of 18
8/8/2019 IIS6 Lab Guide
1/18
8/8/2019 IIS6 Lab Guide
2/18
2 Table of Contents
Table of Contents
Internet Informat ion Services 6.0.............................................................................................................. 3Exercise 1 Installation and Lockdown of IIS 6.0 ................................................................................................4
Exercise 2 Application Pools, Worker Processes and Web Gardens ..................................................................9
Exercise 3 XML MetaBase ...............................................................................................................................15
8/8/2019 IIS6 Lab Guide
3/18
Internet Information Services 6.0 3
Internet Information Services 6.0
Objectives After completing this lab, you will be able to:
Install IIS and create a simple Active Server Page file. Use of Application Pools, Worker Processes and Web Gardens in IIS 6.0. Back up and edit the IIS 6.0 metabase files, while IIS 6.0 is running.
Windows
Server
2003 Active Directory
has improvements in such areas as
performance, management and security. Over the course of the next hour, wewill step through some of the improvements available through Internet
Information Services 6.0, which provides significantly improved security. Toreduce the attack surface of systems, IIS 6.0 is not installed by default onWindows Server 2003 administrators must explicitly select and install it. IIS
6.0 ships in a locked-down state, serving only static content. Using the Webservice extension node, Web site administrators can enable or disable IIS
functionality based on the individual needs of the organization.
Scenario
The IIS 6.0 fault-tolerant process architecture isolates Web sites andapplications into self-contained units called application pools. IIS 6.0 worker
process isolation mode also enables multiple worker processes to be configuredto service requests for a given application pool, a configuration known as a
Web garden.
IIS 6.0 features many new management tools designed to reduce the amount oftime it takes to manage your Web server infrastructure. These features include a
plain text XML configuration file that can be modified without having to stopthe server.
Estimated tim e tocomplete this lab: 50minutes
8/8/2019 IIS6 Lab Guide
4/18
4 Internet Information Services 6.0
Computers used in this Lab:
Paris
Madrid
Exercise 1Installation and Lockdown of IIS 6.0
ScenarioIn this exercise, you will install IIS 6.0 and examine the default configuration. The Remote DesktopWeb Connection is used as a sample Web site. Additionally, we will create a simple Active ServerPage (ASP) file.
Complete this Exercise using:
Paris
Madrid
Tasks Detailed steps
Complete the following 4 tasks
on:
Paris
1. First, we will use Manage
Your Server to examine the
current server roles.
a. Click the Paris link in the My Machines browser.
b. Click in the virtual machine window.
c. Press Right-ALT + DEL.
d. Log on as CONTOSO/Administrator with a password ofpassword.
e. ClickStart | Manage Your Server.
Note: The Manage Your Server window shows that Paris currently has two
roles: Domain Controller (Active Directory) and DNS Server.
f. In the Manage Your Server window, clickAdd or remove a role.Info: The Configure Your Server wizard starts. This wizard is also
available from the Administrative Tools menu.
g. On the Preliminary Steps screen, clickNext.
h. On the Server Role screen, in the Server Role list box, selectApplication server (IIS, ASP.NET).
Info: When IIS is installed on Windows Server 2003, the server is said to
have the Application server role. By default, IIS is NOT installed on
Windows Server 2003.
i. On the Server Role screen, clickCancel to close the Configure Your
8/8/2019 IIS6 Lab Guide
5/18
Internet Information Services 6.0 5
Server wizard.
Info: In order to see and install custom configurations of components for
IIS 6.0, you must use Add or Remove Programs from the Control Panel.
j. Close Manage Your Server.
2. Now we will perform a
manual install ofIIS 6.0 sothat we can take a closer
look at its components. We
will also install another Web
site to use as an example
during these exercises.
a. ClickStart | Control Panel and clickAdd or Remove Programs.
b. In Add or Remove Programs, clickAdd/Remove WindowsComponents.
c. On the Windows Components screen, select Application Server (doNOT select the check box) and clickDetails.
d. In the Application Server dialog box, select the Internet InformationServices (IIS) subcomponent (do NOT select the check box) and clickDetails.
e. In the Internet Information Services (IIS) dialog box, select WorldWide Web Service (do NOT select the check box) and clickDetails.
f. In the World Wide Web Service dialog box, click to select the WorldWide Web Service and the Remote Desktop Web Connection check
boxes and clickOK.
