Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


January 2002

The Administration Web Site

From the January 2002 Edition
of Windows Web Solutions
James R. Fallon
Feature
InstantDoc #23282
Windows Web Solutions
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows Web Solutions | See More IIS and Web Administration Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Managing Web sites remotely has pros and cons

The Administration Web Site, which is part of the default IIS configuration, lets you use Microsoft Internet Explorer (IE) to remotely administer IIS. The Administration Web Site is a good tool for basic administration of IIS servers that aren't accessible through the Microsoft Management Console (MMC) Internet Information Services snap-in—for example, IIS servers in a demilitarized zone (DMZ), in which remote procedure call (RPC) access is blocked from all locations.

Security Precautions
The Administration Web Site can be a security risk, but if you configure it properly and monitor access to it, you can minimize the risk and make its use worthwhile. To minimize the security risk of the Administration Web Site, you should apply as many of the following recommendations as possible:

  • Allow access to the Web site from only trusted IP addresses. By default, the site allows access from only 127.0.0.1. You should add only the static IP addresses of your administrators' desktops. If you can't assign static addresses to administrators' machines, you should give only the IP address range of your intranet access to the Web site.
  • Ensure that the Administration Web Site is using Integrated Windows authentication (the default authentication method) for access.
  • Identify the directories and files that the Administration Web Site uses, and change the NTFS permissions so that only administrators can access the directories and files.
  • Set up the Administration Web Site to use a Secure Sockets Layer (SSL) certificate to prevent possible intruders from easily reading sensitive configuration information that's being transmitted between administrators' systems and your servers. Because the site is for administrators only, you could use IIS Certificate Server to generate custom certificates instead of using an external Certificate Authority (CA).
  • Change the Administration Web Site's default TCP port assignment to a port that isn't accessible from the outside world.

First Impressions
The Administration Web Site is easy to use, but like most HTML versions of Win32 applications, it loses a little in the translation. The site is slightly slower than the Internet Information Services snap-in. Also, the administration interface, which Figure 1 shows, is awkward to use at first, and you can easily lose your place. For example, if you have multiple virtual directories named Cgi in different Web sites and you open the Properties dialog box of one of the Cgi directories, you'll see the directory name in the left pane. However, you have no easy way to tell which Web site you're working with unless you go to the main Directory Properties page, which Figure 2 shows. If you're using the Administration Web Site to make a lot of changes to multiple sites, you might find it difficult to identify which server and site you're on.

In addition, the Administration Web Site doesn't perform adequate error checks. Thus, if you aren't careful when using it, you can make mistakes that jeopardize your Web sites' operation. I describe some of the missing features later in the article.

A New Web Site
When you set up a Web site in IIS, the Administration Web Site gives you the same choices as the Internet Information Services snap-in does, with a few exceptions. The Administration Web Site doesn't provide a drop-down list of physical IP addresses to choose from for the new site. Thus, you must know the IP address that you want to use for the Web site or leave the field blank for an unassigned address. In addition, you can't set any host-header information when creating a Web site, but you can add it afterward.

The Administration Web Site provides two capabilities that the Internet Information Services snap-in doesn't provide: the ability to create a physical directory on the hard disk and the ability to remotely administer the Web site you're setting up through an HTML interface. When you select the Site operators can administer this site remotely option during Web-site creation, IIS sets up an IISADMIN virtual directory for that site. This virtual directory allows remote administration of the newly created Web site. The Internet Information Services snap-in doesn't have this option because by default it doesn't allow HTML administration of individual Web sites. However, you can manually add the IISADMIN virtual directory to any Web site in the snap-in. I don't create the IISADMIN virtual directory for individual Web sites because applying security restrictions to an individual directory is harder than applying them to a Web site.

   Previous  [1]  2  Next 


Reader Comments
MOre details

Anonymous User April 15, 2005 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
VMware and the Future of Virtualization

What's next for virtualization and business IT? Windows IT Pro senior editor Jeff James speaks with VMware President and CEO Diane Greene on the future of virtualization technology. ...

Friday at PASS Europe 2006

Kevin talks about the closing day of the event and shares a funny Microsoft film. ...

The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...
IIS and Web Administration Whitepapers The Five Secrets to Controlling Your SharePoint Environment

Extended Validation SSL Certificates
Related Events Check out our list of Free Email Newsletters!
IIS and Web Administration eBooks Keeping Your Business Safe from Attack: Monitoring and Managing Your Network Security
Related IIS and Web Administration Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.

Job Openings in IT

ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

IT Connections
Dive into the new Microsoft platforms and products you implement and support with the experts from Microsoft, TechNet Magazine, Windows ITPro and industry gurus. There are 70+ sessions and interactive panels with networking opportunities.

Attention User Group Leaders...
Announcing the eNews Generator—a FREE HTML e-newsletter builder for user group leaders. Build your HTML and text e-newsletters in minutes and add Windows IT Pro & SQL Server Mag articles alongside your own message!.

Master SharePoint with 3 eLearning Seminars
Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!

Get SQL Server 2008 at WinConnections
Don’t miss Microsoft Exchange and Windows Connections conferences, the premier events for Microsoft IT Professionals in Las Vegas, November 10-13. Every attendee will receive a copy of SQL Server 2008 Standard Edition with one CAL.



Interested in Email Encryption?
Read about the advantages of identity-based encryption in this free report.

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.

Virtualization Congress Oct. 14-16 in London
Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technical Resources Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing