and, 508
Web sites and, 264
Vista
Appcmd.exe required for, 552-556
IIS (Internet Information Services) features in, 22-25
- for application development, 24
- for health and diagnostics, 24
- for performance, 25
- for security, 24-25
- FTP Publishing Service, 25
- HTTP, 24
- management tools, 25
- simultaneous connection limits, 25
- Windows Process Activation Service, 25
lisschema.exe tool and, 432
ManagedEngine Module in, 50
Tcpanalyzer.exe network analysis tool of, 624
user interface in, 145-147
user profile loading and, 310
Windows Communication Foundation (WCF) and, 23
W
Web applications, 291-299
creating, 292-296
listing, 297-299
Web Capacity Analysis Tool (WCAT), 301, 636-637, 647
Web farms, 650-651
Web gardens, 299-300, 318, 651
Web Management Service (WMSvc), 112
access permissions of, 517
IIS Manager and, 154, 444
remote administration and, 230-252
- configuration of, 232-240
- feature delegation in, 245-248
- installation of, 231-232
- logging, 254-257
- of IIS, 12
- of IIS Manager, 184
- troubleshooting, 252-254
- users and permissions in, 240-245
- using, 249-252
Web server modules, 367-420
configuration sections of, 424
extensibility in IIS 7.0 and, 367-371
run-time extensibility in, 368, 371-420
- Appcmd.exe for module management and, 403-408
- deploying assemblies of managed modules and, 382-384
- handler mapping additions for, 392-394
- handler mapping management in, 400-403, 408-410
- handler mapping types in, 394-396
- locking down, 418-420
- managed module uninstalling and, 384-385
- managed versus native modules and, 375-377
- module management and, 396-399
- module ordering and, 391-392
- module preconditions and, 385-388
- modules running for all requests and, 390-391
- native module installing and, 377-380
- native module uninstalling and, 380-381
- privilege of code reduction and, 414-418
- request processing pipeline and, 372-375
- security overview and, 410-411
- security surface area reduction and, 411-414
- x64 environments and, 388-389
Web servers
access levels for, 468-469
minimal installation of, 451-454
Web Service Extension Restriction List, 343, 409-410, 457
Web sites, 259-290
application pools and, 265-266
application surface area reduction and, 462-464
applications and, 262-264
client certificate mapping authentication and, 502
configuring bindings for, 270-273
creation of, 15-17
deleting, 205
IIS client certificate mapping authentication and, 504
limiting usage of, 273-275
logging and failed request tracing for, 275-276
Microsoft.Web.Administration and, 222-223
new, 267-269
overview of, 259-262
remote content and, 284-289
- access to, 288-289
- configuring applications for, 285
- fixed credentials for, 287-288
- overview of, 284-285
- security for, 285-287
root applications of, 296
starting and stopping, 276-277
unable to reach, 603
virtual directories and, 264, 277-284
- configuring, 279-282
- new, 277-279
- searching, 282-284
Web.config files, 4, 60
applicationHost.config files versus, 178
delegated application, 431
description of, 430
distributed, 72-73, 92
for application connections, 178
for configuration, 69-70, 98, 179, 208
in PHP application example, 78
locking extensibility and, 419
Read-Write delegation setting and, 99
size limitations of, 75
Web-based Distributed Authoring and Versioning (WebDAV), 289
WebUI, 143
WFetch 1.4 tool, 584-586, 603
Wildcard Common Name (CN) entries, 512
Wildcard handler mappings, 464
Wildcard mapping, 394, 402
Wildcards, 207
Windows authentication, 6, 61
for security, 497-501
IIS Manager extensions and, 444
IIS Manager feature for, 176
Kerberos protocol and, 448
module for, 414
overview of, 490
Windows Automated Installation Kit (WAIK), 138
Windows Communication Foundation (WCF), 14, 23, 53, 260-261
Windows credentials, 12, 238, 240-242
Windows Deployment Services (WDS), 138-139
Windows Explorer, 11, 572
Windows Forms applications, 11
Windows Management Instrumentation (WMI)
administration stack and, 422
benefits and limitations of, 189
for editing configuration, 85
for failed request tracing configuration, 571
for scripting access, 11, 15
for Web site management, 266
IIS 7.0 and, 4, 30, 117, 188, 226-227
lisschema.exe tool and, 432
remote administration and, 229
Windows Process Activation Service (WAS)
application pool configuration files and, 517, 519
configuration sections and, 428
in HTTP request processing, 33-34
in IIS architecture, 30, 37-38
in Windows Server 2008 and Vista, 23, 25
non-HTTP request processing and, 53-55
overview of, 14
security identifier creation by, 307
troubleshooting and, 582
Web sites and, 260-261
worker process performance counters in, 608
Windows Server 2008
for installing IIS 7.0, 139-140
IIS (Internet Information Services) features in, 22-25
- for application development, 24
- for health and diagnostics, 24
- for performance, 25
- for security, 24-25
- FTP Publishing Service, 25
- HTTP, 24
- management tools, 25
- simultaneous connection limits, 25
- Windows Process Activation Service, 25
lisschema.exe tool and, 432
user interface in, 145-147
Windows Setup, 370-371
for installing modules, 377
for uninstalling modules, 380
.NET extensibility component of, 381
schema files and, 425
Windows Task Manager, 606
Windows User Account Control, 131
Worker Process Isolation Mode, 328
Worker processes and requests
administrative extensions disabled by, 440
anonymous authentication and, 467
Appcmd.exe command line tool for, 215-217
application failure in, 34
application pool SIDs for, 448
application pools and, 265, 300, 308-309
as core architecture component, 31, 40-42
authentication providers in, 63
baseline for, 606-608
configuration data security and, 436
crashes in, 592
FastCGI, 359
idle shutdown of, 313
IIS extensibility in, 415
IIS Manager feature for, 166, 177
limits on, 613
modules running for all, 390-391
monitoring, 315-320
overview of, 314-315
performance counters for, 608-610
PHP execution identity and, 350
Process Monitor for, 589
user profile loading and, 309
W3SVC health monitoring of, 36
Workload server. See Installing IIS 7.0
Workspace, in IIS Manager. See Content view; Features view
World Wide Web Consortium (W3C), 254, 535, 541, 549
World Wide Web Publishing Service (W3SVC)
certificates and, 512
in HTTP request processing, 33, 36
in IIS architecture, 30, 35-37
in Web site management, 260, 276
troubleshooting and, 582
Windows Process Activation Service (WAS) and, 37
worker process monitoring by, 36, 315
worker process performance counters in, 608-610
World Wide Web server provider, 569
wow64, 388
X
x64 platform, 388-389, 631
© Microsoft. All Rights Reserved.