Contents
Overview 1
What is IIS? 2
Preparing for an IIS Installation 3
Installing IIS 4
Configuring a Web Site 6
Lab A: Configuring a Web Site 17
Review 20

Module 4: Configuring
Web Services


Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2000 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, BackOffice, MS-DOS, PowerPoint, Visual Studio, Windows,
Windows Media, and Windows NT are either registered trademarks or trademarks of Microsoft
Corporation in the U.S.A. and/or other countries.

The names of companies, products, people, characters, and/or data mentioned herein are fictitious
and are in no way intended to represent any real individual, company, product, or event, unless
otherwise noted.

Other product and company names mentioned herein may be the trademarks of their respective
owners.

Project Lead and Instructional Designer: Rick Selby
Project Revision Leads: Red Johnston; Jaswinder Singh Lamba (NIIT [USA] Inc.)
Revision Development: NIIT (USA) Inc.
Instructional Designers: Victoria Fodale (ComputerPREP, Inc); Barbara Pelletier (S&T OnSite)
Program Manager: Rodney Miller
Testing Leads: Sid Benavente, Keith Cotton
Testing Developer: Greg Stemp (S&T OnSite)
Courseware Test Engineers: Jeff Clark; Jim Toland (ComputerPREP, Inc)
Graphic Artist: Julie Stone (Independent Contractor)
Editing Manager: Lynette Skinner
Editor: Kelly Baker (Write Stuff)
Copy Editor: Kathy Toney (S&T Consulting)
Online Program Manager: Debbi Conger
Online Publications Manager: Arlo Emerson (Aquent Partners)
Online Support: Eric Brandt (S&T OnSite)
Multimedia Development: Kelly Renner (Entex)
Compact Disc and Lab Testing: Data Dimensions, Inc.
Production Support: Irene Barnett (S&T Consulting)
Manufacturing Manager: Rick Terek (S&T OnSite)

Manufacturing Support: Laura King (S&T OnSite)
Lead Product Manager, Development Services: Bo Galford
Lead Product Manager: Gerry Lang
Group Product Manager: Robert Stewart
Simulations and interactive exercises were built by using Macromedia Authorware

Module 4: Configuring Web Services iii


Instructor Notes
This module provides students with the knowledge and skill necessary to
configure the built-in Web server for the Microsoft
® Windows® 2000 server
family. The module first introduces Internet Information Services (IIS) 5.0, and
then explains how to establish and configure Web sites.
At the end of this module, students will be able to:
 Describe the use of IIS.
 Plan an IIS installation.
 Install IIS.
 Configure a Web site.

Materials and Preparation
This section provides you with the materials and preparation needed to teach
this module.
Materials
To teach this module, you need the following materials:
• Microsoft PowerPoint
® file 1594B_04.ppt

Preparation

To prepare for this module, you should:
 Read all the materials for this module.
 Complete the lab.

Presentation:
35 Minutes

Lab:
30 Minutes
iv Module 4: Configuring Web Services


Module Strategy
Use the following strategy to present this module:
 What is IIS?
This topic introduces IIS. Explain the integrated environment of the
operating system and Web services. Briefly mention other Web services
available with IIS.
 Preparing for an IIS installation
This topic describes the requirements for a successful IIS installation.
Describe the network services and information that you must establish
before installing IIS.
 Installing IIS
This topic presents the procedure for installing IIS. Briefly explain the two
options for installing IIS, describe how to install IIS, and then explain how
to test the installation.
 Configuring a Web site
This topic describes the tasks for configuring Web sites. First, explain how
to configure Web site identification settings. Explain the purpose of the
home directory and the use of local and virtual directories. Next, describe

different authentication methods and how IIS authenticates users. Finally,
explain the use of default documents.

Customization Information
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.

The lab in this module is also dependent on the classroom
configuration that is specified in the Customization Information section at the
end of the Classroom Setup Guide for course 1594B, Installing and
Configuring Microsoft Windows 2000 File, Print, and Web Servers.

Lab Setup
The lab in this module requires that you perform the procedure specified in the
classroom setup guide before performing the lab.
Lab Results
Performing the labs in this module introduces the following configuration
changes:
 Default Web site is changed to Northwind Traders Web.
 Home directory for the Default Web site is changed to C:\nwindweb.
 Basic Authentication is enabled.
 Home.htm is made the first default document for the Default Web site.

Importan
t

Module 4: Configuring Web Services 1



Overview
 What is IIS?
 Preparing for an IIS Installation
 Installing IIS
 Configuring a Web Site


Microsoft® Windows® 2000 Server and Advanced Server integrate Web
publishing into the operating system with a built-in Web server, Internet
Information Services (IIS) 5.0. The integrated Web publishing environment
provided by Windows 2000 makes it easier for an organization to publish and
host Web content over a corporate intranet or the Internet.
At the end of this module, you will be able to:
 Describe the use of IIS.
 Prepare for an IIS installation.
 Install IIS.
 Configure a Web site.

Slide Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will learn
about configuring IIS on a
server running
Windows® 2000 Server or
Advanced Server.
2 Module 4: Configuring Web Services



What is IIS?
Windows 2000 Server or Advanced Server running IIS:
~
~
~


~
~
~


~
~
~
~
~
~


~
~
~


~
~
~

~~~ ~~~ ~~~
Intranet Internet
• World Wide Web (WWW) Server
• File Transfer Protocol (FTP) Service
• Network News Transfer Protocol (NNTP) Service
• Simple Mail Transfer Protocol (SMTP) Service


IIS installs automatically as a networking service when you install
Windows 2000. IIS is designed to support simple in addition to multiple Web
sites on a single Web server. The Web publishing features of IIS integrate the
latest Internet standards to provide higher levels of security, better performance,
and standards-based publishing protocols.
In addition to the World Wide Web (WWW) server, other Web services
available with IIS include:
 File Transfer Protocol (FTP) Service. Allows you to set up FTP sites for
uploading and downloading of files.
 Network News Transfer Protocol (NNTP) Service. Allows you to host
electronic discussion groups, or newsgroups. Newsgroups contain threaded
discussions, which consist of articles and follow-up posts that are related to
a particular subject.
 Simple Mail Transfer Protocol (SMTP) Service. Allows you to send mail
messages from one server to another over the Internet. In addition, many
mail clients require SMTP to send messages to a mail server.

Slide Objective
To illustrate the integrated
environment provided by
Windows 2000 for
publishing and sharing

information on an intranet or
the Internet.
Lead-in
You can use IIS to support
Web sites on a corporate
intranet or the Internet.
Module 4: Configuring Web Services 3


Preparing for an IIS Installation
Install TCP/IP
Install TCP/IP
Configure a Static IP Address
Configure a Static IP Address
192.168.120.133
192.168.120.133
192.168.120.133
Establish a Domain Name
Establish a Domain Name nwtraders.msft
nwtraders.
nwtraders.
msft
msft


Before you install IIS, make sure that you configure your server running
Windows 2000 with the following network services and information:
 Transmission Control Protocol/Internet Protocol (TCP/IP). You must
install TCP/IP before installing IIS to provide the connectivity necessary for
transmitting data.

 Internet Protocol (IP) address. You must use a static IP address for your
server if you intend to use IIS to publish content to the Internet. An IP
address is a 32-bit number that uniquely identifies a computer connected to
the Internet, to the other computers on the Internet.
 Domain name. To make your Web site accessible by a domain name instead
of an IP address, you need to have a Domain Name System (DNS) server
available. A DNS server is a distributed database that is used in IP networks
to resolve domain names to IP addresses. Windows 2000 uses DNS as its
primary method for name resolution.

Computers running Windows 2000 are configured to receive TCP/IP
configuration information from a Dynamic Host Configuration Protocol
(DHCP) server by default. You must configure TCP/IP with a static IP
address before you install the Microsoft DNS Server service and perform
any other DNS configurations.


Slide Objective
To identify the network
services and information
required before you install
IIS.
Lead-in
Proper preparation will help
ensure that your IIS
installation is successful.
Note
4 Module 4: Configuring Web Services



Installing IIS
To Install IIS
To Install IIS
To Install IIS
Perform the installation:
Adds Internet Services Manager to the
Administration Tools Menu
Adds the Default Web Site and the
Default FTP Site
Perform the installation:
Adds Internet Services Manager to the
Administration Tools Menu
Adds the Default Web Site and the
Default FTP Site
Test the installation:
Use Internet Explorer to view files in
home directory, C:\\Inetpub\Wwwroot
Test the installation:
Use Internet Explorer to view files in
home directory, C:\\Inetpub\Wwwroot


When you configure IIS during the installation of one of the operating systems
in the Windows 2000 server family, Setup adds the Internet Services Manager
to the Administrative Tools menu and creates the Default Web Site and
Default FTP Site. After you install IIS, you can test the IIS installation by using
a browser to view files over your intranet or the Internet.

Setup will upgrade existing versions of IIS and Microsoft Personal Web
Server (PWS) to IIS 5.0 when you install one of the operating systems in the

Windows 2000 server family.

Performing the Installation
When you install IIS, Setup adds Internet Services Manager to the
Administrative Tools menu. You use Internet Services Manager to manage the
Web server and configure Web and FTP sites. Setup also adds a default Web
site and FTP site during installation.
To install IIS after Windows 2000 has been installed, perform the following
steps:
1. In Control Panel, double-click Add/Remove Programs.
2. Click Add/Remove Windows Components, click Internet Information
Services (IIS), and then follow the on-screen instructions in the Windows
Components wizard to install IIS.

Slide Objective
To identify installation tasks
and results.
Lead-in
When you install IIS, Setup
adds the Internet Services
Manager to the
Administrative Tools menu
and creates the Default Web
Sites and Default FTP Site.
Note
Module 4: Configuring Web Services 5


Testing the Installation
After installing IIS, you should test your installation by using Internet Explorer

to view the files in your home directory. The home directory is the central
location for your published pages. ISS creates the default home directory in
C:\Inetpub\Wwwroot during Setup.
To test your installation, perform the following steps:
1. Start Internet Explorer on a computer that has an active connection to your
intranet or the Internet. This computer can be the computer that you are
testing, although it is recommended that you use a different computer on the
network.
2. In the Address box, type server_name (where server_name is the name of
your computer), and then press ENTER.
The home page for the default Web site installed during Setup appears in the
browser. A home page is the initial page of information for a Web site.

6 Module 4: Configuring Web Services




 Configuring a Web Site
 Identifying the Web Site
 Configuring the Home Directory
 Identifying Methods of Authentication
 Configuring Authentication
 Assigning a Default Document


Before users can connect to your Web site, you must configure the IP address
and domain name that users will use to connect to the Web site. You can also
specify the type of authentication used to validate a user’s logon information.
IIS 5.0 provides four methods of authentication: Anonymous, Basic, Digest,

and Integrated Windows authentication. To publish Web content, you need to
configure home and virtual directories to store that content. To help users
navigate your Web site, you can assign a default document. A default document
appears if a user request to the Web server does not include a file name.

For more information about IIS, see Internet Information Services 5.0
Technical Overview under Additional Reading on the Web page on the
Student Materials compact disc.

Slide Objective
To identify the tasks that
you perform when
configuring a Web site.
Lead-in
There are a number of tasks
that you need to perform
before users can connect to
your Web site.
Note
Module 4: Configuring Web Services 7


Identifying the Web Site
Default Web Site Properties
Directory Security HTTP Headers Custom Errors
Web Site
Operators Performance ISAPI Filters Home Directory Documents
Server Extensions
Web Site Identification
Connections

Enable Logging
Active log format:
W3C Extended Log File Format
Properties
OK Cancel
Apply
Apply Help
Unlimited
Limited To: 1000
connections
connections
900
seconds
Connection Timeout::
HTTP Keep-Alives Enabled
Advanced
Description:
IP Address:
TCP Port: 80
(All Unassigned)
Default Web Site
SSL Port:
SSL Port:


You need to set identification parameters for your Web site so that a Web
browsers can locate your Web server. To establish a Web site, you can
configure the default Web site or use the Web Site Creation wizard to create a
new site.
To configure the default Web site, perform the following steps:

1. In Internet Services Manager, right-click the Web site, and then click
Properties.
You can specify the following identification settings on the Web Site tab.
Setting Description

Description Determines the name of the Web site that appears in the
console tree in Internet Services Manager.

IP Address Specifies the IP address defined in Networking Services.
TCP Port Determines the port on which the Web service is
running. The default is port 80. You can change the port
to any unique TCP port number. However, users must
know in advance to request that port number, or their
requests will fail to connect to your server.
SSL Port Determines the port that is used for Secure Sockets
Layer (SSL) encryption. An SSL port number is required
only if SSL encryption is used. The default is port 443.


SSL security is an increasingly common requirement for Web sites
that provide e-commerce and access to sensitive business information.

2. Click OK to close the Default Web Site Properties dialog box.

Slide Objective
To describe the settings
used to identify a Web site.
Lead-in
There are a number of
settings that you need to

configure to identify your
Web site.
Emphasize to students that
the default port setting for
HTTP is well known to
computers running TCP/IP
and students should avoid
changing the TCP port.
Note
8 Module 4: Configuring Web Services


To create a new site by using the Web Site Creation wizard, perform the
following steps:
1. In Internet Services Manager, select a computer or site.
2. On the Action menu, point to New, and then click Web Site.
Follow the instructions in the Web Site Creation wizard to configure your
new site. You must provide an IP address, port settings, and the path of the
home or virtual directory. You specify a virtual directory if your home
directory is located on another hard disk on the local computer or on another
computer on the network.

Tell students that virtual
directories will be discussed
later in the module.
Module 4: Configuring Web Services 9


Configuring the Home Directory
Default Web Site Properties

Web Site Operators Performance ISAPI Filters Home Directory
Documents
Directory Security HTTP Headers Custom Errors
When connecting to this resource, the content should come from:
A directory located on the computer
A share located on another computer
A redirection to a URL
Script source access
Read
Write
Directory browsing
Local Path:
Browse
Log visits
Index this resource
C:\inetpub\wwwroot
Application name:
Application Settings
Starting point:
Execute Permissions:
Application Protection:
Default Application
<Default Web Site>
None
Medium [Pooled]
Remove
Configuration
Unload
Unload
OK Cancel Apply Help

Directory on
local computer
Directory on
local computer
Virtual directory
Virtual directory


The home directory determines the location of the published content for a site.
In the simplest cases, the home directory resides on the local computer. To store
published pages in a directory that is not located on the local computer, you can
create a virtual directory. A virtual directory is located on another computer on
the network, but appears to browsers as though it was located on the Web
server.
Specifying a Local Directory
You can assign the home directory and virtual directories for your site on the
Home Directory tab in the Properties dialog box for the Web site.
To specify a home directory that resides on the same computer as IIS, click A
directory located on the computer.
Specifying a Virtual Directory
When configuring a virtual directory, you will need to assign an alias to that
folder. An alias can be the folder name or any other name that identifies the site
to the user.
To specify a home directory that resides on a different computer from IIS, click
A share located on another computer on the Home Directory tab in the
Properties dialog box for the Web site.
Slide Objective
To identify the assignment
of home directories and
virtual directories.

Lead-in
There are two types of
directories that you can use
to publish documents.
Explain that virtual
directories use UNC and
that client computers use
the following form to locate
the share:
\\server_name\share_name.
10 Module 4: Configuring Web Services


Identifying Methods of Authentication
 Anonymous Authentication
 Basic Authentication
 Digest Authentication
 Integrated Windows Authentication


To prevent unauthorized users from accessing the content of your Web site, you
need to verify the identity of users. You need to configure your Web site so that
no user can access the information on your Web site without providing a valid
Windows user name and password. This identification process is called
authentication. The authentication process involves determining whether a user
has a valid Windows user account with appropriate permissions for accessing a
particular Web site, folder, or file. Authentication can be set at the Web site,
directory, or file level. IIS provides four methods of authentication for
controlling access to content on your server:
 Anonymous Authentication

 Basic Authentication
 Digest Authentication
 Integrated Windows Authentication

Anonymous Authentication
Anonymous authentication provides users with access to the public areas of
your Web site without prompting them for a user name or password. When a
user attempts to connect to your public Web site, your Web server assigns the
user to the Windows user account called IUSR_computername, where
computername is the name of the IIS server.
The IUSR_computername account is included in the built-in Guests group. This
group has security restrictions, imposed by NTFS permissions that determine
the level of access.
Slide Objective
To list the methods of
authentication.
Lead-in
You can select from four
methods of authentication
for Web sites: Anonymous,
Basic, Digest, and
Integrated Windows
authentication.
Delivery Tip
Two slides are included in
this topic. Use the first slide
to list the four authentication
methods. Use the second
slide to explain the order in
which these methods are

applied.
Module 4: Configuring Web Services 11


Basic Authentication
Basic authentication prompts users for a user name and password before
allowing access to a Web page. You can set basic authentication at the Web
site, folder, or file level.
When the Web server verifies that the user name and password correspond to a
valid Windows 2000 user account, it establishes a connection. If the server
rejects the credentials, the Web browser repeatedly displays the Logon dialog
box until the user either enters a valid user name and password or closes the
dialog box.
Basic authentication is part of the Hypertext Transfer Protocol (HTTP)
specification, and is supported by most browsers. However, Web browsers
using Basic authentication transmit passwords in an unencrypted form. As a
result any hacker can intercept a user name and password. To secure user
account information transmitted across the network, you need to use basic
authentication with Secure Sockets Layer (SSL).
Digest Authentication
Digest Authentication is a new feature of IIS 5.0. This method offers the same
features as Basic authentication. However, it involves a different way of
transmitting the authentication credentials. The authentication credentials pass
through a process called hashing. Hashing converts an identifier that is
meaningful to a user, into a numerical value that corresponds to data located in
a structure, such as a table.
This method works across proxy servers and other firewalls. Internet Explorer
version 5.0 is the only Web browser that currently supports this authentication
method. This option is only available for servers on a domain with a
Windows 2000 domain controller. The domain controller must have a text copy

of all passwords used in digest authentication. Microsoft Internet Explorer 5.0
is the only browser that currently supports Digest authentication.

A hash value consists of a small amount of binary data, no more than 160
bits. This value is produced by using a hashing algorithm.

Integrated Windows Authentication
Integrated Windows authentication is a secure form of authentication because in
this method the user name and password are not sent across the network. The
current Windows user information on the client computer is used instead of the
user’s actual Windows user account and password information.
Only Microsoft Internet Explorer 2.0 or later supports this authentication
method. This method does not work over HTTP Proxy connections.
Note
12 Module 4: Configuring Web Services


Selecting a Method of Authentication
You can select a method of authentication for your Web site depending on the
type of information that you want to make available on your Web site and the
level of security that you want to assign to your site. The following table
describes what type of authentication method you need to select for different
requirements.
Authentication Method Should be used when

Anonymous Authentication You want users to access public areas of
your Web site. This method does not offer
any authentication at all.
Basic Authentication You want to authenticate users accessing
your Web site through any browser or

proxy server. Use this method when you
are sure that connections between a user
and Web Server is secure such as a direct
cable line or a leased line. For a secure
authentication, you need to use basic
authentication with SSL.
Digest Authentication You want secure authentication for your
Web sites and you must go through a
proxy server. This method is supported
only on Windows 2000.
Integrated Windows Authentication You are monitoring an intranet site, where
b
oth users and Web server are in the same
domain. This method cannot authenticate
users accessing the Web site through a
proxy server. This method works only
with Windows 2000 clients.

Selecting Multiple Methods of Authentication
Based on your requirements, you can select more than one method of
authentication. However, when you select multiple methods, you will find that
during authentication one method takes precedence over others. Therefore, it is
very important to understand the order in which these methods are applied.
1. When you use a combination of Anonymous and Basic authentication,
Anonymous authentication is used. If the anonymous user account does not
have permission to access a specific resource, Basic authentication is used.
2. When you use a combination of Anonymous and Integrated Windows
authentication, Anonymous authentication is used. If the anonymous user
account does not have permission to access a specific resource, Integrated
Windows authentication is used.

3. When you use a combination of Anonymous, Basic, and Integrated
Windows authentication, users accessing the Web site by using Internet
Explorer 2.0 or later are authenticated by using Integrated Windows
authentication. For all other browsers, basic authentication is used.
4. Both Digest and Integrated Windows authentication take precedence over
Basic authentication.

Delivery Tip
Use the flowchart slide to
explain the order in which
authentication methods are
applied.
Module 4: Configuring Web Services 13


Configuring Authentication
Anonymous access
No user name/password required to access this resource.
Account used for anonymous access:
Authenticated access
Digest authentication for Windows domain servers
For the following authentication methods, user name and password are
required when:
- anonymous access is disabled, or
- access is restricted using NTFS access control lists
Select a default domain
Integrated Windows authentication
Basic authentication (password is sent in clear text)
OK Cancel Help
Edit…

Authentication Methods
Basic
Authentication
Basic
Authentication
Integrated Windows
Authentication
Integrated Windows
Authentication
Digest
Authentication
Digest
Authentication


To make use of a method of authentication, you need to configure
authentication for a Web site, directory, or file on the Web server.
Configuring Anonymous Authentication
The anonymous account must have the user right to log on locally. If the
account does not have the Log On Locally right, IIS will not be able to service
any anonymous requests. By default, the IUSR_computername accounts on
domain controllers are not granted this right. To allow anonymous requests the
accounts must be changed to Log On Locally.
You can also change the security privileges for the IUSR_computername
account in Windows. However, if the anonymous user account does not have
permission to access a specific resource, your Web server will refuse to
establish an anonymous connection for that resource.
To change the account used for anonymous authentication:
1. In the Internet Information Services window, right-click a site, directory, or
file, and then click Properties.

2. In the Properties dialog box, click Directory Security or File Security tab.
3. Under Anonymous Access and Authentication Control, click Edit.
4. In the Authentication Methods dialog box, under Anonymous access,
click Edit.
5. In the Anonymous User Account dialog box, type or Browse to the valid
Windows user account that you want to use for anonymous access.
6. Click to clear the Allow IIS to control password check box and enter the
account’s
password.

Slide Objective
To illustrate where to
configure different
authentication methods for a
Web site.
Lead-in
To make use of a method of
authentication, you need to
configure authentication for
a Web site, directory, or file
on the Web server.
14 Module 4: Configuring Web Services


Configuring Basic Authentication
To authenticate users with Basic authentication, the Windows user accounts
being used for Basic authentication must have the Log On Locally user rights.
By default, user accounts on a Windows domain controller are not granted the
Log On Locally user rights.
To enable basic authentication for a Web site:

1. In the Internet Information Services window, right-click the Web site, and
then click Properties.
2. Under Anonymous Access and Authentication Control on the Directory
Security tab, click Edit.
3. Click to clear the Integrated Windows authentication check box.
4. Click Basic authentication to select the authentication option.
5. Click Yes to acknowledge that passwords will transmit without data
encryption.


The basic authentication method transmits user names and passwords
across the network in an unencrypted form, which could be intercepted over a
connection that is not secure.

Configuring Digest Authentication
Digest authentication only works for domains with a Windows 2000 domain
controller. Digest authentication method proceeds as follows:
1. The Web server sends the browser certain information that will be used in
the authentication process.
2. The browser encrypts the user name and password by adding the additional
information sent by the server and then performing a hash on it.
3. The resulting hash is sent over the network to the server along with the
additional information in clear text.
4. The server then adds the additional information to a plain text copy it has of
the client's password and hashes all of the information.
5. Finally, the server compares the hash value it received with the one it just
made. Access is granted only if the two numbers are absolutely identical.

To enable Digest authentication for a Web site:
1. In the Internet Information Services window, right-click the Web site, and

then click Properties.
2. Under the Anonymous Access and Authentication Control on the
Directory Security tab, click Edit.
3. Click Digest Authentication for Windows Domain Server to select the
authentication option.
4. Click Yes in the IIS WWW Configuration confirmation box to
acknowledge that the method will work only with Windows 2000 domain
controllers.

Delivery Tip
Demonstrate the steps for
enabling basic
authentication.
Caution
Module 4: Configuring Web Services 15


Configuring Integrated Windows Authentication
Integrated Windows authentication does not work across proxy servers or other
firewall applications.
To enable integrated Windows authentication for a Web site:
1. In the Internet Information Services window, right-click the Web site, and
then click Properties.
2. Under Anonymous Access and Authentication Control on the Directory
Security tab, click Edit.
3. Click Integrated Windows Authentication to select the authentication
option.
4. Click OK.

16 Module 4: Configuring Web Services



Assigning a Default Document
Default Web Site Properties
Web Site Operators Performance ISAPI Filters Home Directory
Documents
Directory Security HTTP Headers Custom Errors
Enable Default Document
Default.htm
Add
Remove
Default.asp
iisstart.asp
Browse
Enable Document Folder
Welcome to Microsoft’s Homepage - Microsoft Internet Explorer
File Edit View Favorites Tools Help
Back Forward Stop Refresh Home Search Favorites History Mail Print Edit
/>microsoft.com
Home
Home Events & Training Subscribe About Microsoft U.S. & International About Our Site
See page customized for:
All
Product Families
Business Customers
Developers
Education
Home User
IP Professionals
Partners & Resellers

Are You Ready to Take on the Chess Master?
Find Out What’s Happening at
PC Expo in New York
Rick Rashid: The Steady Hand
Behind Microsoft Research
Enter to Win a Gateway PC Loaded
with Office 2000
Download Outlook Updates for the
E-mail Attachments Virus


You can assign a default document so that Web page content appears to the user
even when a browser request does not include a specific Hypertext Markup
Language (HTML) file name. You can use a default document as:
 A home page that provides information for a collection of pages, Web sites,
or section of a Web site.
 An index page that provides links to other content on the Web site.

To assign a default document, perform the following steps:
1. Open the Properties dialog box for the Web site, and then click the
Documents tab.
2. Select the Enable Default Document check box.

Once you assign a default document, you can configure multiple default
documents. To add a new default document, click Add.
When you assign multiple default documents, the Web server searches the list
of default documents in the order in which the names appear. The server returns
the first document it finds. To change the search order, select a document in the
list of default documents, and then click the arrows to move the selected
document up or down accordingly.

Slide Objective
To identify the assignment
of default documents.
Lead-in
Default documents can help
users navigate your Web
site more efficiently.
Delivery Tip
Demonstrate the steps for
assigning a default
document.
Module 4: Configuring Web Services 17


Lab A: Configuring a Web Site


Objectives
After completing this lab, you will be able to:
 Install Internet Information Services (IIS).
 Configure a Web site.

Prerequisites
Before working on this lab, you should be able to use a Web browser to locate
Internet and intranet resources.
Estimated time to complete this lab: 30 minutes
Slide Objective
To introduce the lab.
Lead-in
In this lab, you will configure

a Web site by using existing
content.
Explain the lab objectives.
18 Module 4: Configuring Web Services


Exercise 1
Establishing a Web Site
Scenario
A Web page designer has created a Web page for your company’s intranet, and you have to
configure a Web server so that this page is accessible from within the company. The Web page has
public sections and a private section only for managers. You need to make sure that only the
managers have access to the private section comprising the Management Web page.
Goal
In this exercise, you will configure the Web site on your computer to establish the intranet Web site
for your company.

Tasks Detailed Steps
1. Use the existing Default
Web site on your computer
to establish the Web site for
your company's intranet.

- Change the name of the
Web site to Northwind
Traders Web.

- Change the home directory
so that it points to the Web
content in C:\Nwindweb.


- Make the home.htm
document the first default
document for the site.
a. Log on as Administrator with a password of password.
b. Open Internet Services Manager from the Administrative Tools
menu.
c. In the console tree, under Internet Information Services, expand
server (where server is the name of your computer).
d. Open the Properties dialog box for Default Web Site.
e. On the Web Site tab, in the Description box, type Northwind
Traders Web and then click Apply.
f. On the Home Directory tab, in the Local Path box, type
C:\Nwindweb and then click Apply.
g. On the Documents tab, click Add.
h. In the Default Document Name box, type home.htm and then click
OK.
i. Click the up arrow button to the left of the default document list until
home.htm is at the top of the list, and then click OK.
The Inheritance Overrides message appears. As you do not want
to override the properties of any other objects, do not select any
child object.
j. Click OK to close the Inheritance Overrides message.
2. Configure the Web site to
allow anonymous and basic
authentication.
a. Open the Properties dialog box for Northwind Traders Web.
b. On the Directory Security tab, under Anonymous access and
authentication control, click Edit.
c. Clear the Integrated Windows authentication check box.

d. Select the Basic authentication check box.
e. In the Internet Service Manager message, click Yes.
f. Click OK to close the Authentication Methods dialog box.
g. Click OK to close the Northwind Traders Web Properties dialog
box.
h. Click OK to close the Inheritance Overrides message.

Module 4: Configuring Web Services 19


Tasks Detailed Steps
3. Configure permissions to
provide only the managers
group with the permissions
that are necessary to access
the Management Web page.
a. Right-click Northwind Traders Web, and then click Explore.
b. Open the Properties dialog box for the managers.htm file.
c. On the Security tab, clear the Allow inheritable permissions from
parent to propagate to this object check box.
d. In the Security dialog box, click Remove, and then click Add.
e. In the Name list, click Managers, click Add, and then click OK.
f. In the Allow column, select the Full Control permissions check box,
and then click OK.
g. Close Windows Explorer, and then close Internet Services Manager.
4. Verify that all of the users
have access to the
Northwind Traders home
page and the Public
Information page, and then

verify that only Mary in the
managers group can access
the Management Web page.
a. Open Internet Explorer.
b. In the address bar of Internet Explorer, type http://server (where
server is the name of your computer), and then press ENTER.
c. Click the link to the Public Information page to verify that the page is
accessible to any user.
d. Click the link to return to the Northwind Traders home page, and then
click the link for the Management Web page.
e. In the Enter Network Password dialog box, in the User Name box,
type nwtraders\tom and then click OK.
f. Attempt to access the page as Tom two more times.
What happens after you attempt to access the Management Web page three times as Tom? Why?

The Enter Network Password message appears three times, and then a screen appears, informing you
that you are not authorized to view this page. This occurs because Tom is not a member of the
managers group.



4. (continued)
g. Click Back.
h. Click the link for the Management Web page.
i. In the Enter Network Password dialog box, in the User Name box,
type nwtraders\mary and then click OK.
Is Mary allowed access to the Management Web page? Why?

Yes, because Mary is a member of the managers group.




5. Close Internet Explorer, and
then log off.
a. Close Internet Explorer, and then log off.


20 Module 4: Configuring Web Services


Review
 What is IIS?
 Preparing for an IIS Installation
 Installing IIS
 Configuring a Web Site


1. The Windows 2000 Server in your department stores some product
information and white papers that you want to share with other employees
of your organization. Your organization has a network of computers running
Windows 2000, Windows 98, and the Macintosh operating system. What
will you do to publish the required information so that it is accessible to all
of the users in your network?
Convert your documents to the HTML format. To publish the HTML
documents on the Web, install IIS. This way all network users can view
the documents by using a Web browser.


2. You are about to host a new Web site for your company, and you want users
to refer to the Web site by using a specific name. How will you enable users

to connect to the Web site by using this name?
Use the DNS service to establish a domain name that maps to the IP
address of the IIS server.


Slide Objective
To reinforce module
objectives by reviewing key
points.
Lead-in
The review questions cover
some of the key concepts
taught in the module.
Module 4: Configuring Web Services 21


3. You are responsible for your company’s intranet Web site containing
general information and white papers. Your network spreads across multiple
domains. You want to allow all employees of the company to have access to
the information. Which method of authentication would you use to achieve
this?
a. Anonymous authentication.
b. Basic authentication.
c. Digest authentication.
d. Integrated Windows authentication.
A is correct. Because it is a corporate intranet site, only the authorized
users of the company will be able to access it. As a result, you do not
require an additional level of authentication. Therefore, in the given
situation you will use Anonymous authentication.



4. Your Web page designer created Web pages for your company’s Web site.
The home page for the Web site is called contosohome.htm. You have been
assigned the task of publishing the Web site. How will you ensure that users
can access the home page without explicitly specifying the filename
contosohome.htm?
Add a default document to your Web site, specifying contosohome.htm
as the file. Make this the first default document. Users connecting to the
home page will only have to specify the name of the Web site to see the
home page.


5. You want to authenticate all of the users accessing the official Web site of
your organization through any Web browser or proxy server. Which of the
following methods of authentication is best suited for your requirements?
a. Anonymous authentication.
b. Basic authentication.
c. Digest authentication.
d. Integrated Windows authentication.
B is correct. In the given situation, you need to use the Basic
authentication method, as this is the only method that can authenticate
users accessing a Web site through any browser or proxy server.