microsoft press internet information services iis 70 resource kit phần 3 pot
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (2.36 MB, 81 trang )
132
Part II:
Deployment
Preparing Local User Administrator Security
Make sure to either log on using the built-in Administrator account or else to explicitly start
your applications by using the built-in Administrator account credentials. You can use the
runas command line tool. For example, to launch Notepad, you could run the following
command:
runas /user:Administrator Notepad.exe
You will then be prompted for the password of the Administrator account.
Note
It’s useful to have a command prompt shell that already has elevated credentials. You
can start such a shell with the following command:
runas /user:administrator cmd.exe
Every application you run from the resulting command prompt will use elevated credentials as
well, and you will not need to use the runas command line tool from that command prompt.
Installing IIS 7.0 Using Server Manager
Server Manager provides a single console to perform all administrative functions on Windows
Server 2008. When you first log into Windows Server 2008, Server Manager should automatically launch. To manually launch Server Manager, from the Start menu, click All Programs,
Administrative Tools, and then Server Manager.
Follow these steps to install the Web Server (IIS) Server Role using Server Manager:
1. Start Server Manager.
2. Select Roles and then click Add Roles.
3. Follow the Add Roles Wizard prompts and select the IIS features you want to install.
Note
The following article walks you through an installation of IIS 7.0 using Server Manager:
/>
Using Package Manager
Windows optional features in both Windows Vista and Windows Server 2008 can be
installed using Package Manager (pkgmgr). The command line syntax using Package Manager
is as follows:
start /w pkgmgr.exe /iu:update1:update2...
Chapter 5:
Installing IIS 7.0
133
Note
If you run Package Manager without the start /w prefix, the pkgmgr command will
return immediately, and you will not know when the installation has completed.
See the following list for the most common Package Manager commands. For a complete list
of available commands, run the following command:
Pkgmgr.exe /?
■
/iu:{update name}; Specifies updates to install by update name. You can specify multiple updates to install by separating each update with a semicolon.
■
/uu:{update name}; Specifies updates to uninstall. You can specify multiple updates to
uninstall by separating each update with a semicolon. At least one update name must
be specified.
■
Specifies an XML file that provides information for an unattended
installation. (For information about performing an unattended installation, see the
section titled “Unattended Answer Files” later in this chapter.)
/n:{unattend XML}
Note
For more information about IIS.NET and Package Manager, see />articles/view.aspx/IIS7/Deploy-an-IIS7-Server/Installing-IIS7/Install-IIS7-from-theCommand-Line.
Using ServerManagerCMD
ServerManagerCMD, along with the GUI version of Server Manager, enables you to query,
install, and remove roles and features from the server. ServerManagerCMD also displays all
roles, role services, and available features, and it shows which are installed on the computer.
You can run the following command from the command prompt:
ServerManagerCMD.exe -query
Figure 5-2 shows an example of the resulting output.
If you want to install the Web Server role, for example, you could use the following command:
ServerManagerCmd -install Web-Server
You can also place the installation actions in an XML document like this (the xmlns string has
been formatted on multiple lines to fit on the printed page):
<Role Id="Web-Server"/>
</ServerManagerConfiguration>
134
Part II:
Deployment
Figure 5-2
ServerManagerCMD query of current modules.
If the XML were saved in a file named WebServerInstall.xml, you could then use the following
-whatIf switch from a command prompt to determine what would be installed based on the
input file.
ServerManagerCmd.exe -inputPath WebServerInstall.xml –whatIf
The resulting output is shown in Figure 5-3.
Figure 5-3
ServerManagerCMD output from the -whatIf switch.
Chapter 5:
Installing IIS 7.0
135
To actually perform the Web Server installation, run this command:
ServerManagerCmd –inputPath WebServerInstall.xml
Recall that if you want to find out what roles and features are installed, you can use the following query:
ServerManagerCmd -query
To save the list of installed roles and features to an XML file, use the following command:
ServerManagerCmd -query currentConfig.xml
Viewing the Currentconfig.xml file gives you all the information you need to figure out which
roles and features are installed on a server.
Here is the complete syntax for ServerManagerCMD:
-query [<query.xml>] [-logPath <log.txt>]
-install <name>
[-setting <setting name>=<setting value>]* [-allSubFeatures]
[-resultPath <result.xml> [-restart] | -whatIf] [-logPath
<log.txt>]
-remove <name>
[-resultPath <result.xml> [-restart] | -whatIf] [-logPath
<log.txt>]
-inputPath <answer.xml>
[-resultPath <result.xml> [-restart] | -whatIf] [-logPath
<log.txt>]
-help | -?
-version
Switch Parameters:
-query [<query.xml>]
Display a list of all roles, role services, and features available,
and shows which are installed on this computer. (Short form: -q)
If <query.xml> is specified, the information is also saved to a
query.xml file, in XML format.
-inputPath <answer.xml>
Installs or removes the roles, role services, and features
specified in an XML answer file, the path and name of which
is represent by <answer.xml>. (ShortForm: -ip)
-install <name>
Install the role, role service, or feature on the computer that is
specified by the <name> parameter. (Short form: -i)
-setting <setting name>=<setting value>
Used with the -install parameter to specify required settings for
the installation. (Short form: -s)
-allSubFeatures
Used with the -install parameter to install all subordinate
role services and features along with the role, role service, or
feature named with the -install parameter. (Short form: -a)
-remove <name>
Removes the role, role service, or feature from the computer that
is specified by the <name> parameter. (Short form: -r)
136
Part II:
Deployment
-resultPath <result.xml>
Saves the result of the ServerManagerCmd.exe operation to a
<result.xml> file, in XML format. (Short form: -rp)
-restart
Restarts the computer automatically, if restarting is necessary to
complete the operation.
-whatIf
Display the operations to be performed on the current computer
that are specified in the answer.xml file. (Short form: -w)
-logPath <log.txt>
Specify the non-default location for the log file. (Short form: -l)
-help
Display help information. (Short form: -?)
-version
Display the version of the Server Manager command that is running,
Microsoft trademark information, and the operating system.
(Short form: -v)
Examples:
ServerManagerCmd.exe -query
ServerManagerCmd.exe -install Web-Server -resultPath installResult.xml
ServerManagerCmd.exe -inputPath install.xml -whatIf
Unattended Answer Files
Windows Server 2008 unattended answer files, including IIS 7.0, are now formatted as XML,
unlike in previous versions of Windows. An answer file can provide a consistent, repeatable
approach when you need to install IIS 7.0 on many servers. You can use an answer file with
Package Manager and ServerManagerCMD. Each tool requires a slightly different format when
using an answer file. This section examines a sample answer file for each tool.
Package Manager is a Windows Server 2008 native tool provided to install IIS 7.0. To experiment with an unattended installation, use Notepad to create the following sample answer
file and then save it as Unattend.xml.
On the Disc
This answer file is also included on the companion media.
You’ll need to determine the version and processorArchitecture settings for your environment
and appropriately change the bold type lines shown in the following code before proceeding
with an unattended install using Package Manager.
Note To obtain the version number, open Windows Explorer, navigate to
%windir%\System32, right-click Regedt32.exe, and select Properties. Select the Details tab,
locate the File Version property (as shown in Figure 5-4), and use this value for the version
setting in your Unattend.xml file. To obtain the architecture, run Set from a command prompt
and look for the processor_architecture variable.
Chapter 5:
Figure 5-4
Installing IIS 7.0
Determining the file version.
<?xml version="1.0" ?>
name="Microsoft-Windows-Foundation-Package"
version="6.0.XXXX.XXXXX"
language="neutral"
processorArchitecture="x86"
publicKeyToken="31bf3856ad364e35"
versionScope="nonSxS"
/>
<selection name="IIS-WebServerRole" state="true"/>
<selection name="WAS-WindowsActivationService" state="true"/>
<selection name="WAS-ProcessModel" state="true"/>
<selection name="WAS-NetFxEnvironment" state="true"/>
<selection name="WAS-ConfigurationAPI" state="true"/>
</package>
</servicing>
</unattend>
To run the installation process, enter the following command at the command prompt:
pkgmgr /n:unattend.xml
137
138
Part II:
Deployment
You can save your XML unattended answer file on a network share and point Package
Manager to this file. Maintaining a single installation file helps streamline administration of
your installation processes.
ServerManagerCMD is the command line version of Server Manager. The syntax for the
unattended answer file is slightly different than the Package Manager syntax. You can use
ServerManagerCMD on all versions of Windows Server 2008 except Server Core.
Here is a sample file you can use with ServerManagerCMD. This example shows installing a
Static Content Web Server. Save the following content as Default.xml in your local disk (again,
the xmlns string has been split to fit on the printed page).
On the Disc
This file is also provided on the companion media.
