55
Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources

Chapter13 Administering Web Resources

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: Chapter13      Administering  Web  Resources

Managing a Microsoft Windows Server 2003 Environment

Chapter 13: Administering Web

Resources

Page 2: Chapter13      Administering  Web  Resources

2

Objectives

• Install and configure Internet Information Services (IIS)

• Create and configure Web-site virtual servers and virtual directories

• Configure Web-site authentication• Configure and maintain FTP virtual servers• Update and maintain security for an IIS server

Page 3: Chapter13      Administering  Web  Resources

3

Objectives (continued)

• Create and modify Web folders• Install and use the Remote Administration

(HTML) tools• Install and configure Web-based printing and

printer management• Troubleshoot Web client-browser connectivity

Page 4: Chapter13      Administering  Web  Resources

4

Installing and Configuring Internet Information Services

• Current version is Internet Information Services (IIS) 6.0

• IIS provides Web-related services that can be implemented to host a corporate intranet or to provide an Internet presence

Page 5: Chapter13      Administering  Web  Resources

5

Installing and Configuring Internet Information Services

(continued)

• IIS has four main components:• World Wide Web (HTTP) services

• File Transfer Protocol (FTP) services

• Network News Transfer Protocol (NNTP) services

• Simple Mail Transfer Protocol (SMTP) services

Page 6: Chapter13      Administering  Web  Resources

6

Installing Internet Information Services

• IIS 6.0 is not installed by default• Individual IIS components can be manually

installed through the Add or Remove Programs applet in the Control Panel

Page 7: Chapter13      Administering  Web  Resources

7

Installing Internet Information Services (continued)

Page 8: Chapter13      Administering  Web  Resources

8

Activity 13-1: Installing Internet Information Services

• Objective: To install IIS components• Start Control Panel Add or Remove

Programs Add/Remove Windows Components • Select and install individual components as

directed• Note changes on the server, folders created during

IIS installation, new accounts in Active Directory, operating system services, Web sharing feature

Page 9: Chapter13      Administering  Web  Resources

9

Activity 13-2: Viewing System Changes after Installing IIS

• Objective: To view the changes made to Windows Server 2003 after installing IIS

• Open Active Directory and browse for the new accounts that have been added:• 2 new user accounts and 1 new group account

Page 10: Chapter13      Administering  Web  Resources

10

Activity 13-2 (continued)

• Browse various folders that contain files needed for IIS services and open the Services utility:• FTP Publishing Service• IIS Admin Service• Network News Transfer Protocol (NNTP)• Simple Mail Transfer Protocol (SMTP)• World Wide Web Publishing Service

• Browse properties of a service• Stop a service and configure its startup options

Page 11: Chapter13      Administering  Web  Resources

11

Architectural Changes in IIS 6.0

• IIS 6.0 is similar to IIS 5.0 with Windows 2000• Changes relate to how processes are managed and

maintained and updated metabase files• Metabase now stored in 2 standard XML files

• MetaBase.xml and MBSchema.xml• Human-readable• Better read performance• Industry-standard data representation• Found in %systemroot%\system32\inetsrv

Page 12: Chapter13      Administering  Web  Resources

12

Architectural Changes in IIS 6.0 (continued)

Page 13: Chapter13      Administering  Web  Resources

13

Configuring Web Server Properties

• Primary tool used for configuration of Web Server properties is IIS MMC snap-in

• Available on Administrative Tools menu• Default sites and services include:

• FTP Sites• Application Pools• Web Sites• Web Service Extensions• Default SMTP Virtual Server• Default NNTP Virtual Server

Page 14: Chapter13      Administering  Web  Resources

14

Activity 13-3: Exploring the Internet Information Services

MMC Snap-in• Objective: To explore the basic MMC snap-in

console and navigation• Start Administrative Tools Internet

Information Services (IIS) Manager• Explore the FTP Sites, Application Pools, Web

Sites, Web Service Extensions, Default SMTP Virtual Server, and Default NNTP Virtual Server nodes

Page 15: Chapter13      Administering  Web  Resources

15

Activity 13-3 (continued)

• Using the IIS tool, master properties can be configured for Web and FTP sites from site-folder level

• If an individual site is pre-configured when master properties are set, you are prompted whether or not to change the site settings

Page 16: Chapter13      Administering  Web  Resources

16

Activity 13-4: Viewing and Configuring the Master

Properties of the WWW Service• Objective: To explore the use of master properties

through the configuration of the WWW service• From the open IIS Manager window, open the

Web Sites folder properties• Configure the folder properties as directed• Test setting inheritance by viewing the Default

Web Site properties

Page 17: Chapter13      Administering  Web  Resources

17

Creating and Configuring Web-Site Virtual Servers

• A virtual server is a unique Web site that behaves as if it were on a dedicated server

• IIS can support many virtual servers on a single server

• Configuration conflicts are avoided by identifying the IP address, TCP port, and host header name of each Web site and ensuring that the site is uniquely identified through these features

Page 18: Chapter13      Administering  Web  Resources

18

Activity 13-5: Creating a New Web Site Using the Web Site

Creation Wizard• Objective: To become familiar with the Web Site

Creation Wizard• Change the port number of the Default Web Site

as directed and verify the change• Create a new Web site using the Web Site

Creation Wizard• Create a default HTML index page for the new

site

Page 19: Chapter13      Administering  Web  Resources

19

Activity 13-6: Creating a New Web Site Using the

IISWEB.VBS Script• Objective: To explore using the IISWEB.VBS

script as an alternative to the IIS tool for Web site creation

• Start Run type cmd OK• Make a new Web site home directory as directed• Run the IISWEB.VBS script as directed • Verify that the Web site has been created and

configured correctly

Page 20: Chapter13      Administering  Web  Resources

20

Modifying Web-Site Properties

• Individual Web site parameters can be modified and fine-tuned through the site’s properties

• Modifying an individual site’s properties does not affect any other sites

• Modifying an individual site’s properties overrides any configurations set in the master properties at the server level

Page 21: Chapter13      Administering  Web  Resources

21

Modifying Web-Site Properties (continued)

Page 22: Chapter13      Administering  Web  Resources

22

Activity 13-7: Configuring Web-Site Properties

• Objective: To explore and configure the available properties for an individual Web site

• Open IIS and the Properties of the site to be configured

• Configure settings as directed• Create an html file and configure it as a footer • Customize an error message• Verify the configured settings

Page 23: Chapter13      Administering  Web  Resources

23

Creating Virtual Directories

• A virtual directory points to a shared folder on the server

• An alias name can be created• Hides the real directory name

• Can simplify the path to the folder

• Clients can access a virtual directory by appending the alias name to the Web-site host name

Page 24: Chapter13      Administering  Web  Resources

24

Activity 13-8: Creating and Configuring a Virtual

Directory• Objective: To familiarize students with the process

of creating and configuring a virtual directory• Create and configure a new shared folder• Create a new index file for the Web site• Open and use the Virtual Directory Creation

Wizard to create a virtual directory with an alias• Explore Properties and verify proper configuration

of the site

Page 25: Chapter13      Administering  Web  Resources

25

Configuring Authentication for Web Sites

• Authentication is the determination of whether or not a user account has the proper permissions to access a resource such as a Web site

• IIS provides five levels of authentication:• Anonymous access

• Basic authentication

• Digest authentication

• Integrated Windows authentication

• .NET Passport authentication

Page 26: Chapter13      Administering  Web  Resources

26

Anonymous Access and Basic Authentication

• Anonymous access • Users do not need to provide a user name and password

• Uses the IUSR_servername user account to provide authentication credentials

• Basic authentication• User is prompted to supply a user name and password

• User needs a valid Windows Server 2003 user account

• One drawback is that information is transmitted using unencrypted Base64 encoding (easy to hack)

Page 27: Chapter13      Administering  Web  Resources

27

Digest Authentication and Integrated Windows Authentication

• Digest authentication• Similar to basic authentication but hashes user name

and password using MD5 algorithm • Has specific software and Active Directory

requirements

• Integrated Windows authentication• Does not prompt for password• Uses client’s logged on credentials• Used primarily for internal intranets, has specific

permissions requirements

Page 28: Chapter13      Administering  Web  Resources

28

.NET Passport Authentication and Multiple Authentications

• .NET Passport authentication• New method currently in testing to use the .NET

Passport service

• Will require preproduction tests and a registration process

• If multiple authentication methods are configured, specific rules apply concerning precedence and applicability

Page 29: Chapter13      Administering  Web  Resources

29

Activity 13-9: Configuring and Testing Web-Site

Authentication Options• Objective: To configure and compare two of the

Web-site authentication options• Discover the current configuration using the IIS

Manager tool• Explore the effect of the current configuration on

Web-site access• Change the configuration and explore the effect of

the change

Page 30: Chapter13      Administering  Web  Resources

30

Configuring Server Certificates and Secure Sockets Layer

• The Secure Sockets Layer (SSL) protocol encrypts Web traffic between a client and a Web server

• Configured from the Directory Security tab of the properties of a Web site

• Users access a secure server using https:// prefix• SSL requires a server certificate from a certificate

authority or from installed certificate services

Page 31: Chapter13      Administering  Web  Resources

31

Configuring FTP Virtual Servers

• The File Transfer Protocol (FTP) is used for file transfers between computers running TCP/IP

• FTP service is included with IIS 6.0• FTP uses two ports (TCP ports 20 and 21)

• Port 21 carries connection initiation and diagnosis information

• Port 20 carries data

• FTP uses Transmission Control Protocol (TCP)• Connection-based protocol, session precedes data

transfer

Page 32: Chapter13      Administering  Web  Resources

32

File Transfer Protocol• Features of TCP include:

• Sending computer waits for an acknowledgement and retransmits data if it is not received

• Packets are assigned a sequence number

• Packets contain a checksum for ensuring integrity

• FTP requires a server running FTP server software and clients must run FTP client software

• There are many free and shareware utilities that can be downloaded for running FTP

Page 33: Chapter13      Administering  Web  Resources

33

Configuring FTP Properties

• Multiple FTP sites can be configured on a single IIS 6.0 server

• Each site operates independently and runs transparently

• Each site has property sheets that can be customized independently

Page 34: Chapter13      Administering  Web  Resources

34

Configuring FTP Properties (continued)

Page 35: Chapter13      Administering  Web  Resources

35

Activity 13-10: Configuring and Testing the Default FTP

Site• Objective: To become familiar with the process of

configuring and testing an existing Web site• Open the IIS Manager tool and the Properties of

the Default FTP Site• Browse and configure various settings of the site• Log on as an anonymous user to test the site

configuration

Page 36: Chapter13      Administering  Web  Resources

36

Activity 13-11: Creating and Testing a New FTP Site and Configuring a Virtual

Directory

• Objective: To create an FTP site that includes a virtual directory located on a different server

• Create new folders for FTP site and configure permissions and IP address as directed

• Use the FTP Site Creation Wizard to create a site• Use the Virtual Directory Creation Wizard to

create a new virtual directory• Test the site by logging on and transferring a file

Page 37: Chapter13      Administering  Web  Resources

37

Updating and Maintaining Security for an IIS Server

• Sensitivity to security issues is always important for information published on the Internet

• Issues of importance in security and maintenance for an IIS server:• Alternatives to securing access to information

• Performing backups

• Stopping and starting IIS related services

• Applying updates

Page 38: Chapter13      Administering  Web  Resources

38

Resource Permissions

• Two types of permissions to secure Web resources• NTFS permissions

• IIS permissions

• The effective permission is always the most restrictive of configured permissions

• NTFS permissions• Normal NTFS file permissions can be applied to Web

pages and virtual directories

• Can be assigned to users and groups individually

Page 39: Chapter13      Administering  Web  Resources

39

Resource Permissions (continued)

• IIS permissions• Always global

• Can be configured for Web sites and FTP virtual servers, virtual directories, physical directories, files

• Can set Read and/or Write permissions

• Can set Execute permission if site contains scripts or executables

Page 40: Chapter13      Administering  Web  Resources

40

Activity 13-12: Configuring IIS and NTFS Permissions

• Objective: To explore the use of both IIS and NTFS permissions for protecting Web content

• Open the IIS Manager tool and access the Properties of a Web site to configure IIS permissions

• Test the IIS permissions as directed• Open the Properties of the Web content folder to

configure NTFS permissions• Test the NTFS permissions as directed

Page 41: Chapter13      Administering  Web  Resources

41

IP Address and Domain Name Security

• Can secure Web content by controlling access based on the IP address of the client

• Access can be explicitly granted or denied• Access can be controlled for a specific IP address

or a range of IP addresses

Page 42: Chapter13      Administering  Web  Resources

42

Activity 13-13: Testing IP Address Restrictions

• Objective: To explore securing Web content using restrictions on IP addresses

• Open the IIS Manager tool and the Properties of the Web site

• From the Directory Security tab, edit the IP Address and Domain Name Restrictions to deny access to a specific IP address

• Test the restrictions as directed

Page 43: Chapter13      Administering  Web  Resources

43

Starting and Stopping Services and Backing UP the IIS Configuration

• IIS 6.0 allows you to start and stop services through the IIS console

• IIS 6.0 stores configuration settings in the IIS metabase that can be backed up• Using the Backup utility in the IIS console

• By copying contents of the backup directory to a folder

• By exporting contents using the metabase editor

• By using the IISBACK.VBS script

• By backing up System State data using Backup utility

Page 44: Chapter13      Administering  Web  Resources

44

Activity 13-14: Backing Up the IIS Configuration

• Objective: To explore the use of the backup and restore facilities of IIS

• Open the IIS Manager tool and Backup/Restore Configuration facility for the server

• Create a backup as directed• Verify the backup• Restore the metabase from the backup as directed

Page 45: Chapter13      Administering  Web  Resources

45

Updating IIS 6.0

• Common updates to IIS are service packs and hot fixes

• Before updating, perform a full backup of server• Updates are often released to fix security issues• Microsoft Baseline Security Analyzer helps

determine which IIS hot fixes are installed

Page 46: Chapter13      Administering  Web  Resources

46

Creating and Modifying Web Folders

• A Web folder is a shared folder designed to be accessed using HTTP or FTP

• Use the Web Sharing tab of the folder Properties to configure the folder

• Web folders can use an alias name• The Edit Alias dialog box allows you to set the name,

access permissions, and application permissions

• Network clients can open a Web-based file using• Internet Explorer, My Network Places, Microsoft

Office XP

Page 47: Chapter13      Administering  Web  Resources

47

Activity 13-15: Configuring Web Folders and Exploring Access

Methods• Objective: To become familiar with configuring

and accessing a Web shared folder• Create a new folder and file• Configure the folder using the Web Sharing tab of

the folder’s Properties• Open the IIS Manager tool and verify that the

virtual directory appears• Open Internet Explorer to examine the folder and

file

Page 48: Chapter13      Administering  Web  Resources

48

Installing and Using Remote Administration (HTML) Tools

• Remote Administration (HTML) tools support the ability to manage IIS servers remotely via a Web browser interface

• On Windows Server 2003, these tools are not installed by default

• Tools must added manually via the Add/Remove Windows Components feature of Control Panel

Page 49: Chapter13      Administering  Web  Resources

49

Activity 13-16: Install and Explore the Remote Administration (HTML)

Tools• Objective: To explore the installation process and

to examine various settings from Internet Explorer• Start Control Panel Add or Remove

Programs Add/Remove Windows Components• Install the tools as directed• Open Internet Explorer, configure the site, and

connect to the Remote Administration Web site• Browse the site as directed

Page 50: Chapter13      Administering  Web  Resources

50

Installing and Configuring Internet Printing

• Internet Printing Protocol (IPP)• Allows printers to be managed via a Web browser

• Allows clients to send print jobs using HTTP

• Requires the installation of IIS and the Internet Printing component

• Internet Printing requires that the Internet Printing Web Service Extension and the Active Server Pages Extension be explicitly enabled

Page 51: Chapter13      Administering  Web  Resources

51

Activity 13-17: Configuring and Managing Internet Printing

• Objective: to explore Internet Printing settings, manage printers from IE, and install a printer to use Internet Printing

• Use the IIS Manager tool to configure Internet Printing on the server

• Use Internet Explorer to view printers and their properties

• Install a printer to use Internet Printing and verify that the printer port is configured correctly

Page 52: Chapter13      Administering  Web  Resources

52

Troubleshooting Web Client Connectivity Problems

• Client access problems are not uncommon• If a user is unable to access an IIS Server

• Check TCP/IP configuration settings, proxy settings, connections, set up error messages, use a protocol analyzer

• If a user is unable to access a Web or FTP site• Check permissions, authentication methods, IP address

and domain name restrictions, connection limits, port numbers, user accounts, invalid cached DNS information

Page 53: Chapter13      Administering  Web  Resources

53

Summary

• Internet Information Services (IIS) 6.0 is an application in Windows Server 2003 used to develop and host Web- and FTP-based services

• Four main components to IIS: World Wide Web (HTTP), File Transfer Protocol (FTP), Network News Transfer Protocol (NNTP), and Simple Main Transfer Protocol (SMTP) services

• IIS components must be manually installed

Page 54: Chapter13      Administering  Web  Resources

54

Summary (continued)• IIS configuration information is stored in two

XML files known as the metabase• The IIS MMC snap-in (the IIS Manager tool) is

the primary tool for IIS configuration• Virtual servers are unique Web or FTP sites that

behave as though they are on dedicated servers• IIS provides five levels of authentication to

validate users trying to access a Web site• Web communications can be encrypted using the

Secure Sockets Layer (SSL) protocol

Page 55: Chapter13      Administering  Web  Resources

55

Summary (continued)• To maintain an IIS server, an administrator should

use security features, perform backups, start and stop IIS services, and apply updates

• Remote Administration (HTML) tools are used to manage IIS 6.0 servers remotely

• The Internet Printing Protocol (IPP) allows printers to be managed via Web browser and allows clients to sent print jobs using HTTP

• Configurations can cause user access problems to either an IIS Server or a Web or FTP site, note the things to check first