Creating and Configuring
Web Sites in Windows Server 2003
Internet Information Services 6 (IIS 6) is a
powerful platform for hosting web sites on both the public Internet and on
private intranets. Creating and configuring web sites and virtual
directories are bread-and-butter tasks for IIS Administrators, and in this
article we'll walk through the process of doing this using both the GUI (IIS
Manager) and using various scripts included with Windows Server 2003. The
seven specific tasks we'll walk through will include:
Creating a Web Site Creating a Local Virtual Directory
Creating a Remote Virtual Directory
Controlling Access to a Web Site
Configuring Web Site Logging
Configuring Web Site Redirection
Stopping and Starting Web Sites
Preliminary Steps
Unlike earlier versions of Microsoft Windows,
IIS is not installed by default on Windows Server 2003. To install IIS, open
Manage Your Server from the Start menu and add the Application Server role:
Note that for simple security reasons IIS
should only be installed on member servers, not domain controllers. The
reason is that if you install IIS on a domain controller and your web server
becomes compromised, the attacker could gain access to your accounts
database and wreak havoc with your network.
Creating a Web Site
The simplest approach is to use a separate IP
address to identify each web site on your machine. Let's say our server has
five IP addresses assigned to it from the range 172.16.11.220 through
172.16.11.224. Before we create a new Human Resources web site, let's first
examine the identify of the Default Web Site. Open IIS Manager in
Administrative Tools, select Web Sites in the console tree, and right-click
on Default Web Site and open it's properties:
The IP address for the Default Web Site is All
Unassigned. This means any IP address not specifically assigned to another
web site on the machine opens the Default Web Site instead. A typical use
for the Default Web Site is to edit it's default document to display general
information like a company logo and how to contact the Support Desk.
Let's use IP address 172.16.11.221 for the
Human Resources site and make D:\HR the folder where the home page for this
site is stored. To create the HR site, right-click on the Web Sites node and
select New --> Web Site. This starts the Web Site Creation Wizard. Click
Next and type a description for the site:
Creating a Local Virtual Directory
Note the difference in the icons for the two
virtual directories. That's because when the script creates a virtual directory
it also creates an application starting point for that directory, while the
wizard does not. This doesn't matter though, since for now we're only hosting
static content in these directories. For the full syntax of Iisvdir.vbs see
here .
Creating a Remote Virtual Directory
Controlling Access to a Web Site
Now that we have a couple of web sites and
virtual directories created, let's look at a few administration tasks.
First let's look at how we can control
access to our web sites. There are basically four ways you can do this: NTFS
Permissions, web permissions, IP address restrictions, and authentication
method. NTFS permissions is your front line of defense but it's a general
subject that we can't cover in detail here. Web permissions are specified on
the Home Directory tab of your web site's properties:
Configuring Web Site Logging
The key of course is to review log files
regularly to look for suspicious activity. IIS doesn't include anything for this
purpose, but the IIS 6.0 Resource Kit Tools does include version 2.1 of
Microsoft Log Parser, which can be used for analyzing IIS logs. You can download
these tools
here .
Configuring Web Site Redirection
Stopping and Starting Web Sites
