Summary IIS

IIS (Internet Information Server)

Windows 2000 Professional and Server contains IIS 5.0 which is not installed by default. It can be installed via Add/Remove programs. (approx. 20 MB) If you upgrade to Windows 2000 from an earlier version and Peer Web services is installed, IIS 5.0 will be installed automatically. Windows 2000 Professional does not contain NNTP services.
IIS is installed in the \winnt\system32\inetsrv-directory. The default website is stored in \inetpub\wwwroot.
IIS stores its settings not in Active Directory. A small part is stored in the registry, the main part in a metabase. (c:\winnt\system32\inetsrv\metabase.bin) The metaedit 2.0 utility of the resource kit can be used to access the metabase.

IIS management

IIS is managed from the Internet Information Services snap-in which can be found via Computer Management/Service Applications/Services tab on Windows 2000 Professional. (IIS.MSC) Windows 2000 Professional users can also use Personal Web Manager to manage IIS. 
On Windows 2000 server you can start the Internet Information Services console via the administrative tools. Via the console you can modify the following properties :

Website

Web Site tab

bulletDescription
bulletip address. Default 'All Unassigned' so all ip address on the computer not used by other IIS services will be used for http.
bulletTCP port. Port used to respond to http requests. (default 80)
bulletConnections. Unlimited or limited to x seconds. (default 10 connections on Windows 2000 Professional, unlimited on server)
bulletConnection time out. (Default 900 seconds)
bulletHttp-keep-alive enabled. Should the client maintain an open connection ? Increase performance on client, but decreases server performance. (Default on)
bulletEnable logging. Select the logging format. Microsoft IIS log file format, NCSA common log file format or W3C extended log format. (default) You can customize each log format. The files are by default created per day and stored in \winnt\system32\logfiles.

Operators tab

This tab is not available on Windows 2000 Professional. You can set users and groups who are allowed to manage the web site. By default only administrators have this privilege.

Performance tab

bulletPerformance tuning. Set if you expect fewer than 10.000 hits, fewer than 100.000 hits (default) or more than 100.000 hits.
bulletEnable bandwidth throttling. Windows 2000 server only. Set the maximum allowed bandwidth in KB/Sec that may be used by the website.
bulletEnable process throttling. Windows 2000 server only. Set the maximum amount of processor usage that may be used by the website. If Enforce limits is not selected, only an event log entry is created when the setting is exceeded.

ISAPI filters tab

Internet Server Application Programming Interface filters are used to redirect a request to a specific URL to a program. Via this filter you can activate e.g. a logon program when a user request a specific URL.

Home directory tab

bulletWhen connecting to this resource...  Set where the web content is stored. A directory on the computer (default), a share located on another computer or an URL.
bulletLocated path. Path where the web content is stored. (default 'c:\inetpub\wwwroot')
bulletScript source access. Are users allowed to access the source code of scripts ? (default off)
bulletRead. Are users allowed to read or download the files in the folder ? (default on)
bulletWrite. Are users allowed to write in the folder ? (default off)
bulletDirectory browsing.  Can users view the folders of the web site ? (default off)
bulletLog visits. Should visits be logged in the specified log file ? (default on)
bulletIndex this resource.  Will the folder be indexed via Microsoft Indexing service ? (default on)
bulletApplication name.  
bulletExecute permissions. Sets how applications can be accessed. None, Scripts only or Scripts and Executables.
bulletApplication protection.  Set the protection for the application. Low (application runs in same process are web service), medium (a separate process for all applications) or high. (a separate process for each application)

Documents tab

bulletEnable default document. Set which document should be loaded first when accessing a website. The default order is default.htm, default.asp and iisstart.asp.
bulletEnable document footer. This html document will be displayed at the bottom of each web page that is send to a client.

Directory security tab

bulletAnonymous access and authentication tool. Set if anonymous web access is allowed and which account is used for it. (default on with IUSR_machine name account) You can also which kind of authentication is used if authentication is required :
bulletBasic authentication. Password is send in clear text. You can select the domain in which the accounts should be stored.
bulletDigest authentication for Windows domain servers.  Passwords should be stored encrypted. Only for Windows 2000 domain accounts.
bulletIntegrated Windows authentication. This is the default option. It offers secure Windows authentication.
bulletIP address and domain name restrictions. Allow or deny access for specific domains or ip addresses.
bulletSecure communications. Use certificate service for secure communications.

HTTP headers tab

bulletEnable content expiration. Set when the content is expired so a client will not use it's cache. You can let it expire immediately, after x minutes, days, etc, or at a specific date and time. By default the option is off.
bulletCustom http headers. Create a specific http header that is not supported by HTML.
bulletContent rating. Set is the website contains violence, sex, nudity or adult language.
bulletMime map

Custom errors tab

On this tab you can set which web page should be load on which HTTP error,

Server extensions tab

bulletEnable authoring. Set if authors can modify the website (default on), if version control should be used (none or built in) , set performance settings and the client scripting method. (Javascript or VBscript)
bulletOptions. Set how mail should be send and customize collaboration options if installed.
bulletDon't inherit security settings. Specify specific settings for security to overrule global security. Settings are Log authoring actions, manage permissions manually and require SSL for authoring.

IISReset tool

Use the iisreset tool to reset IIS. It has the following switches and can be used to remotely manage a server :

bullet/reboot. Forces a reboot of the computer.
bullet/restart. Stops and restarts all internet services.
bullet/start.  Starts the internet services.
bullet/stop. Stops the internet services.
bullet/rebootonerror.  Reboots the computer if an error is detected stopping, starting, or restarting the internet services.
bullet/noforce.  Will skip terminating the internet services if stopping them fails.
bullet/status. Displays status of all internet services
bullet/disable. Disable restarting internet Services.
bullet/enable. Enable restarting of internet Services.

If you do not specify any options, iisreset will stop and start the web services.

FTP (File Transfer Protocol)

Windows 2000 server and professional both can act as ftp server and ftp client. To connect to a ftp-server the command ftp is used with the following switches :

bullet-v. Verbose, limited information from the remote server is displayed.
bullet-n. Cancels autologin upon initial connection.
bullet-I. Turns off prompts during file transfers.
bullet-d. Displays all ftp commands passed between the client and server.
bullet-g Permits the use of wildcard characters.
bullet-s:filename. Specifies a text file containing commands.
bullet-w:windowsize. Overrides the transfer buffer size (default is 4096 bytes).
bulletservername. Server to connect to, (DNS name or ip-address)

More information

Related white papers

bullet Technical overview of Internet Information Services (IIS) 6.0
bulletInternet Information Services 5.0 technical overview
bulletThe art and science of web server tuning with Internet Information Services 5.0
bulletSecuring IIS 5.0 using batch-oriented command files

Other links

bulletIISadministrator.com
bulletMicrosoft : Deploying IIS 5.0 for DOT-coms
bulletTechnet : Setting up a reliable web server by using Windows 2000
bullet Introducing Windows .NET web server (Windows 2000 mag. apr. 2002)
bullet Thrustworthy IIS (Windows 2000 magazine)
bulletIIS informant (Windows .net magazine jan 2002)
bulletHow to setup a Windows 2000 web server (Windows NT magazine)
bullet Migrating from IIS 4.0 to IIS 5.0 (Windows 2000 magazine September 2001)
bulletJoining forces for high-performance web sites (Windows 2000 magazine may 2001)
bulletWorking with IIS 5.0 logs (Windows 2000 magazine mar 2001)
bulletIIS answers (Windows 2000 magazine jan 2001)
bulletIIS 5.0's hidden differences (Windows 2000 magazine jan 2001)
bulletIIS 5.0 opens the throttle (Windows 2000 magazine winter 2000)
bulletKeeping up with IIS security (Windows 2000 magazine oct 2000)
bulletWeb servers load balancers (Windows 2000 magazine apr 2000)
bulletWindows 2000 as webhosting platform ? (Australia.internet.com)
bulletTweak the IIS metabase the easy way (PlanetIT)
bulletIISTraining.com
bulletIIS 6 and its components (Swynk)
bulletMicrosoft releases IIS lockdown tool (Swynk)
bulletProtect IIS with the URLscan security tool (Swynk)
bulletInfo about the URL scan security tool (Q307608)
bullet How to audit your internet security policy (TechRepublic)

Search Windows 2000 knowledge base (on title)

bulletSearch for 'iis' in knowledge base
bulletSearch for 'iisreset' in knowledge base
bulletSearch for 'ftp' in knowledge base

Last update : 12 January 2003