Are you one of the many people challenged with setting up a Web server? And
do you plan to run Windows NT 4.0 Server on your network? If so, you need to
know that Microsoft includes Internet Information Server (IIS) 2.0 with NT 4.0
Server and a peer version of IIS in NT 4.0 Workstation. (Steve Genusa reviews
IIS, starting on page 62.)
Q: How do I install IIS?
Microsoft's integration of
IIS into the OS makes setting up your Web server easier than with IIS 1.0. While
installing NT 4.0, you can set up and configure your Internet services,
including Web, FTP, and Gopher. If you've already installed NT 4.0, you can add
IIS through the Control Panel. Click Network and then Services. Choose Add and
select Microsoft Internet Information Server 2.0.
Follow the Setup routine carefully, because you must decide where to put the
server and content directories as you go. You must also determine how much disk
space you need. In addition to allocating approximately 5MB of disk to IIS, you
need disk space for content you create for your Web site. If you plan to secure
your site, your Web content must reside on an NT File System (NTFS) partition.
By default, the content directories are in c:\inetpub\ (in IIS 1.0, the content
directories were in c:\inetsrv\). Have your NT 4.0 CD handy so Setup can copy
the necessary files.
Once you install IIS, a default Web site is up and running. To test your new
Web server, connect to it with a Web browser on the server or on a networked PC.
If you have Internet Explorer (IE), view the Microsoft IIS home page at http://[your
server name]. This page (default.htm) is in the \inetpub\wwwroot directory,
which is the default directory for your Web content. Under \inetpub, you also
see \ftproot and \gophroot, if you installed FTP and Gopher. If you want to
revise your Web pages, this is where you'll find them.
Q: What's new in IIS 2.0?
Once you install, test, and
troubleshoot IIS, you can customize the default page to suit your needs or
replace it. If you used IIS 1.0 on NT Server 3.51, you'll notice several other
improvements in IIS 2.0:
- Microsoft integrated IIS 2.0's setup with NT 4.0 setup.
- IIS 2.0 returns host headers, rather than IP addresses, in the universal
resource locator (URL) to the browser on redirection.
- IIS 2.0 supports National Center for Supercomputing Applications
(NCSA)-style map files and CERN map files.
- IIS 2.0 supports Hypertext Transfer Protocol (HTTP) byte range copy.
- IIS 2.0 supports enhanced logging of several IIS functions to the server
log file.
- Internet Database Connector (IDC) lets you use server variables in IF
statements.
- IDC also supports SQL query grouping as batch or multiple queries.
- All environment variables defined in the Common Gateway Interface (CGI)
specification are available to CGI applications.
- You can use Hypertext Markup Language (HTML) through any Web browser to
administer IIS from clients.
- Microsoft added a graphical Key Manager tool for generating keys required
in SSL security.
Dynamic Publishing
For advanced publishing, IIS lets you add content to your Web site by means
of databases, Internet Server API (ISAPI) DLLs, and CGI scripts. With IDC script
files, you can query or insert data into an Open Database Connectivity
(ODBC)-compliant database such as SQL. You can also increase your site's
interactivity by using CGI scripts written with Perl, C++, and even Visual Basic
4 (WinCGI scripts). With the ISAPI interface, you can create scripts with
Microsoft Visual C++ 4.1 or 4.2. These scripts are faster than CGI or WinCGI
scripts because they run in-process with IIS.
Q: How do I control
access to my Web server?
IIS 1.0 and 2.0 provide
three methods for authenticating users accessing a Web service: anonymous logon,
basic authentication, and Windows NT challenge/response.
Anonymous logon. When you install IIS, it creates an account
called iusr_<computername>, where <computername> is
your network computer name. This account impersonates all anonymous users who
connect to Web, FTP, or Gopher services on the server. This user account's only
unique feature is the requirement that it have the Log on Locally user
right, in the user manager\policies\user rights. All activities IIS
performs on behalf of anonymous users must occur through this account. For
example, if the IUSR account doesn't have access to the \system32 directory,
DLLs that ODBC and Perl (and other programs) use won't load, causing scripts to
fail.
Anonymous logon authentication secures Web and FTP content. IIS uses the
access control lists on NTFS partitions to verify whether someone has access to
a file or Web page. You can use NT Explorer or File Manager to set permissions
on files. IIS uses local accounts by default, and like the IUSR account, any
individual accounts IIS uses must have the Log on Locally user right.
For example, to grant all users access to the \wwwroot directory and to a
private area for elite friends or customers, you can create a subdirectory under
\wwwroot and name it. Place the appropriate permissions on the private directory
for the users to whom you want to grant access. For the permission changes to
take effect immediately, exit all three Internet services in Internet Service
Manager and then restart them. These steps update the token cache that IIS keeps
for performance reasons. Ordinarily, this cache updates at 15-minute intervals.
Basic authentication. If you have problems getting anonymous
logon authentication to work, try basic authentication. More browsers on the
market support basic authentication than Windows NT challenge/response.
Windows NT challenge/response. This authentication method
(also known as NTLM) is an encrypted way of passing the credentials across the
Internet. NTLM is safer than basic authentication, which uses a clear text
method. Both IE 2.0 for Windows 95 and IE 3.0 support NTLM.