SWatch Reader Favorite! Learn how to install IIS 6.0 using the 'Manage Your Server' wizard as well as how to set the Application Server role on the system." />
 

IIS 6.0 on Win 2003: Installing, Assigning, Removing Server Roles

Friday Feb 1st 2008 by Jason Zandri
Share:

SWatch Reader Favorite! Learn how to install IIS 6.0 using the 'Manage Your Server' wizard as well as how to set the Application Server role on the system.

Welcome to the second installment of Internet Information Services 6.0 on Windows Server 2003. This series of articles is designed as both a refresher for the IT professional familiar with designing and administrating IIS 4 and IIS 5, and for newcomers looking to get their feet wet.

Discuss this article in the ServerWatch discussion forum

Unsure About an Acronym or Term?
Search the ServerWatch Glossary
 

This installment continues our introduction to IIS 6.0 on Windows Server 2003 by providing an overview of how to install IIS 6.0 using the "Manage Your Server" wizard to install the Application Server role on the system, which configures the system with a base installation and deployment of IIS 6.0.

IIS 6.0 on Windows Server 2003 is not installed by default when the operating system is installed (a departure from the Windows 2000 Server era when IIS 5.0 was installed by default). Even when an administrator opts to install the application, the default installation sets IIS 6.0 as a static-content Web server only. ASP and ASP.NET must be explicitly installed by the administrator for dynamic content to be available for use on the particular system.

In situations in which a Windows 2000 Server with IIS 5.0 is installed and subsequently upgraded to Windows Server 2003, IIS 6.0 will be installed as a simple static content Web server unless an administrator installed and ran the IIS Lockdown Tool or configured the RetainW3SVCStatus registry key to secure the Windows 2000 Server operating system and the IIS 5.0 installation.

NOTES FROM THE FIELD -- IIS Lockdown Tool version 2.1 turns off unnecessary features and services of IIS 4.0, 5.0, and 5.1 in an effort to reduce the available attack surface for would-be attackers.

The tool can be run to secure IIS 4.0 on Windows NT 4.0 Server systems when IIS 4.0 is installed from the NT4 Option Pack. The tool can also lock down IIS 5.0, which is installed by default on Windows 2000 Server installations. IIS 5.1, which is found under the Windows XP family of operating system (but not installed by default), can also be locked down via the tool.

Version 2.1 of IIS Lockdown Tool can use supplied templates for Microsoft Exchange 5.5 and 2000, Commerce Server, BizTalk, Small Business Server 4.5 and 2000, SharePoint Portal Server, FrontPage Server Extensions, and SharePoint Team Server in an effort to lock down these IIS-dependent applications when they are installed and using IIS.

URLscan 2.5 has been integrated with the IIS Lockdown tool as well.

UrlScan blocks specific HTTP requests in an effort to restrict the types of calls that can be made to the IIS server. It runs on IIS 4.0, 5.0, 5.1, and 6.0.

Future articles will cover both tools in greater depth.

Original date of publication, 07/31/2003

Installing IIS 6.0 via the "Configure Your Server" Wizard

With that said, there are several ways to install IIS 6.0 on a Windows Server 2003 system.

Discuss this article in the ServerWatch discussion forum

Unsure About an Acronym or Term?
Search the ServerWatch Glossary
 

The simplest way (which does not allow for much additional configuration as far as configuration options and secondary services like FTP or SMTP) is to configure the Application-Server-specific role for your system by using the "Configure Your Server" wizard.

To successfully run the wizard, you must be logged on to the local system with an administrator account (or any other account for which the required permissions and rights on the local system have been delegated).

Another installation option is to use Add or Remove Programs from the Control Panel. The next article in this series will detail that type of installation.

The recommended approach, as far as security is concerned, is to not log on to any systems with an administrator account but rather to log on with a domain (or local) user account and use the Secondary Logon service known as RUNAS to launch an application or an installation program only with the appropriate administrative rights to perform the needed function on the system. Once the program is closed, or the installation complete, the administrative context is released and everything else running under that user account on the system is running at the lower "user" level.