<Role Id="Web-Server" />
</ServerManagerConfiguration>
To use this answer file with ServerManagerCMD, open a command prompt and type the following:
ServerManagerCMD.exe –inputPath Default.xml
Note
For more information about ServerManagerCMD and various workloads, see
/>
Sysprep/New Setup System
Sysprep has been used for years to prepare standard image files as part of a server deployment
process. Windows Server 2008 and IIS 7.0 support Sysprep-based deployments. As an alternative approach to running an unattended install every time you deploy a new server, you can
build a single server and install and configure IIS 7.0 on the server to fit your environment.
Once you run Sysprep, you can use an image capture program such as ImageX, which is
included in the Windows Automated Installation Kit (WAIK). You could then use Windows
Deployment Services (WDS) to deploy the image to servers in your environment.
One limitation to be aware of when using Sysprep with an IIS 7.0 installation is that the
original machine key values are encrypted and stored in the ApplicationHost.config file.
When the image is rolled out to a new machine, you’ll need to correct the machine key value as
part of your post-build process that occurs as part of the first logon procedure. The first logon
procedure can vary, depending on which tools you use to deploy images in your environment.
Chapter 5:
Installing IIS 7.0
139
Auto-Installs
Microsoft introduced Windows Deployment Services (WDS) in Windows Server 2003 Service
Pack 2 (SP2).
Windows Server 2008 includes Windows Deployment Services (WDS), which is the successor
to Remote Installation Services (RIS). WDS uses Pre-boot Execution Environment (PXE) to
deploy a Sysprep image or a scripted installation.
Whatever tools you decide to use, Windows Server 2008 and IIS 7.0 provide a variety of
options to help streamline your server deployment.
Note
For more information about WDS, see />en/library/9e197135-6711-4c20-bfad-fc80fc2151301033.mspx?mfr=true.
For more information about the WDS role that is included in Windows Server 2008, see
/>
Windows Server 2008 Setup for Optional Features
The tools introduced in Windows Server 2008 completely replace previous installation tools
such as Sysocmgr.exe and Setup.exe. A common install base provides many benefits. Windows Server 2008 offers a componentized install architecture.
Note For more information about installing optional features, see />articles/view.aspx/IIS7/Deploy-an-IIS7-Server/Installing-IIS7/Understanding-Setup-in-IIS7.
Direct from the Source: Debating Which Features to Include
in IIS 7.0
During the design of Windows Vista, the IIS team started to consider how to integrate
the new modular design of IIS 7.0 with the new installation technologies of Windows
Vista. (Windows Vista and Windows Server 2008 are based on the same code base, so
the many technologies that appear in Windows Server 2008 first appeared in Windows
Vista.) Although there were numerous technical issues to resolve, of course, the philosophical debate about what to install with IIS 7.0 by default was one of the hot topics.
When IIS 6.0 is installed, it has a lot of capabilities such as digest authentication, compression, default document handling, and other features that are more or less taken
for granted, because they are always there. With IIS 7.0, these and other features are
individual .dll files that can be installed or removed using the various operating system
140
Part II:
Deployment
installation technologies (Server Manager, ServerManagerCMD, or Package Manager).
The question facing the IIS team was whether IIS 7.0 should be installed by default
with features equivalent to those in the default installation of IIS 6.0, or—since the new
architecture is modular—whether only a minimal set of features should be installed.
The argument for IIS 6.0 equivalency is that this is what customers are expecting, and
IIS 6.0 was considered secure out of the box. The argument for a reduced feature set
is that it follows best practices to install only the minimal set required and have customers
opt-in for features explicitly.
In the end, the minimal feature set was the choice, and I think it is the right choice. If you
decide to install the Web Server (IIS) role and no other options, the only capability IIS
7.0 will have is to deliver static, anonymous content. You need to explicitly select
additional capabilities.
The nice thing is that Server Manager and ServerManagerCMD will respect dependencies that are fully described in the underlying packages that make up the installation
components for the various subsystems. So, if a customer wants to install ASP.NET, they
just need to select that option, and the installation system will automatically install
ISAPI capabilities and any other features that may be required to support the requested
feature. In this way, the customer gets enhanced security out of the box, and an easy way
to add functionality to the server.
Brett Hill
Post Installation
After your installation is complete, one of the first things you need to do is back up your
ApplicationHost.config, Administration.config, and Redirection.config files. These are stored
in the %windir%\System32\Inetsrv\Config folder. You can either make copies of these files
manually or use the Appcmd.exe Backup feature to make copies as follows:
//How to make a backup using Appcmd
%windir%\system32\inetsrv\appcmd.exe add backup “MyBackup”
This process will place critical files in the %windir%\System32\Inetsrv\Backup\MyBackup
folder. The Administration.config, ApplicationHost.config, Mbschema.xml, Metabase.xml,
and Redirection.config files are stored in this location.
After you back up your configuration, use the Web Server (IIS) Role Page to view the status of
IIS. Use the IIS Manager Console to configure the IIS features you installed.
Chapter 5:
Installing IIS 7.0
141
Folders and Content
Use the following list to validate your installation. These key files and folders store the critical
content and binaries for your IIS 7.0 installation.
■
%windir%\system32\inetsrv Root install folder of all IIS processes.
■
%windir%\system32\inetsrv\config Contains all configuration files related to IIS
including the ApplicationHost.config, Administration.config, and Redirection.config
files. These configuration files store all critical configuration information and data
related to IIS.
■
%windir%\system32\inetsrv\config\schema
Stores all XML schema definition files used
by configuration files.
■
Default root folder for IIS content. Note that it is suggested
you place your Web sites on a drive other than %SystemDrive%.
■
%SystemDrive%\inetpub\AdminScripts Contains scripts used for administering IIS and
related services. This folder is not installed by default. This folder is only installed when
compatibility components are installed.
■
%SystemDrive%\inetpub\custerr
%SystemDrive%\inetpub
Location for all IIS custom error Web pages. This is a
new location in IIS 7.0.
■
%SystemDrive%\inetpub\history Contains the automatic backups of the configuration
made by the ConfigHistory features in IIS 7.0. See Chapter 4, “Understanding the
Configuration System,” for details.
■
%SystemDrive%\inetpub\ftproot Default FTP root folder for the built-in FTP Publishing
Service.
■
%SystemDrive%\inetpub\logs\failedreqlogfiles Location for all IIS Failed Request Event
Tracing. This is a new location in IIS 7.0.
Note
The built-in FTP Publishing Service and SMTP Service logs are stored by default
in %windir%\System32\LogFiles.
■
%SystemDrive%\inetpub\mailroot
Root folder for all SMTP Service–related processes.
This is not installed by default.
■
%SystemDrive%\inetpub\temp Used by ASP.NET and IIS to store ASP compiled
templates and IIS temporary compressed files.
■
%SystemDrive%\inetpub\wwwroot Root Folder for Default Web Site. Note that it is
suggested you place your Websites on a drive other than %SystemDrive%.
142
Part II:
Deployment
■
%windir%\IIS7.log Setup Log file used to record the installation.
■
%windir%\system32\inetsrv\config\applicationHost.config Core configuration file used
by IIS. This is the main file that replaces the metabase in previous IIS versions.
Registry
The IIS 7.0 installation also records information about what is installed in the registry key.
HKEY_LOCAL_MACHINE\Software\Microsoft\InetStp\Components\.
This registry key contains only items that are currently installed. Modules that have never
been installed or that have been uninstalled are not listed.
Note
For more information about this topic, including a reference table with each registry
key value, see />Discover-Installed-Components.
Services
Table 5-8 is a list of the system services that get installed during a Web server role installation,
when all role services are selected.
Table 5-8
List of System Services Installed with the Web Server Role
Service Name
Description
ASP.NET State Service
Provides support for out-of-process session states for
ASP.NET. If this service is stopped, out-of-process requests
will not be processed.
IIS Admin Service
Enables this server to administer metabase FTP services. If
this service is stopped, the server will be unable to run metabase or FTP sites.
Web Management Service
Enables remote and delegated management capabilities
so that administrators can manage the Web server, sites,
and applications present on the machine.
Windows Process Activation
Service (WAS)
Provides process activation, resource management, and
health management services for message-activated
applications.
World Wide Publishing Service
Provides Web connectivity and administration through the
IIS Manager.
FTP Publishing Service (Built-in)
Enables this server to be a File Transfer Protocol (FTP)
server.
Chapter 5:
Installing IIS 7.0
143
Validation
To validate the Web Server (IIS) Server Role, you can open Server Manager and select Web
Server (IIS) Server Role. This provides a central console to view event logs, services related to
IIS, and other related services. You can also open the IIS Manager Console directly from the
Administrative Tools program group. One of the features in the IIS Manager Console you can
use to verify your installation is Modules. Double-click Modules to see if the appropriate
modules are listed as installed.
WebUI
IIS 7.0 introduces an entirely new IIS Manager. This application provides a single interface to
manage all IIS 7.0 Web sites and ASP.NET settings. Windows Server 2008 also provides the
Internet Information Services (IIS) 6.0 Manager to manage the built-in FTP Publishing and
SMTP Services. Chapter 6, “Using IIS Manager,” provides in-depth information about using
IIS Manager.
Users and Groups Provided in Windows Server 2008
New accounts and groups have been added in Windows Server 2008 for IIS 7.0. The IUSR
account replaces the IUSR_MachineName account. This is the default identity used when
anonymous authentication is enabled. The IUSR_MachineName account is still created and
used only when the FTP server is installed. If FTP is not installed, this account is not created.
The IIS_IUSRS group replaces the IIS_WPG group. This built-in IIS_IUSRS group has been
granted access to all the necessary file and system resources so that an account, when added
to this group, can act as an application pool identity.
Both the IUSR account and IIS_IUSRS group are built into Windows Server 2008. The IUSR
account is a limited account and does not need a password. This enables you to use Xcopy.exe
/o to seamlessly copy files along with their ownership and access control list (ACL) information to different machines. (Note that these user accounts will not be localized. Regardless of
the language of Windows you install, the IIS account name is always IUSR, and the group
name is IIS_IUSRS.) The IUSR account is the same type of account as the NETWORK SERVICE
or LOCAL SERVICE accounts. It has the same Security Identifier (SID) across all machines.
Troubleshooting Installation
The new XML declarative installation process provides rich and detailed log information. This
can be helpful when you want to determine if the installation was successful. You can use
several areas to determine how the installation completed. You can use the traditional Windows Event Logs, the IIS7.log file, and the ServerManagerCMD log file that was created if you
144
Part II:
Deployment
specified the appropriate ServerManagerCMD switch (see the section titled “Other Related
Logging Options” below).
Event Logs
You can use the built-in Application, Security, and System event logs to help troubleshoot
and determine if your installation was successful. These are important sources of information that are maintained by the operating system. The event logs catalog all kinds of events
including errors that happen during a failed installation. This can help you track down
specific errors.
IIS 7.0 Log
The new componentized installation provides rich and detailed logging of information to help
troubleshoot installation issues. The most common errors are related to not being logged in as
Administrator or not having administrative privileges. IIS provides a detailed log located in
the file %windir%\IIS7.log. This log contains easy-to-read and descriptive text for each component’s installation. This information can be used to troubleshoot your entire IIS installation or
to troubleshoot a specific component. The following is an example of the IIS log:
[05/09/2007 00:43:31] [ ***** IIS 7.0 Component Based Setup ***** ]
[05/09/2007 00:43:31] "C:\Windows\System32\inetsrv\iissetup.exe"
/install SharedLibraries
[05/09/2007 00:43:31] Created NetFrameworkConfigurationKey
[05/09/2007 00:43:32] Set ACLs on NetFrameworkConfigurationKey
[05/09/2007 00:43:32] Created iisWasKey
[05/09/2007 00:43:32] Created iisWasKey user key
[05/09/2007 00:43:32] Created iisConfigurationKey
[05/09/2007 00:43:33] Created iisConfigurationKey user key
[05/09/2007 00:43:33] Set ACLs on iisConfigurationKey
[05/09/2007 00:43:33] iisConfigurationKey already exists
[05/09/2007 00:43:33] Created AesProvider
[05/09/2007 00:43:33] Created IISWASOnlyAesProvider
[05/09/2007 00:43:33] Install of component SharedLibraries succeeded!
[05/09/2007 00:43:33] Success!
[05/09/2007 00:43:33] [ End of IIS 7.0 Component Based Setup ]
Whenever you need to troubleshoot installation issues, the IIS7.log should be the first place
you look for errors.
Other Related Logging Options
The ServerManagerCMD tool provides extensive logging capabilities. This section describes
how to invoke the logging option when you use ServerManagerCMD.
To capture output of your installation results, use the following command:
ServerManagerCMD.exe –install Web-Server –resultPath InstallResults.xml
–logPath InstallResults.txt
Chapter 5:
Installing IIS 7.0
145
To capture output of your uninstall results, use the following command:
ServerManagerCMD.exe –remove Web-Server –resultPath UnInstallResults.xml
–logPath UnInstallResults.txt
Each of these result logs contains detailed information that can help you troubleshoot issues
or determine your installation status. You can use a text editor such as Notepad to view the
results. If you are experiencing an error, you can locate the error by using the Find command
inside your text editor.