Note: The Remote Desktop Web Connection is used as a sample Website inthis exercise.
g. In the Internet Information Services (IIS) dialog box, ensure that thefollowing subcomponents are enabled:
Common Files
Internet Information Services Manager
World Wide Web Service (partly enabled)
h. ClickOK.
i. In the Application Server dialog box, ensure that the followingsubcomponents are enabled:
Enable network COM+ access
Internet Information Services (IIS) (partly enabled)
j. ClickOK.k. On the Windows Components screen, clickNext.
Note: Please wait a few minutes while Setup installs and configures the
selected components.
l. On the Completing the Windows Components Wizard screen, clickFinish.
m. Close Add or Remove Programs.
3. We must use the new IIS
Manager to examine or
modify the default IIS 6.0
configuration.
a. ClickStart | Administrative Tools and clickInternet InformationServices (IIS) Manager.
b. In Internet Information Services (IIS) Manager, ensure that Paris(local computer) is expanded and, in the left pane, select Web Service
Extensions.
Info: By default, IIS is not installed on Windows Server 2003. And after it
is installed, only static Web content will be available. All other
functionality, such as Active Server Pages and WebDAV, has to be enabled
explicitly before it can be used.
c. In the left pane, right-clickWeb Sites and clickProperties.
d. In the Web Sites Properties dialog box, clickService.
Note: IIS 6.0 has two distinct modes of operation, called isolation modes.
The default for new installations of IIS 6.0 is worker process isolation
mode. For compatibility reasons, upgrades from earlier version of IIS
default to IIS 5.0 isolation mode.Worker process isolation mode (and
8/8/2019 IIS6 Lab Guide
6/18
6 Internet Information Services 6.0
application pools) is examined in more detail in a later exercise.
e. ClickCancel to close the Web Sites Properties dialog box.
4. In IIS Manager, we
examine the virtual
directory name for the
Remote Desktop Web
Connection Web page.
a. In Internet Information Services (IIS) Manager, expand Web Sites,expand Default Web Site and select tsweb.
Note: The virtual directory name for the Remote Desktop Web Connection
Web page is tsweb.
Complete the following task
on:
Madrid5. Now we will connect to and
open the Remote Desktop
Web Connection Web
page.
a. Click the Madrid link in the My Machines browser.
b. Click in the virtual machine window.
c. Press Right-ALT + DEL.
d. Log on as CONTOSO\Administrator with a password ofpassword.
e. Click the Internet Explorer icon in the Quick Launch menu.
f. The Internet Explorerenhanced Security Configuration is Enabledscreen appears.
g. In Internet Explorer, type http://paris/tsweb in the Address field andpress Enter.
Note: Paris has already been entered as a trusted site. You will see theRemote Desktop Web Connection screen.
Complete the following 3 tasks
on:
Paris
6. With the task manager, we
can see exactly what IIS is
using to host the Web page
viewed on the remote
machine, including the
account name for the worker
process w3wp.exe.
a. Click the Paris link in the My Machines browser.
b. On the Paris computer, right-click the current time in the System Trayand clickTask Manager.
c. In the Windows Task Manager dialog box, clickProcesses.
d. Click to select the Show processes from all users check box.
e. In the Image Name column, select the w3wp.exe process.
Info: In worker process isolation mode, the IIS process that handles the
Web requests (in this case for the Remote Desktop Web Connection Web
page) is called w3wp.exe. In the default configuration, it runs as a low
privileged account, named NETWORK SERVICE. This is a built-in account
that has fewer privileges than the Local Systemaccount, the default
account used in IIS 5.0 isolation mode.
f. Close Task Manager.
7. Now we will create a new
Web site to demonstrate the
default settings for a new
IIS 6.0 installation.
a. In Internet Information Services (IIS) Manager, right-clickDefaultWeb Site, point to New and clickVirtual Directory.
b. On the Welcome to the Virtual Directory Creation Wizard screen,clickNext.
c. On the Virtual Directory Alias screen, in the Alias text box, typesampleweb and clickNext.
d. On the Web Site Content Directory screen, clickBrowse.
e. In the Browse For Folder dialog box, expand Local Disk (C:), select
Inetpub and clickMake New Folder.f. In the New Folder text box, type sample and press Enter.
g. ClickOK to close the Browse For Folder dialog box.
h. On the Web Site Content Directory screen, clickNext.
i. On the Virtual Directory Access Permissions screen, ensure thatRead and Run scripts (such as ASP) are enabled and clickNext.
j. On the You have successfully completed the Virtual DirectoryCreation Wizard screen, clickFinish.
8. Now we will create a simple
HTML page that will give
a. In Internet Information Services (IIS) Manager, right-click
8/8/2019 IIS6 Lab Guide
7/18
Internet Information Services 6.0 7
us a title and show the
Application Pool servicing
the Web site.
sampleweb and clickOpen.
The C:\Inetpub\sample folder opens in Windows Explorer.
b. In the C:\Inetpub\sample folder, right-click the empty space, point toNew and clickText Document.
c. In the New Text Document.txt text box, type Pool.htm and pressEnter.
d. ClickYes to confirm that you want to change the file name extension.
e. Right-clickPool.htm and clickEdit.
Note: Pool.htm is opened in Notepad.
f. In Notepad, type the following three lines:Sample Web page
The application pool is:
Note: The text between the characters is Active Server Pages
(ASP) code to display the current application pool name.
g. ClickFile | Save.
h. Close Notepad.
Complete the following task
on:
Madrid9. Now we will view the Web
page we just created.
a. Click the Madrid link in the My Machines browser.
b. In Internet Explorer, type http://paris/sampleweb/pool.htm in theAddress field and press Enter.
Note: The sample web page Pool.htm is displayed. Notice that the result of
the ASP code () in the file is not displayed, because the file does
not have the .asp extension.
Complete the following task
on:
Paris
10. Lets make the HTML page
into an ASP page so that wecan view the Application
Pool ID.
a. Click the Paris link in the My Machines browser.
b. On the Paris computer, in the C:\Inetpub\sample folder, right-click
Pool.htm, and clickRename.
c. Type Pool.asp and press Enter.
d. ClickYes to confirm that you want to change the file name extension.Info: The file name extension is changed from .htm (HTML Document) to
.asp (ASP File).
e. Close the C:\Inetpub\sample folder.
f. In the Internet Information Services (IIS) Manager console, right-
clicksampleweb and clickExplore.
Note: Pool.asp is displayed in the right pane.
Complete the following task
on:
Madrid
11. Now we navigate to the newWeb page.
a. Click the Madrid link in the My Machines browser.
b. In Internet Explorer, type http://paris/sampleweb/pool.asp in the
Address field and press Enter.
Note: Internet Explorer reports that the page cannot be found. The
Pool.asp file is present on the Paris, but by default IIS 6.0 has disabled
access to Active Server Pages (.asp) files.
Complete the following task
on:
Paris
12. Because ASP is disabled by
default in IIS 6.0
installations, we need to
a. Click the Paris link in the My Machines browser.
b. In Internet Information Services (IIS) Manager, select Web
Service Extensions in the left pane.
c. In the right pane, select Active Server Pages and clickAllow.
Note: The Active Server Pages status changes from Prohibited to Allowed.
8/8/2019 IIS6 Lab Guide
8/18
8 Internet Information Services 6.0
enable it to view the page.
Complete the following task
on:
Madrid13. We can now view the page.
a. Click the Madrid link in the My Machines browser.
b. In Internet Explorer, clickRefresh.
Note: The content of the Pool.asp file is displayed correctly. The result of
the ASP code () appears as DefaultAppPool. That is the name of
the default application pool.c. Close Internet Explorer.
8/8/2019 IIS6 Lab Guide
9/18
Internet Information Services 6.0 9
Exercise 2Application Pools, Worker Processes and Web Gardens
ScenarioIn this exercise, you will examine the use of Application Pools, Worker Processes and WebGardens in IIS 6.0.
Application pools are used to isolate Web applications. One or more worker processes handle
requests for those applications. The number of worker processes, their identity and other workerprocess parameters related to health monitoring, are configured per application pool.
Complete this Exercise using:
Paris
Madrid
Tasks Detailed steps
Complete the following 3 tasks
on:
Paris
1. To begin, we will look at
two diagrams explaining the
differences between worker
process isolation mode and
IIS 5.0 isolation mode in
IIS 6.0.
a. Click the Paris link in the My Machines browser.
b. In Information Services (IIS) Manager, right-clickWeb Sites in theleft pane and clickProperties.
c. In the Web Sites Properties dialog box, clickService.
d. In the Web Sites Properties dialog box, clickHelp.
e. In the Internet Information Services (IIS) 6.0 help window, scroll tothe Related Topics section at the end of the text and clickIsolationModes.
The Internet Information Services 6.0 Administrator Guide opens on the IIS
Isolation Modes page.
f. Close the small Internet Information Services (IIS) 6.0 help windowthat stayed on top.
g. In the Internet Information Services 6.0 Administrator Guide, clickin the right pane, and scroll down the IIS 5.0 Isolation Modes text to
see the two diagrams that show the fundamentally different architecture
between worker process isolation mode and IIS 5.0 isolation mode.
Info: In both modes, for performance reasons, the HTTP listener (http.sys)
runs in kernel mode. It stores responses in a kernel-mode cache. In workerprocess isolation mode, IIS 6.0 runs multiple Web applications in isolated
environments, called application pools. Worker processes (w3wp.exe)
assigned to the application pool handle the Web requests for each
application. In a separate process (svchost.exe), the WWW Service only
manages and monitors all the worker processes. In IIS 5.0 isolation mode,
the HTTP listener sends Web requests to the WWW Service, which are then
handled in-process (inetinfo.exe) or out-of-process (dllhost.exe).
h. Close the Internet Information Services 6.0 Administrator Guide.
Info: You can open the IIS 6.0 Administrator Guide on any Windows
8/8/2019 IIS6 Lab Guide
10/18
10 Internet Information Services 6.0
Server 2003 computer, by typing hh iismmc.chm in the Run dialog box.
i. ClickCancel to close the Web Sites Properties dialog box.
2. We can easily create a new
application pool named
Sample Pool to use with our
Web application.
a. In Internet Information Services (IIS) Manager, expandApplication Pools.
b. Right-clickApplication Pools, point to New and clickApplicationPool.
c. In the Add New Application Pool dialog box, type Sample Pool in theApplication pool ID text box and clickOK.
3. Now that we have a new
application pool for
servicing Web applications,
we will move the
sampleweb application to
this new application pool.
a. Under Default Web Site, clicksampleweb, right-clicksampleweband clickProperties.
b. In the sampleweb Properties dialog box, clickVirtual Directory,select Sample Pool in the Application pool dropdown box and clickOK.
c. In the left pane, expand Sample Pool.
Note: The sampleweb application is still part of the Default Web Site (and
communicates on port 80, the default for the Default Web Site). However,
worker processes in the Sample Pool application pool now handle Web
requests for sampleweb.Complete the following task
on:
Madrid4. We will now connect to
both Web sites currently
hosted on the Paris server.
a. Click the Madrid link in the My Machines browser.
b. In Internet Explorer, type http://paris/sampleweb/pool.asp in theAddress field and press Enter.
Note: The contents of the Pool.asp file shows that the application is in the
Sample Pool application pool.
c. ClickStart | All Programs and clickInternet Explorer to open asecond instance of the Web browser.
d. In the second Internet Explorer, type http://paris/tsweb in theAddress field and press Enter.
Note:Internet Explorer displays the Remote Desktop Web Connection Web
page. This request is still handled by the default application pool. Please
leave both Internet Explorer windows open for use in the next tasks
Complete the following 4 tasks
on:
Paris
5. Since we have live
connections to both web
sites, we can view the
processes that are hosting
them.
a. Click the Paris link in the My Machines browser.
b. ClickStart | Command Prompt.
c. Type cscript.exe %windir%\system32\iisapp.vbs and press Enter.
Info: The iisapp.vbs script lists the process IDs (PID) for all the current
worker processes (w3wp.exe), and the associated application pool name
(AppPoolId). (The System32 folder contains eight iis*.vbs scripts to
administer IIS 6.0.)
Note: The output of iisapp.vbs shows that two worker processes are
started. One for sampleweb in Sample Pool, and one for tsweb in
DefaultAppPool.
6. Now we will create a Web
application for the TS Web
site so that we can move it
into our new application
pool.
a. Switch to Internet Information Services (IIS) Manager, clicktswebunder Default Web Site, right-clicktsweb and clickProperties.
b. In the tsweb Properties dialog box, clickVirtual Directory, clickCreate and type TS Web in the Application name text box.
c. In the Application pool dropdown box, select Sample Pool and clickOK.
Note: We have created new application named TS Web for thetsweb
virtual directory and moved it to the Sample Pool application pool.
7. We must stop and start the a. Under Application Pools, right-clickDefaultAppPool and click
8/8/2019 IIS6 Lab Guide
11/18
Internet Information Services 6.0 11
DefaultAppPool
application pool to shut
down the current worker
process in this application
pool.
Properties.
b. In the DefaultAppPool Properties dialog box, clickPerformance.
Info: The Idle timeout setting shows that worker processes are shut down
after being idle for 20 minutes. That is the default setting for
DefaultAppPool and other application pools.
c. ClickCancel to close the DefaultAppPool Properties dialog box.
Note: Instead of waiting 20 minutes, we stop and start the DefaultAppPool
to shut down the current worker process in this application pool.
d. Right-clickDefaultAppPool and clickStop.
Info: Do NOT click Recycle. That command restarts worker processes. It is
not the combination of Stop and Start for the application pool.
e. Right-clickDefaultAppPool and clickStart.
8. Again, we will view the
current worker processes
used by IIS 6.0.
a. Switch to the Command Prompt window, type cscript.exe%windir%\system32\iisapp.vbs and press Enter.
Note: The output of iisapp.vbs shows that only the worker processes in
Sample Pool is started. (If worker processes do not return refresh the
pages on Madrid and run command prompt again.)
Complete the following task
on:
Madrid9. We need to refresh our
browser instances to
reconnect to IIS on Paris
and start the appropriate
worker processes.
a. Click the Madrid link in the My Machines browser.
b. In the Internet Explorer window that displays the contents ofhttp://paris/sampleweb/pool.asp clickRefresh.
c. In the Internet Explorer window that displays the contents ofhttp://paris/tsweb, clickRefresh.
Note:Internet Explorer connects to IIS on Paristo refresh the contents of
both Web pages.
Complete the following task
on:
Paris
10. Lets list the current worker
processes.
a. Click the Paris link in the My Machines browser.
b. In the Command Prompt window, type cscript.exe
%windir%\system32\iisapp.vbs and press Enter.Note: The output of iisapp.vbs shows that a single worker processes in
Sample Pool responded to the requests for sampleweb and for tsweb.
11. Now we will set up another
new feature ofIIS 6.0. We
use IIS Manager to
configure the Sample Pool
application pool to be a Web
garden with two worker
processes.
a. In Internet Information Services (IIS) Manager, right-clickSamplePool and clickProperties.
b. In the Sample Pool Properties dialog box, clickPerformance and setthe Maximum number of worker processes to 2 in the Web garden
section.
Info: By default a single worker process handles the request in an
application pool. You can configure an application pool to have more than
one worker process. An application pool that uses more than one worker
process is called a Web garden. This is an analogy to a Web farm that usesmore than one server for a Web site.
c. ClickOK to close the Sample Pool Properties dialog box.
Complete the following task
on:
Madrid12. We need to refresh our
browser instances to
reconnect to IIS on Paris
a. Click the Madrid link in the My Machines browser.
b. In the Internet Explorer window that displays the contents ofhttp://paris/sampleweb/pool.asp, clickRefresh.
c. In the Internet Explorer window that displays the contents ofhttp://paris/tsweb, clickRefresh.
8/8/2019 IIS6 Lab Guide
12/18
12 Internet Information Services 6.0
and start the appropriate
worker processes.
Complete the following 6 tasks
on:
Paris
13. Lets list the current worker
processes to see how the
Web garden functions.
a. Click the Paris link in the My Machines browser.
b. In the Command Prompt window, type cscript.exe%windir%\system32\iisapp.vbs and press Enter.
Note: The output of iisapp.vbs shows thattwo worker processes in Sample
Pool responded to the requests. One for sampleweband one for tsweb.
Remember the two process IDs (PID) of the current worker processes for
use in the next task.
14. Use IIS Manager to recycle
the worker processes in the
Sample Pool application
pool.
a. In Internet Information Services (IIS) Manager, right-clickSamplePool and clickRecycle.
Note: IIS starts two new worker processes in Sample Pool and shuts down
the existing two worker processes. The mechanism ensures that faulty Web
applications will not use up all system resources.
Info: Web requests continue to be serviced during the recycle period,
because an overlapped recycle is done. The existing worker processes keep
running, until after the new worker process is started up. Also, TCP/IP
connections from the Web browser on the client computers are maintainedby the WWW service, not by the individual worker processes.
15. Lets list the current worker
processes.
a. In the Command Prompt window, type cscript.exe%windir%\system32\iisapp.vbs, and press Enter.
Note: The output of iisapp.vbs shows that Sample Pool now has two
worker processes with other process IDs (PID) than before. This indicates
that these are two new processes.
16. Use IIS Manager to
examine automatic
recycling options for an
application pool.
a. In Internet Information Services (IIS) Manager, right-clickSamplePool and clickProperties.
b. In the Sample Pool Properties dialog box, ensure that the Recyclingtab is selected.
Info: Instead of manually starting the Recycleaction, an application pool
can be configured to automatically recycle its worker processes based on
elapsed time, number of request, time of day and memory usage.
c. ClickCancel to close the Sample Pool Properties dialog box.
17. In the next tasks, we will
configure the process
identity of the worker
processes. We will start by
creating a new application
pool and moving the TS
Web application into it.
a. In Internet Information Services (IIS) Manager, right-clickApplication Pools, point to New and clickApplication Pool.
b. In the Add New Application Pool dialog box, type TS Pool in theApplication pool ID text box, and clickOK.
c. Under Default Web Site, right-clicktsweb and clickProperties.
d. In the tsweb Properties dialog box, clickVirtual Directory, select TSPool in the Application pool dropdown box and clickOK.
The TS Web application is moved to the new TS Pool application pool.
e. In the left pane, expand TS Pool.
18. Now we configure the TS
Pool to use the Local
Service account identity.
a. In the left pane, right-clickTS Pool and clickProperties.
b. In the TS Pool Properties dialog box, click the Identity tab and selectLocal Service in the Predefined list box.
Info: The application pool identity is the user account that the worker
processes run under. All actions taken by the worker process are performed
with the privileges of this user account.The default identity for application
pools is Network Service. This is a built-in account in Windows Server
2003 that has the same privileges as a normal user account. Another new
built-in account, Local Service, is similar to Network Service, but has no
8/8/2019 IIS6 Lab Guide
13/18
Internet Information Services 6.0 13
network access.
c. ClickOK to close the TS Pool Properties dialog box.
Complete the following task
on:
Madrid
19. We need to refresh ourbrowser instances to
reconnect to IIS on Paris
and start the appropriate
worker processes.
a. Click the Madrid link in the My Machines browser.
b. In the Internet Explorer window that displays the contents ofhttp://paris/sampleweb/pool.asp, clickRefresh.
c. In the Internet Explorer window that displays the contents ofhttp://paris/tsweb, clickRefresh.
Complete the following 3 tasks
on:
Paris
20. Now we can use the
iisapp.vbs command to
determine the process ID(PID) of the worker process
in the TS Pool.
a. Click the Paris link in the My Machines browser.
b. In the Command Prompt window, type cscript.exe%windir%\system32\iisapp.vbs and press Enter.
c. Remember the process ID (PID) for the AppPoolId for TS Pool foruse in the next task.
d. Close the Command Prompt window.
21. We use Task Manager to
verify the process identity of
the worker process in the TS
Pool application pool.
a. Right-click the current time in the System Tray and clickTaskManager.
b. In the Windows Task Manager dialog box, clickView and clickSelect Columns.
c. In the Select Columns dialog box, click to select the PID (ProcessIdentifier) check box and clickOK.
d. On the Processes tab, select the worker process (w3wp.exe) with thePID corresponding to the AppPoolId for the TS Pool that the
iisapp.vbs command displayed in the previous task.
Note: Task Manager shows that the worker process in the TS Poolapplication pool run under the LOCAL SERVICE account. The other
worker processes (w3wp.exe) in the process list runs under the Network
Service account.
e. Close Task Manager.
22. To see what permissions are
set on a Web site, use IIS
Manager to examine the
default permissions of the
IIS_WPG group.
a. In Internet Information Services (IIS) Manager, right-clickTS
Pool and clickProperties.
b. In the TS Pool Properties dialog box, click the Identity tab.
Info: Instead of using one of the three predefined accounts, you can
configure the application pool identity to use a custom (configurable) user
account. When you configure a custom user account, also add the account
to the IIS_WPG group. The IIS_WPG group provides the minimum set of
rights and permissions required to run as worker process and to run Web
applications. An example of a custom user account that can be used as
application pool identity is the IWAM_PARIS user account.
c. ClickCancel to close the TS Pool Properties dialog box.
d. In the left pane, right-clickDefault Web Site and clickPermissions.
Note: A dialog box appears, containing the Security tab for the NTFS
permissions of the c:\inetpub\wwwroot folder.
e. In the c:\inetpub\wwwroot dialog box, select the IIS_WPG group.
Note: By default the IIS_WPG group has Read & Execute, List Folder
8/8/2019 IIS6 Lab Guide
14/18
14 Internet Information Services 6.0
Contents and Read permissions on the Default Web Site folder.
f. ClickAdvanced.
Info: When a worker process is processing a client request, it uses
impersonation. It creates a thread that uses the authenticated user's
identity, or that uses the IUSR_PARIS (IUSR_machinename) account if the
client request is anonymous.
g. In the Advanced Security Settings for wwwroot dialog box, ensure
that Internet Guest Account (CONTOSO\IUSR_PARIS) is
selected and clickEdit.
Info: In the Permission Entry for wwwroot dialog box, notice that
anonymous Web requests (impersonated as IUSR_PARIS) are explicitly
denied permissions to Create Files / Write Data, Create Folders / Append
Data, Write Attributes, Write Extended Attributes, Delete Subfolders and
Files and Delete on the Default Web Site.
h. ClickCancel to close the Permission Entry for wwwroot dialog
box.
i. ClickCancel to close the Advanced Security Settings for wwwroot
dialog box.
j. ClickCancel to close the c:\inetpub\wwwroot dialog box.
8/8/2019 IIS6 Lab Guide
15/18
Internet Information Services 6.0 15
Exercise 3XML MetaBase
ScenarioIn this exercise, you will back up the IIS 6.0 metabase files and edit the contents of theXML-formatted metabase file, while IIS is running.
Complete this Exercise using:
Paris
Tasks Detailed steps
1. First we will use IIS
Manager to save the current
metabase changes to disk.
a. In Internet Information Services (IIS) Manager console, right-clickParis (local computer), point to All Tasks and clickSave
Configuration to Disk.
b. ClickOK to confirm that the configuration changes have been saved.
Info: When IIS starts up, it reads all the configuration information for all
its Web sites and application pools from a file on the hard disk. This is
called the metabase. While running, IIS keeps this configuration
information in memory, and periodically saves configuration changes to
the metabase file. You can save the current configuration changes to the
metabase immediately by running the Save Configurationto Disk
command.
2. By browsing to the proper
directory, we can identify
the metabase files and the
backup and history versions
of the metabase files.
a. ClickStart | Windows Explorer.
b. Browse to C:\WINDOWS\system32\inetsrv.
Info: The two files MBSchema.xml and MetaBase.xml in the inetsrv folder
form the metabase. MBSchema.xml contains the metabaseschema
information. MetaBase.xml contains the actual IIS configuration
information. IIS 4.0 and IIS 5.0 used a binary file named Metabase.bin to
store the schema and configuration information. IIS 6.0 uses two plain text
XML-formatted files.
c. Browse to C:\WINDOWS\system32\inetsrv\History.
d. Expand the Name column.
Info: By default, IIS saves copies of the last 10 versions of the
MBSchema.xml and MetaBase.xml files. The file names include increasing
version numbers of the form Name_major#_minor#.xml. The major versionnumber increases when IIS saves a new copy of the metabase. The minor
version number increases when the administrator manually edits the
metabase.xml file.
e. Browse to C:\WINDOWS\system32\inetsrv\MetaBack.
Info: This is the default location to store backups of the metabase.
3. Now we will use the IIS
Manager to backup the
current metabase.
a. In Internet Information Services (IIS) Manager, right-clickParis(local computer) point to All Tasks and clickBackup/Restore
Configuration.
Info: The Configuration Backup/Restore dialog box lists the current
8/8/2019 IIS6 Lab Guide
16/18
16 Internet Information Services 6.0
metabase backups from the MetaBack folder, plus the 10 automatic
backups from the History folder.
b. In the Configuration Backup/Restore dialog box, clickCreateBackup.
c. In the Configuration Backup dialog box, type Lab Backup in theConfiguration backup name text box.
Info: If you specify a password, the secure properties in the backup file are
encrypted. All other information in the backup remains unencrypted.
d. ClickOK to close the Configuration Backup dialog box.
Info: IIS creates a backup of the metabase files, and stores the backup in
the MetaBackfolder. (The backup version number is used to distinguish
backup sets with the same name.)
e. ClickClose to close the Configuration Backup/Restore dialog box.
Info: You can restore metabase backups on the same computer, or if
needed, on another computer.
4. IIS 6.0 allows us to edit the
metabase live and it updates
the configuration while still
running. We use IIS
Manager to enable this
feature.
a. In Internet Information Services (IIS) Manager, right-click Paris(local computer) and clickProperties.
b. In the Paris (local computer) Properties dialog box, click to select theEnable Direct Metabase Edit check box.
Info: Even though IIS keeps a copy of the metabase content in memory, this
option allows us to edit the metabase.xml file while IIS is running (not the
MBSchema.xml file). IIS uses Windows file change notification to update its
configuration in memory, when the metabase.xml file is changed manually.
c. ClickOK to close the Paris (local computer) Properties dialog box.
5. First lets look at the last
copy of the metabase so that
we can see that it was
recently changed, when we
allowed direct editing.
a. Switch to Windows Explorer and browse to theC:\WINDOWS\system32\inetsrv\Historyfolder.
Note: The last saved copy of the metabase files is from less than a minute
ago.
Info: The option to allow editing the metabase directly while IIS isrunning, is itself a change in the configuration and causes IIS to
immediately update the metabase file on the hard disk.
6. Now all we need to edit the
metabase is Notepad.
a. In the C:\WINDOWS\system32\inetsrv folder, right-clickMetaBase.xml and clickEdit.
b. In the IIsComputer node, change the value ofMaxHistoryFiles to"12". (On line ~20 in the file.)
Info: The value of the MaxHistoryFiles property indicates how many saved
metabase history versions IIS must keep in the History folder.
c. ClickFile | Save.
d. Close Notepad.
7. Now we can see that the editwe made was implemented
because IIS created a copy
of the metabase.
a. In Windows Explorer browse toC:\WINDOWS\system32\inetsrv\History folder.
Note: The last saved copy of the metabase files only increased the minor
version number in the file names (Name_major#_minor#.xml) to indicate
that the metabase.xml file was edited directly.
8. Lets look at the schematic
structure of the metabase
file.
a. ClickStart | Run.
b. In the Run dialog box, type hh iismmc.chm and clickOK.
c. In the Internet Information Services 6.0 Administrator Guide, onthe Contents tab, expand Internet Information Services | Server
Administration Guide | IIS Metabase | Metabase Structure and
8/8/2019 IIS6 Lab Guide
17/18
Internet Information Services 6.0 17
select Metabase Configuration File.
Info: In the right pane, the Metabase Configuration File page provides a
good description of the structure of the metabase.xml file.
d. In the left pane, right-clickMetabase Configuration File (or any othernode), and clickClose all.
e. Expand Internet Information Services | Reference | MetabaseProperty Reference and select MaxHistoryFiles.
Info: The Metabase Property Reference node contains a list of all the
properties in the metabase.xml file. The MaxHistoryFiles property was
changed in the previous task.
f. Close the Internet Information Services 6.0 Administrator Guide.
9. Now we will see what
happens if we accidentally
make an incorrect entry to
the metabase file.
a. In the C:\WINDOWS\system32\inetsrv folder, right-clickMetaBase.xml and clickEdit.
Note: A disadvantage of using a generic text editor like Notepad, to
change the contents of a critical configuration file like metabase.xml, is the
possibility of making editing mistakes.
b. In the IIsComputer node, "accidentally" remove the = (equal) sign
after MaxBandwidth. (On line ~20 in the file.)Note: This editing change makes this an incorrect metabase.xml file.
c. ClickFile | Save.
d. Close Notepad.
10. We examine the System log
in Event Viewer to
determine how IIS handles
an editing error in the
metabase.xml file.
a. ClickStart | Administrative Tools and clickEvent Viewer.
b. In Event Viewer, select the System log in the left pane.
c. In the right pane, right-click the error event from IIS Config with eventID 4275 and clickProperties.
Note: The description of the error event states that the XML parser found
an invalid character on row (line) 19.
d. In the Error Properties dialog box for event ID 4275, click the Up
arrow button.
Note: The description of the next error event (event ID 51220) states that
the new metabase file was not applied.
k. In the Error Properties dialog box for event ID 51220, click the Up
arrow button.
Note: The description of the next error event (event ID 51219) states that
the incorrect metabase file is copied to the History folder. The
metabase.xml file is replaced by the last-known-good configuration.
l. ClickOK to close the Error Properties dialog box.
m. Close Event Viewer.
11. We can see how IIS handled
the error we introduced by
viewing the current contents
of the metabase.xml file.
a. In the C:\WINDOWS\system32\inetsrv folder, right-click
MetaBase.xml and clickEdit.
Note: The = (equal) sign after the MaxBandwidth property on line 19, is
still in the file.
b. Close Notepad.
12. Further, we can find the
error file to identify the
incorrect metabase.xml file.
a. In Windows Explorer, browse to
C:\WINDOWS\system32\inetsrv\Historyfolder.
Note: The folder contains aMetaBaseError_#.xml file. This is the
incorrect metabase.xml file, with the missing = (equal) sign.
8/8/2019 IIS6 Lab Guide
18/18
18 Internet Information Services 6.0
b. Right-clickMetaBaseError_#.xml and clickEdit.
c. On line 19, the = (equals) sign is not there.
d. Close all open windows.