Embed Size (px)
DESCRIPTION
Internet/intranet support. Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV publishing directories. View and manage printers through a Web browser and set resource access permissions for a Web site. - PowerPoint PPT Presentation
Citation preview
Cou
rse
ILT
Internet/intranet support
Unit objectives Use the Internet Information Services
snap-in to manage IIS, Web sites, virtual directories, and WebDAV publishing directories.
View and manage printers through a Web browser and set resource access permissions for a Web site.
Cou
rse
ILT
Internet/intranet support
Topic A: Internet Information Server overview
Topic B: Managing Web access
Cou
rse
ILT
Centralized administration
Internet Information Services snap-in
Cou
rse
ILT
Centralized administration
Internet Services Manager (HTML)
Cou
rse
ILT
Centralized administration
Delegated administration– Delegate IIS 5.0 administration
permissions to other users by adding them to the Operators list on a Web site’s Operators properties tab
Cou
rse
ILT
Centralized administration
Multisite hosting– IIS 5.0 has the ability to host multiple
Web sites from a single physical server. You can distinguish between the servers in any of the following ways: Assign each Web site a different TCP/IP
port number. Assign each Web site a different IP address. Assign each Web site a different host
header name.
Process and bandwidth throttling Dfs (distributed file system) support
Cou
rse
ILT
IIS installation IIS is included in the default installation of Windows
2000 Server. Add/Remove Windows Components Available IIS components
– Common Files– Documentation– File Transfer Protocol (FTP) Server– FrontPage 2000 Server Extensions– Internet Information Services Snap-in– Internet Service Manager (HTML)– NNTP Service– SMTP Service– Visual InterDev RAD Remote Deployment Support– World Wide Web Server
Cou
rse
ILT
IIS installation During installation, a folder named Inetpub will be
created on your system drive. Inetpub subfolders will be created for things such
as Web content, scripts, and samples. In addition, the following two users will be created:
– IUSR_servername This is the built-in account for managing anonymous
access to IIS.
– IWAM_servername This is the built-in account that is used by IIS for starting
out-of-process applications.
The IIS server’s name will appear as servername. The IUSR and IWAM users will be created as local users
when installing IIS on a member server, and as Active Directory users when installing IIS on a domain controller.
Cou
rse
ILT
IIS configuration
Internet Information Services snap-in – Local IIS server (if any) will be displayed
automatically
Cou
rse
ILT
IIS configuration
Web site properties
Cou
rse
ILT
IIS configurationTab Description
Web Site This is where you set the Web site identification, limit connections, and set your logging option.
Operators Allows you to add operators as delegated administrators for the Web site.
Performance You can tune Web site performance based on expected hits per day. You can also set process throttling and bandwidth throttling options for the Web site.
ISAPI Filters This is where you add, remove, edit, or disable ISAPI filters for the Web site.
Home Directory This sets the home directory and options, including basic security options for the home directory.
Documents This is where you identify and enable the default document.
Directory Security This is where you set access and authentication, filter access by IP address or domain name, and enter certification information for security communications.
HTTP Headers This is where you set content expiration, content rating, and MIME mapping.
Custom Errors This is where you edit custom HTTP errors for use by this Web site.
Cou
rse
ILT
A-1: Configuring IIS
Activity
Cou
rse
ILT
Internet/intranet support
Topic A: Internet Information Server overview
Topic B: Managing Web access
Cou
rse
ILT
Server access security
IIS security overview
1. Request
4. Response
2. Authentication
3. Check NTFS Permissions
Cou
rse
ILT
Server access security
Authentication options for Web resources
Cou
rse
ILT
Server access security
Authentication methods
Cou
rse
ILT
Server access security Setting server access restrictions You are given the option of setting the default action to either
grant or deny computers access. You can then add exceptions to the default for any of the following:
A single computer, by IP address A group of computers, by IP address and subnet mask A domain, by domain name
Cou
rse
ILT
B-1: Setting Web server access permissions
Activity
Cou
rse
ILT
File and folder resources
Home directory
Cou
rse
ILT
File and folder resources You are given the following three options for setting
the source of the home directory:– A directory located on this computer– A share located on another computer– A redirection to a URL
If you choose one of the first two options, to set the source as a local directory or network share, you can also set the following options:– Script source access– Read– Write– Directory browsing– Log visits– Index this resource
Cou
rse
ILT
File and folder resources
If you choose the third option for the source of the home directory, setting the source as a URL, you can set the following options to indicate where the client will be sent:– The exact URL entered above– A directory below this one– A permanent redirection for this resource
Cou
rse
ILT
Virtual directories
Virtual Directory Wizard, which is launched through the Internet Information Services snap-in.
Cou
rse
ILT
Virtual directories The directory will be listed under the Web site for
which it was created. If IIS cannot connect to the directory, a stop sign (red octagon) with the word “Error” will be displayed.
Cou
rse
ILT
Network shares With IIS installed,
each folder includes a Web Sharing tab. You can right-click a folder in Windows Explorer, choose Properties, and select the Web Sharing tab.
The Edit Alias screen prompts you for the virtual directory alias, access permissions, and application permissions.
Cou
rse
ILT
WebDAV
Web-based distributed authoring and versioning
A protocol, which is an extension to the HTTP 1.1 standard. WebDAV supports remote file search, access, and management through a browser.
WebDAV setup – First step in setting up WebDAV publishing is to
create a publishing directory.– Typically, you will want to create this as a
subfolder of the \Inetpub folder: C:\Inetpub\WebDAV
Cou
rse
ILT
WebDAV clients
Any client using a browser that supports the industry-standard WebDAV protocol can access your WebDAV directory.
Windows clients can connect to a WebDAV publishing directory through Internet Explorer 5.0. For example, you would use an address similar to the following to connect over the Internet:– http://webserv.outlanderspices.com/webdav
To connect over a corporate intranet, you could use an address similar to the following:– http://outlanderspicespc/webdav
Cou
rse
ILT
WebDAV clients
Create a connection to a WebDAV publishing directory with the Add Network Places Wizard
Cou
rse
ILT
Virtual directory properties
Right-click the virtual directory and choose Properties
Cou
rse
ILT
Virtual directory navigation
You can navigate virtual and WebDAV publishing directories through Internet Explorer 5.0
Cou
rse
ILT
Virtual directory navigation
WebDAV through Windows Explorer
Cou
rse
ILT
Resource access security
The virtual directory properties tab lets you set resource access permissions and application permissions.
The Directory Security properties tab lets you manage access and authentication, IP address and domain name restrictions, and certificate information.
In addition, security for folders residing on an NTFS partition will be affected by NTFS security settings. That is the case because users connecting through a Web server are authenticated as local users.
Cou
rse
ILT
Permissions Wizard
Cou
rse
ILT
Permissions Wizard
Setting Public Secure
Authentication Methods Anonymous Users Anonymous access denied
Basic authentication
Digest authentication
Windows 2000 authentication
Access Permissions Read
Execute Scripts only
Read
Execute Scripts only
IP Address Restrictions None None
Administrators ACLs Full Control Full Control
Everyone ACLs Read & Execute Read & Execute
Cou
rse
ILT
Permissions Wizard
Cou
rse
ILT
Troubleshooting overview
Most of the problems you encounter with accessing resources through the Internet are going to fall into one of three general categories:– Inability to connect to a Web server– Inability to connect to a resource– Wrong permission assignment
Cou
rse
ILT
Troubleshooting overview
Web server access– Web server communications – Authorization – Restricted access
Resource access – Verify that the user can connect to the
resource. – Verify connections with remote servers.– Try directly connecting to the share
through the command line or Windows Explorer.
Cou
rse
ILT
Troubleshooting overview
Access permissions– This is the same type of potential
problem as occurs with shared network resources.
– Verify that access permissions have been set appropriately for the user.
WebDAV troubleshooting – Verify you can connect to the server.– Verify you can connect to the resource
and have the appropriate permissions.
Cou
rse
ILT
Internet printers Connecting with the Add Printer Wizard
– Choose Start, Settings, Printers. Double-click Add Printer.– Click Next to continue past the Welcome screen.– On the Local or Network Printer screen, select Network
printer and click Next.– On the Locate Your Printer screen, select the option to
connect to a printer on the Internet, and type the URL. A printer’s URL uses the following convention:http://domainname/printers/printername/.printer
– Be sure to include the period in front of the word “printer”. An IP address can be substituted for the domain name.
– Click Next after you have correctly typed the URL.– At this point, you will be prompted for your name and
password.– After you click OK, the printer will be located either on the
local area network or across the Internet .
Cou
rse
ILT
Internet printers
Connecting through Internet Explorer – You can also connect to an Internet
printer using Internet Explorer 5.0. To display a list of available printers, type the following URL in the address bar:http://domainname/printers
Cou
rse
ILT
Viewing printer properties
Cou
rse
ILT
Connecting to a printer
Cou
rse
ILT
B-2: Working with Web-based resource access
Activity
Cou
rse
ILT
Internet/intranet support
Unit summary This unit covered:
– How to use the Internet Information Services snap-in to centralize the management of IIS, Web sites, virtual directories, and WebDAV publishing directories
– How to view and manage printers through a Web browser and set resource access permissions for a Web site