Package Manager (pkgmgr.exe) also provides logging to help troubleshoot deployments. The
location of the log file and folder is %windir%\Logs\CBS\CBS.log. Here is an excerpt showing
a command executed. The following example shows the command issued to install the
Default Web-Server role:
2007-11-20 05:27:44, Info
CBS
Pkgmgr: called with:
"pkgmgr.exe /iu:IIS-WebServerRole;IIS-WebServer;IISommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IISirectoryBrowsing;IIS-HttpErrors;IIS-HealthAndDiagnostics;IISttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-Security;IISequestFiltering;IIS-HttpCompressionStatic;IIS-WebServerManagementTools;
IS-ManagementConsole;WAS-WindowsActivationService;WAS-ProcessModel;WASetFxEnvironment;WAS-ConfigurationAPI"
2007-11-20 05:27:44, Info
CSI
0000001@2007/11/20:13:27:44.373 WcpInitialize (wcp.dll version 0.0.0.5)
called (stack @0x700e7ee9 @0xca1672 @0xc9b8fa @0xc9c378 @0x77cb1cc2
@0x77d88785)
Removing IIS 7.0
As easy as it is to install IIS 7.0 using Server Manager, ServerManagerCMD, or Package Manager, these tools allow for similarly efficient and straightforward techniques to remove specific
features or to remove the entire Web Server (IIS) Server Role.
The User Interface in Windows Server 2008 and Windows Vista
To uninstall IIS or the Web Server Role by using ServerManager, complete the following
steps:
1. Start Server Manager by clicking Start Menu, All Programs, Administrative Tools, Server
Manager. The Server Manager window is displayed.
2. In the Server Manager, select Roles.
3. The Roles Summary view is displayed, as shown in Figure 5-5.
4. Click the Remove Roles link to display the Remove Roles Wizard.
5. Click Next to display the Remove Server Roles page.
146
Part II:
Deployment
Figure 5-5
Server Manager, Roles Summary view.
6. Clear the Web Server (IIS) check box to uninstall the Web Server Role, as shown in
Figure 5-6.
Figure 5-6
Clear the Web Server (IIS) check box to uninstall the Web Server Role.
Chapter 5:
Installing IIS 7.0
147
7. Click Next to display the Confirm Removal Selections page, as shown in Figure 5-7.
Figure 5-7
Remove Roles Wizard confirmation page.
8. Click Remove.
9. Click Close to return to Server Manager. You might be prompted to restart your computer depending on the roles that were uninstalled. When you return to Server Manager,
the Web Server Role will have been removed.
Command Line Method
You can use either Package Manager or ServerManagerCMD to uninstall the Web Server Role.
Using Package Manager
This section contains the process for using Package Manager to uninstall IIS. This example
assumes that all components were installed. Here is the syntax used:
start /w pkgmgr.exe /uu:{<update name>}
The parameter /uu:{<update name>} specifies the updates to uninstall. You can list multiple
updates by separating them with a semicolon. At least one update name must be specified.
148
Part II:
Deployment
Note
/uu indicates uninstall and is then followed by the selected update names.
The following command uninstalls everything related to the Web Server (IIS) Server Role
using Package Manager:
start /w pkgmgr.exe /uu:IIS-WebServerRole;IIS-WebServer;
IIS-CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;
IIS-DirectoryBrowsing;IIS-HttpErrors;IIS-HttpRedirect;
IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;
IIS-ASP;IIS-CGI;IIS-ISAPIExtensions;IIS-ISAPIFilter;
IIS-ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-HttpLogging;
IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;
IIS-CustomLogging;IIS-ODBCLogging;IIS-Security;
IIS-BasicAuthentication;IIS-WindowsAuthentication;
IIS-DigestAuthentication;IIS-ClientCertificateMappingAuthentication;
IIS-IISCertificateMappingAuthentication;IIS-URLAuthorization;
IIS-RequestFiltering;IIS-IPSecurity;IIS-Performance;
IIS-HttpCompressionStatic;IIS-HttpCompressionDynamic;
IIS-WebServerManagementTools;IIS-ManagementConsole;
IIS-ManagementScriptingTools;IIS-ManagementService;
IIS-IIS6ManagementCompatibility;IIS-Metabase;IIS-WMICompatibility;
IIS-LegacyScripts;IIS-LegacySnapIn;IIS-FTPPublishingService;
IIS-FTPServer;IIS-FTPManagement;WAS-WindowsActivationService;
WAS-ProcessModel;WAS-NetFxEnvironment;WAS-ConfigurationAPI
Using ServerManagerCMD
You can also use ServerManagerCMD to uninstall the Web Server Role. To uninstall, use the
following syntax:
ServerManagerCMD.exe –remove Web-Server
To generate a detailed log of the uninstall process, you can pipe the results and command line
syntax to a log file called ServerManagerCMD_Uninstall.txt, as shown here:
ServerManagerCMD.exe –remove Web-Server –resultPath results.xml
–logPath ServerManagerCMD_Uninstall.txt
Summary
We have covered the various ways you will be able to install the Web Server Role, specific
role services, and IIS 7.0 features. Windows Server 2008 offers a variety of ways to install,
configure, and remove IIS 7.0. The additional logging features can help you troubleshoot
installation problems. The information in this chapter should help make IIS 7.0 easier to
install and faster to configure, and the information can guide you in creating a cookie-cutter
approach to rolling out IIS 7.0 throughout your enterprise.