NOTES FROM THE FIELD -- Microsoft Knowledge Base Article 225035, Secondary Logon (Run As): Starting Programs and Tools in Local Administrative Context, details the procedure. Although the article itself pertains to Windows 2000, the functionality is more or less the same as it is in Windows XP and Server 2003.

In summary, to start an application (such as CMD.exe) using Secondary Logon, go to Start, click Run, type runas /user:machine_name\administrator cmd, where machine_name is the name of your computer, and then click OK.

A console window will appear, prompting for a password for the machine_name\administrator account.

Type the password for the administrator account and press ENTER.

A new console will appear, running in the administrative context, as shown in the title of the console itself.

Any command-based programs can now be started from this console window and also run in an administrative context.

In addition, you can run an application from its shortcut by selecting the particular application's shortcut from the desktop, the Control Panel, or the Start Menu, and holding down the SHIFT key and, once the icon is highlighted, left-clicking it one time.

Once it is highlighted, and while you are holding down the SHIFT key, right-click the icon to bring up the Run as ... option in the right-click pop-up list.

A dialog box titled, "Run program as other user" will appear, which will allow you to enter the local or domain credentials required to start the tool or application in an administrative context.

One slight difference in Windows Server 2003 vs. what is outlined above for Windows 2000 and XP is that in Windows Server 2003 you need only perform the "hold the shift key down and right click" action to bring up the RUNAS option on the right-click menu for your Control Panel tools, whereas this must be done for everything in Windows 2000 and XP. Regular EXEs at their path location, Start Menu shortcuts, and shortcuts on the desktop will automatically show RUNAS on the right-click menu without holding down the SHIFT key on Windows Server 2003 systems.

Original date of publication, 07/31/2003

Setting Server Roles

Discuss this article in the ServerWatch discussion forum

Unsure About an Acronym or Term?
Search the ServerWatch Glossary
 
Server Roles in Windows Server 2003 enable the administrator to configure specific roles for the system using the Configure Your Server wizard.

Depending on the settings, the Manage Your Server window may be automatically available on login. If not, it is found on the Start Menu under All Programs - Administrative Tools.


From this screen you can add a role to your existing server, which will allow you to configure it for a specific task. The current role is managed from this page as well.

At this point, you can pick one of the following roles (the titles of which are all self-explanatory).

  1. File server
  2. Print server
  3. Application server
  4. Mail server
  5. Terminal server
  6. Remote access/VPN server
  7. Domain controller
  8. DNS server
  9. DHCP server
  10. Streaming media server
  11. WINS server

The steps for configuring the server in any role are pretty straightforward. Select Add or Remove a Role from the main Manage Your Server window to launch the Configure Your Server wizard. Once you have read the information on the screen, verified that all of the network connections are verified, and you have the needed installation path information to the Windows Server 2003 setup files (or the CD), click Next to continue.

The setup wizard will test the available and enabled network connections and go to the Server Role screen.

Here, you will be able to set up the server for one or more roles. To set up a second or third role for a server you must run the Configure Your Server wizard again, as only one role can be established at a time.

In the following example, we have selected the Application Server role to configure the system as an IIS 6.0 server. Note that this is the only way to perform the installation of IIS 6.0 using the Configure Your Server Wizard; there is no "IIS 6.0" role, just the Application Server role.

The next screen varies from role to role, as it relates to the function of the role we have chosen. Different roles will generate different subsequent screens depending on the installation of the role picked. For our Application Server role, the next screen is the Application Server Options page, which will allow us to select (or to not select) additional tools, such as FrontPage Server Extensions, or to enable ASP.NET by selecting the appropriate checkboxes.

The next screen is the Summary of Selections, which presents the options elected to install. This is in direct contrast to the Configure Your Server wizard, which offered no options for installing additional services, such as FTP, NNTP and SMTP, and they are not added by default when you establish the server role this way.

NOTES FROM THE FIELD -- To specify additional services or other customizable settings you must run the entire installation from Add or Remove Programs from the Control Panel.

From here, IIS 6.0 is installed and configured automatically by the Configure Your Server wizard without any further administrator intervention. During the install, the Windows Components wizard will appear as software is installed from the software distribution point or the original CD-ROM.

Once the process is complete the final page of the Configure Your Server wizard appears stating, "This Server is Now an Application Server" (or whichever type was chosen).

If you opt to review your Configure your Server.log file at this time, you will see the following information:

(3/4/2003 1:03:51 PM)
 
Configurations for an Application Server

IIS installed successfully. 

The next steps for this role are viewable by selecting that hyperlink from the Configure Your Server wizard completion page.

This will open the Help File for Configure Your Server, and it will bring you right to the next steps: completing additional tasks page that highlights additional tasks you might want to perform on the application server.

If you go to Start - All Programs - Administrative Tools - you will see that the Internet Information Services Manager MMC is now installed.

A quick look reveals that only the World Wide Web service is installed. FTP, NNTP, and SMTP are not added by default when the server role is established this way.

Also, if the Configure Your Server wizard is run again, you will see that the role of Application Server will show up on the main screen of the Manage Your Server wizard in the section that reads "Your server has been configured with the following roles:"

It will also show any other roles that might be configured on the server.

Original date of publication, 07/31/2003

Removing Server Roles

Discuss this article in the ServerWatch discussion forum

Unsure About an Acronym or Term?
Search the ServerWatch Glossary
 

In the event you must remove IIS 6.0 (or any other established role) from your system after it is no longer in use (and removing unneeded services from a system is a good security practice) and you wanted to perform this action by using the Configure Your Server wizard, all you need to do is choose the Add or Remove a Role green arrow at the upper right hand side of the Manage Your Server intro page.

The next screen to appear is the Preliminary Steps screen on which you can read the information and verify that all of the network connections are available. You can also check to see if you have the needed installation path information (or the CD) to the Windows Server 2003 setup files.

From here, the setup wizard tests available and enabled network connections and brings you to the Server Role screen. If you wanted to add another role to the Application Server (e.g., a File Server) at this time, choose one of the other available roles, and click Next to continue. This enables the wizard to install the new role.

Since for explanatory purposes we wish to remove a role, we will select a role that is already configured on the server (our Application Server IIS, ASP.NET) and click Next to remove it.

On the Role Removal Confirmation screen appears a summary of what will be done to the system to remove the current role. In some cases components will be removed; in others services will be disabled.

The next step in the process is to actually remove the role. This screen contains a checkbox that must be selected before choosing Next to continue. (Note that in the screen shot, the box is not checked and the Next button is not available.)

After Next is selected, the wizard immediately begins to remove the role. The "Are You Sure" prompt is the previous screen's checkbox and the Next box is grayed out.

The removal process will call for the installation files (from either the original distribution point or the CD-ROM drive if the disk is available), and a pop-up box (shown below) will identify what is occurring. If the disk or the distribution point is not available, a pop-up box will appear asking for the location of the files.

The final screen of the Configure Your Server Wizard shows (in this case) that the Application Server role has been successfully removed from the system.

You can now review the Configure Your Server log file, which shows information from the original server role installation as an Application Server and the current action of removing that role, by selecting the link on the Configure Your Server wizard completion page

.
(3/4/2003 1:03:51 PM)
Configurations for an Application Server
IIS installed successfully.

(3/7/2003 8:50:16 PM)
Removal of Application Server Role
IIS successfully removed.
ASP.NET successfully disabled.

A quick look back on the Manage Your Server wizard welcome page shows that it no longer has any roles assigned to it.

The removal of the Application Server Role uninstalls IIS 6.0 from the server. It has also removed the Internet Information Services MMC from the Administrator Tools menu, and the World Wide Web service is no longer present on the services menu.

That wraps up this installment of Internet Information Services 6 on Windows Server 2003. As always, if you have any questions, comments, or even constructive criticism, feel free to drop me a note. I want to write solid technical articles that appeal to a wide range of readers and skill levels, and it is only through your feedback that I can be sure I am doing that.

Until the next time, remember:

"Windows 2000 reached 4 years of service, and on July 29, 2003 Windows NT4 Server turned seven years old."

Original date of publication, 07/31/2003

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved