Tasks New to IIS 6.015
APPENDIX A
Common Administrative Tasks
If you are already familiar with running Internet Information Services (IIS)6.0 and need only a quick refresher to perform an administrative task, or if you are learning how to use IIS and want to know the most common tasks that follow an IIS installation, use this appendix as a quick reference. IIS6.0 provides a wealth of tools and features, many of which are outlined in this appendix, to help you create a strong and secure communications platform of dynamic network applications.
In This Appendix
Overview of Common Administrative Tasks 1
Important First Tasks in IIS6.0 4
Tasks New to IIS6.0 13
Security-Related Tasks 19
Tasks for Managing Servers and Applications 35
Tasks for Administering Servers 40
Related Resources
For information about configuring Web sites as well as the FTP, NNTP, and SMTP services, see “Configuring Internet Sites and Servicesiisrg_cfg_OMKX” in this book.
For information about configuring IIS6.0 programmatically, see “IIS6.0 Administration Scripts, Tips, and Tricksiisrg_adm_NAPF”.
Overview of Common Administrative Tasks
Although this appendix is a reference for the common tasks you frequently perform when administering IIS as your Web server, most tasks in this appendix do not include guidelines for their use or detailed explanations. A few tasks include brief conceptual information, although they are the exception. However, all topics include cross-references to IIS Help topics, and to chapters and other appendices in this book so that you can quickly find additional information on a task.
TableA.1 outlines the tasks that are included in this appendix.
TableA.1Overview of the Tasks in This Appendix
Task Group / Task / Describes How ToImportant First Tasks In IIS6.0 / Starting IIS Manager / Open IIS Manager (provides three options).
Starting and stopping services and sites / Start and stop IIS services and sites.
Enabling dynamic content services / Enable dynamic content services, such as Active Server Pages and ASP.NET (includes information about default installations).
Creating a Web or FTP site / Create Web site configurations, and install and use File Transfer Protocol (FTP) services.
Creating virtual directories / Create virtual directories within Web and FTP sites.
Tasks New to IIS6.0 (tasks that are new or significantly different than they were in IIS5.0) / Creating and isolating applications / Create and manage applications.
Creating application pools / Group Web applications into application pools.
Configuring recycling / Periodically restart worker processes assigned to an application pool.
Backing up and restoring metabase configurations / Save metabase and application configurations, including portable backups.
Saving and copying site configurations / Back up your site configurations.
Security-related Tasks / Setting authentication settings / Set up and use user authentication methods.
Obtaining and backing up server certificates / Set up and use Secure Sockets Layer (SSL) certification on your sites.
Controlling access to applications / Help reduce the attack surface of your applications with permissions and restrictions.
Tasks for Managing Servers and Applications / Hosting multiple Web sites / Create and host multiple Web sites.
Redirecting Web sites / Automatically direct users to the correct page on your site.
Assigning resources to applications / Control the amount of resources an application uses.
Tasks for Administering Servers / Administering servers from the command line / Use powerful scripting and programming tools to access and configure settings.
Administering servers remotely / Use tools to remotely administer your sites.
When performing these tasks — especially security-related tasks — be sure that you are familiar with best practice guidelines and that you apply those guidelines to these tasks.
To perform most of the tasks described in this appendix, you must be a member of the Administrators group on the local computer, or you must be delegated the appropriate authority. If you log on to your computer as a member of the Administrators group, you might make your system vulnerable to malicious programs that could cause security risks. Instead, use the Run as feature to perform administrative tasks so that you do not need to log on to your computer as a member of the Administrators group. Using this feature, you can open and execute a program that uses a different account and security context than the one you logged on with.
You can use Run as through the user interface (UI) or as a command-line tool. The Run as feature that is built into the UI is a shortcut that you access by right-clicking some programs (files with the .exe file name extension), some Control Panel items (files with the .cpl file name extension), and Microsoft Management Console (MMC) (files with the .msc file name extension) snap-ins.
To use the Run as feature to run IIS Manager as an administrator
From the Start menu, point to Administrative Tools, right-click Internet Information Services (IIS) Manager, and then click Run as.
The runas command provides the same capabilities as the built-in Run as feature.
To use the runas command to run IIS Manager as an administrator
1. From the Start menu, click Run.
2. In the Open box, type cmd, and then click OK.
3. At the command prompt, type the following:
runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc"
To use the runas command to run a command-line script as an administrator
1. From the Start menu, click Run.
2. In the Open box, type cmd, and then click OK.
3. At the command prompt, type the following:
runas /profile /User:MyMachine\Administrator cmd
A new command window, which has administrative rights, opens.
4. In the new command window, type the following at the command prompt:
cscript.exe ScriptName (including the full path with parameters, if any)
For more information about using the Run as feature or the runas command to perform procedures, see “Using Run as,” “Runas,” and “Create a shortcut using the runas command” in Help and Support Center for Microsoft® Windows®Server2003.
Important First Tasks in IIS6.0
After you install IIS, if you want to quickly build a few Web sites and virtual directories, this section introduces the first steps for these basic tasks:
Starting IIS Manager. Learn three ways to open IIS Manager.
Starting and stopping services. Start and stop IIS services.
Enabling dynamic content. Enable Web service extensions, such as Active Server Pages (ASP) and Microsoft® ASP.NET, so you can serve dynamic content. Includes information about default installations.
Creating Web or FTP sites. Create Web site configurations, and install and use FTP services.
Creating virtual directories. Create virtual directories within Web and FTP sites.
Starting IIS Manager
IIS Manager is a graphical user interface (GUI) for configuring your application pools or your Web, FTP, Simple Mail Transfer Protocol (SMTP), or Network News Transfer Protocol (NNTP) sites. You can use IIS Manager to configure IIS security, performance, and reliability features. For example, you can add or delete sites; start, stop, and pause sites; back up and restore server configurations; and create virtual directories for better content management.
In earlier versions of IIS, this tool was called the Internet Service Manager.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures, or you must have been delegated the appropriate authority. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
To start IIS Manager
From the Start menu, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
To start IIS Manager from the Run dialog box
1. From the Start menu, click Run.
2. In the Open box, type inetmgr, and click OK.
To start IIS Manager from the Computer Management window
1. From the Start menu, right-click My Computer, and then click Manage.
2. In the console tree, expand the Services and Applications node.
3. In the console tree, click Internet Information Services (IIS) Manager. The names and statuses of your sites, application pools, and Web service extensions appear in the details pane.
4. In the console tree, expand the Internet Information Services (IIS) Manager node and any site nodes within it to see a list of directories and virtual directories for each site.
For more information about using IIS Manager to administer IIS, see the “Server Administration Guide” in IIS6.0 Help, which you can access from IISManager. For more information about administering IIS remotely, see “How to Administer the Server Remotely” in IIS6.0 Help, which is accessible from IIS Manager.
Starting and Stopping Services and Sites
Infrequently, you might make configuration changes in IIS6.0 that require you to restart IIS before the changes can take effect. For example, if you change the application isolation mode in which your server is running, such as when you change from worker process isolation mode to IIS5.0 isolation mode or vice versa, you need to restart IIS. If you make this configuration change by using IIS Manager, you are prompted to restart IIS after you click OK to confirm the change. If you make this configuration change by using a command-line utility, such as Adsutil.vbs, you can use the IISReset command-line utility to complete the change. Both methods — using the Restart IIS command in IIS Manager or using a command-line utility — allow you to stop, start, and restart IIS Internet services, as well as restart your computer.
When you restart the Internet service, all sessions connected to your Web server (including Internet, FTP, SMTP, and NNTP) are dropped. Any data held in Web applications is lost. All Internet sites are unavailable until Internet services are restarted. For this reason, avoid restarting, stopping, or rebooting your server.
For a list of features designed to improve IIS reliability and remedy the need to restart IIS, see the “Alternatives to Restarting IIS” section in the “Restarting IIS” topic in IIS6.0 Help, which is accessible from IIS Manager.
Saving Your Configuration to Disk
As a safeguard, if you must stop or restart IIS, save your configuration to disk before you perform the restart. Your configuration is automatically saved if you enable the edit-while-running feature (this feature is not enabled by default). For more information about the edit-while-running feature, see “Writing the Metabase to Disk” in IIS6.0 Help, which is accessible from IIS Manager.
Alternatively, you can manually save your configuration to disk by performing the following procedure.
To manually save your configuration to disk
In IIS Manager, right-click the local computer, point to All Tasks, and then click Save Configuration to Disk.
If You Receive an Error Stating That IISReset Is Disabled
If the IISReset command-line utility is disabled, then the command-line or IIS Manager calls that require IISReset.exe fail and return an error stating that IISReset is disabled. Actions that fail include the Restart IIS command in IIS Manager and Service Control Manager (SCM) recovery configuration actions that use the IISReset command-line utility (for example, the default IIS Admin SCM recovery path). However, SCM recovery actions that do not use the IISReset command-line utility continue to function (for example, the default World Wide Web Publishing Service [WWW service] SCM recovery path that restarts the WWW service).
Starting or Stopping IIS Services and Sites
To restart, stop, or start IIS services
1. In IIS Manager, right-click the local computer, point to All Tasks, and then click Restart IIS.
2. In the What do you want IIS to do list, click the action that you want to perform, such as Restart Internet Services on ComputerName.
You can also choose to restart the computer, stop the Internet service, or start the Internet service. IIS attempts to stop all services before restarting.
To start, stop, or pause individual sites
In IIS Manager, right-click the site you want to start, stop, or pause; and then click Start, Stop, or Pause.
Important
You must be a member of the Administrators group on the local computer to run scripts and executables, or you must have been delegated the appropriate authority. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /User:MyMachine\Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (including the full path with parameters, if any).
To restart IIS by using the IISReset command-line utility
1. From the Start menu, click Run.
2. In the Open box, type cmd, and then click OK.
3. At the command prompt, type the following:
Iisreset /noforce ComputerName
If you are logged on locally, the ComputerName parameter is not required. If you are remotely administering a server running IIS, the ComputerName parameter is the NetBIOS name of the computer on which you want to restart IIS.
Important
Use the /noforce parameter to help prevent data loss in case the IIS services cannot be stopped within the one minute time-out period. If you are certain that it is safe to force IIS to restart, you can omit the /noforce parameter. However, be aware that you could lose data if you do not include this parameter.
4. IIS attempts to stop all services before restarting. The IISReset command-line utility waits up to one minute for all services to stop if you do not include the /noforce parameter. If the services cannot be stopped within one minute, all IIS services are terminated, and IIS restarts.