Chapter 5:
Installing IIS 7.0
149
Additional Resources
These resources contain additional information and tools related to this chapter:
■
Go to “Setup and Migration” in the TechCENTER on IIS.net at />default.aspx?CategoryID=13&tabid=2.
■
View the “IIS7—Setup and Migration” forums at />
■
For more information about the FastCGI module for IIS, read Bill Staples’s blog at
/>
■
A good introduction to IIS 7.0 Server Core is available at />view.aspx/IIS7/Explore-IIS7/Getting-Started/IIS7-on-Server-Core.
■
For more information about administering IIS 7.0 on Server Core installations of Windows
Server 2008, see />
■
The following article will walk you through an IIS installation using Server Manager:
/>Install-IIS7-on-Longhorn-Server?Page=2.
Part III
Administration
In this part:
Chapter 6: Using IIS Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Chapter 7: Using Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Chapter 8: Remote Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Chapter 9: Managing Web Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Chapter 10: Managing Applications and Application Pools . . . . . . . . . .291
Chapter 11: Hosting Application Development Frameworks . . . . . . . . .323
Chapter 12: Managing Web Server Modules . . . . . . . . . . . . . . . . . . . . . . .367
Chapter 13: Managing Configuration and User Interface Extensions . .421
Chapter 14: Implementing Security Strategies . . . . . . . . . . . . . . . . . . . . .447
Chapter 6
Using IIS Manager
In this chapter:
Overview of IIS Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Starting IIS Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
IIS Manager User Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Understanding Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
IIS 7.0 Manager Customization and Extensibility . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Remote Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Additional Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
IIS Manager is a graphical user interface (GUI) administration tool for Internet Information
Services (IIS) 7.0. It provides an intuitive, feature-focused, task-oriented management console
for working with both IIS 7.0 and ASP.NET settings. The user interface (UI) has fine granularity
and enables you to configure IIS 7.0 server and ASP.NET applications from within one
console. With IIS Manager, you can set up delegated management to allow application owners
to manage their applications remotely without having administrative access to the server.
IIS Manager is highly customizable and provides an extensible platform that you can use to
plug in your own features to manage custom settings and applications.
In this chapter, we will focus on the IIS Manager interface, discuss feature and configuration
mapping, and talk about IIS Manager customization and extensibility. We will also look at
configuring IIS Manager for remote administration.
Note
For a more detailed remote administration discussion, please refer to Chapter 8,
“Remote Administration,” and for instructions on how to use IIS Manager to perform common
administration tasks, see Appendix J, “Common Administration Tasks Using IIS Manager.”
Overview of IIS Manager
IIS Manager is a server administration tool that enables you to configure IIS 7.0 and ASP.NET
features from one fully integrated interface. You can get health and diagnostic information
and monitor a server’s operation including currently running requests, and you can also
administer membership. With its task-based intuitive GUI interface, the tool is aimed at
simplifying the administration tasks and reducing management complexity.
153
154
Part III:
Administration
IIS Manager in IIS 7.0 is much easier to use in comparison with the previous versions of the
IIS management console. In previous versions of IIS, the server management console was
implemented as a Microsoft Management Console (MMC) snap-in called Inetmgr.exe. The
MMC snap-in interface consisted of tabs with configuration settings. IIS 7.0 exposes many
more settings, and exposing more settings in the old management console would require
additional tabs in the snap-in. Having many tabs would make it difficult to locate a setting and
perform the administration tasks.
In IIS 7.0, the server administration tool has been completely rearchitectured and rewritten
from the ground up. Instead of an MMC snap-in, the management console for IIS 7.0 is
implemented as a user-friendly Windows Forms application that provides an easy-to-use,
feature-focused, task-based interface for configuring both IIS and ASP.NET features. As in
previous versions of IIS, the IIS 7.0 Manager application is also named Inetmgr.exe and is
located in the %SystemRoot%\System32\Inetsrv folder. But make no mistake—despite the
same name and location, it is a completely different IIS Manager!
One of the most important capabilities of IIS Manager is delegated management. IIS Manager
enables delegated management, letting application owners manage their applications
remotely without having administrative access to the server. With this capability, users of
hosted services can run IIS Manager on their desktop and remotely manage their sites and
applications on the server where they are hosted. Securely delegating administrative responsibilities can save a significant amount of time for a server administrator and can help to eliminate
the Web administration bottleneck. The server administrator, of course, has complete control
over what features are delegated to site and application owners.
IIS Manager supports remote administration over a firewall-friendly HTTPS connection,
with an option to support both Windows-based and other credentials for authentication. In
addition to Windows credentials, IIS Manager can also use alternative credentials stores to
identify users. IIS Manager credentials are particularly useful in scenarios in which you don’t
want to create Windows accounts for all remote users, or when the credentials are already
stored in a non-Windows authentication system and you want to keep them in a single store.
To connect to the server, IIS Manager uses HTTPS to establish a connection with the Web
Management Service (WMSvc). WMSvc is a Windows service that provides the ability to
manage IIS 7.0 sites and applications remotely using IIS Manager. By default, WMSvc listens
for requests on port 8172 on all unassigned IP addresses, but an alternate port and an IP
address can be configured if necessary. After the connection is established, based on user
actions in the UI, IIS Manager sends Management Service requests, for example, requesting a
change to a configuration setting in a web.config file. When the Web Management Service
gets a request from IIS Manager, it performs the requested action and returns a response. All
interactions between IIS Manager on the remote machine and WMSvc on the server computer
are over HTTPS. This architecture is shown in Figure 6-1.
Chapter 6:
machine.config
Using IIS Manager
155
applicationHost.config
root web.config
site web.config
IIS Manager
HTTPS
Web
Management
Service
Read/
Write
application
web.config
directory
web.config
application
web.config
directory
web.config
Figure 6-1
directory
web.config
IIS Manager and the Web Management Service.
Most requests from IIS Manager to the Web Management Service are to read from, and write
to, the hierarchy of configuration files on the server, including applicationHost.config file,
.NET Framework root web.config, and web.config files for sites, applications, and directories.
Other IIS Manager requests include requests to read the run-time state and work with
providers on the server.
What’s more, IIS Manager is extensible. It has its own configuration file, administration.config,
that enables custom functionality to be added. Any added administration plug-ins are
integrated into IIS Manager and appear alongside IIS and ASP.NET features. From this
perspective, IIS Manager is not just an application, but rather an extensible platform that
developers can use to plug in their own features to manage custom settings.
Starting IIS Manager
You can start IIS Manager from the Administrative Tools program group, or you can run
%SystemRoot%\System32\Inetsrv\Inetmgr.exe from the command line or from Windows
Explorer. The IIS Manager Start page is shown in Figure 6-2.
156
Part III:
Administration
Figure 6-2
IIS Manager Start page.
Note
To run IIS Manager with administrative privileges on the server machine, instead
of logging on as an administrator, it is recommended you use the runas command in the
non-administrative user context, for example: runas /user:<AdministratorAccount>
“%SystemRoot%\system32\inetsrv\inetmgr.exe”.
The Start page enables you to open recent connections by double-clicking them in the
Recent Connections list. You can create new ones by selecting a task from the Connection
Tasks list. You may need to provide account credentials to create a new connection.
The Start page also provides links to online IIS resources and enables you to obtain recent
online news. The news is disabled by default. To enable news, click Enable IIS News in the
upper-right corner of the IIS News pane.
IIS Manager User Interface
IIS Manager has been completely redesigned in IIS 7.0. The look and feel differs from the
previous versions of IIS. IIS Manager navigation has a more browser-like feel with an address
bar similar to Windows Explorer. When you select a server, site, or application, the list of
their features in the central area somewhat resembles the Control Panel. Though some
interface elements are consistent with the previous versions of IIS, most of the interface is
different. Figure 6-3 shows the typical view of the IIS Manager user interface, with a server
home page in the central area.
