1 / 35

Internet Information Server 4.0 (and 5.0)

Internet Information Server 4.0 (and 5.0). By Nicolas PAOUR 12 January 2004. Introduction Required configuration to setup IIS IIS Setup (HowTo) Web Setup FTP Setup SMTP Setup. Security within IIS What are FrontPage extensions Using FrontPage with IIS Frequent TroubleShooting. Contents.

vivien
Télécharger la présentation

Internet Information Server 4.0 (and 5.0)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Information Server4.0 (and 5.0) By Nicolas PAOUR 12 January 2004 Nicolas Paour

  2. Introduction Required configuration to setup IIS IIS Setup (HowTo) Web Setup FTP Setup SMTP Setup Security within IIS What are FrontPage extensions Using FrontPage with IIS Frequent TroubleShooting Contents Nicolas Paour

  3. Overview • What is IIS • Questions/Answers • Aim • Product overview • Getting information • Understanding security • Managing IIS & FrontPage Nicolas Paour

  4. Basic concepts under NT Overview Fat : No Valid Security NTFS : Security Possible Any user who reaches a NT station by shared or Internet must be identified by Login and Password (Local or Global) Nicolas Paour

  5. Windows NT4 Server Partition NTFS (Yes) Index Server (Yes) Multi Virtual Site (Yes) Windows Workstation Partition NTFS (Yes) Index Server (No) Multi Virtual Site (No) Windows 95/98 Partition NTFS (No) Index Server (No) Multi Virtual Site (No) Required configuration to setup IIS • Windows 2000 Server • Partition NTFS (Yes) • Index Server (Yes) • Multi Virtual Site (Yes) • Windows 2000 Pro • Partition NTFS (Yes) • Index Server (Yes) • Multi Virtual Site (No) Nicolas Paour

  6. Check that D drive is NTFS partition Set administrators (Full) (Full) system (Full) (Full) remove Everyone Check if IIS3 does exist Uninstall IIS3 Check that « Regional Settings » is US. Copy in c:\install NT4_IIS4_serveur files (no space in folder name) FP2k_4.0.2.4317-(SR1.2) server extensions Metaedit files MDAC (2.52.6019.2) ADSI (2.5) IIS Setup – 1/6 Nicolas Paour

  7. Run NT4_IIS4_serveur\install.exe Disabled “Certificate Server” Disabled “FrontPage 98 Server Extensions” Disabled “Internet Connection Services for RAS Internet Information Server (IIS) Disabled “documentation” Enabled “FTP” Disabled “Internet NNTP Service” Enabled “Internet Service Manager” Disabled “Internet Service Manager (HTML)” Enabled “SMTP Service” Disabled “World Wide Web Sample Site” Enabled “World Wide Web Server” Enabled “Microsoft Data Access Components 1.5” (All) IIS Setup – 2/6 Nicolas Paour

  8. Enabled “Microsoft Index Server” (default) Language Resources French Language UK English Language US English Language Enabled “Microsoft Management Console” Disabled “Microsoft Message Queue” Disabled “Microsoft Script Debugger” Disabled “Microsoft Site Server Express 2.0” Enabled “NT Option Pack Common Files “Transaction Server” (Default) Disabled “Visual Interdev RAD Remote Deployment Support” Enabled “Windows Scripting Host” Select folders D:\wwwroot\application_name.hp.com\_shareweb (_fpweb if frontpage used) D:\ftproot\public C:\program files IIS Setup – 3/6 Nicolas Paour

  9. MTS (default) Index Server on on D:\wwwroot\application_name.hp.com\_catalog Reboot Remove “Administration Web Site ” Delete all virtual directory IISsample IISadmin IIShelp Scripts IISadmPwd msadc Remove folders: D:\wwwroot\application_name.hp.com\iissample D:\wwwroot\application_name.hp.com\scripts D:\wwwroot\application_name.hp.com\_shareweb\phone book service IIS Setup – 4/6 Nicolas Paour

  10. Install Metaedit Run metaedit and add Update MDAC and ADSI (Reboot) Update SP6a + Hotfix (Reboot) IIS Setup – 5/6 Nicolas Paour

  11. Open User Manager Remove from “access this computer from network” IUSR account IWAM account Add in “access this computer from network” “authenticated Users ” Remove from “Logon Locally” IUSR account IWAM account IIS Setup – 6/6 Nicolas Paour

  12. It is a FrontPage server: Install FP2K Server extensions set with FP2K “browse access” It is not a FrontPage server, set IUSR_ComputerName (RX)(R) on d:\wwwroot\application_name\_shareweb folder Enabled “Basic Authentication” Netscape access (to validate !) Setup IP, Port, Host for each website (don’t use “All unassigned”) Create d:\weblog folder set new virtual web Login in this folder Administrators (Full)(Full) System (Full)(Full) Web Setup Nicolas Paour

  13. NTFS right for d:\ftproot\public: administrators (full)(full) system (full)(full) Everyone (RWX)(R) Open mmc and select all options FTP Setup Nicolas Paour

  14. NTFS right for mailroot folder: mailroot and all subfolder without pickup: administrators (full)(full) system (full)(full) mailroot\pickup: administrators (full)(full) system (full)(full) everyone (RWX)(RX) Add IWAM_ServerName account in iis->SMTP properties as operators If not, a website using CDONTS.NewMail object in isolated process return the following error "permission denied". http://msdn.microsoft.com/library/periodic/period99/asp9951.htm SMTP Setup Nicolas Paour

  15. « Hardware » :o) NTFS « Software » :o( Fat and NTFS Security within IIS Note: Any user who reaches a NT station by shared or Internet must be identified by Login and Password (Local or Global) Nicolas Paour

  16. D: └─wwwroot └──home.grenoble.hp.com ├──_catalog │ └──catalog.wci ├──_fpweb ├──_report ├──_sharetools │ ├──cgi │ ├──database │ └──upload ├──_shareweb.null └──_ssl2 Security within IIS – Anonymous 1/2 Nicolas Paour

  17. Security within IIS – Anonymous 2/2 • Access to Data Web Server(IIS) To acceded the data via Internet, WEB server give an anonymous login/password Login : IUSR_Serveur Pass : ****** IUSR_Serveur (RX) (R) NT’s authentication successful Nicolas Paour

  18. D: └─wwwroot └──home.grenoble.hp.com ├──_catalog │ └──catalog.wci ├──_fpweb ├──_report ├──_sharetools │ ├──cgi │ ├──database │ └──upload ├──_shareweb.null └──_ssl2 Security within IIS – Secure access 1/2 Nicolas Paour

  19. Security within IIS – Secure access 2/2 • Basic security To secure a web site, remove IUSR account from drive Login : IUSR_Serveur Pass : ****** NT’s authentication refused Login_Name (RX) (R) Login : Login_Name Pass : Password NT’s authentication successful Nicolas Paour

  20. Security within IIS – SSL 1/2 Nicolas Paour

  21. Security within IIS – SSL 1/2 • SSL Encryption « https: » Https://serveur_name Private Key Public Key Session Key Nicolas Paour

  22. FrontPage extensions allow : to use specific components like Hit Counter Scheduled Include Page Categories Search Form to publish your site quickly What are FrontPage extensions SSL Filter FrontPage Filter Nicolas Paour

  23. Web site creation Site management (child site, move folder,…) Security setting Site Publishing Site deletion Using FrontPage with IIS Frontpage interface is required for : Nicolas Paour

  24. Web site creation Using FrontPage with IIS - Site creation - Yes No Nicolas Paour

  25. Site creation (FrontPage child site) Move folder – Use drag & drop Recalculate Hyperlinks Using FrontPage with IIS- Site management - Nicolas Paour

  26. Don’t use Directory Permissions Using FrontPage with IIS- Security setting - Use FrontPage Security Permissions Nicolas Paour

  27. Don’t use Share Directory Using FrontPage with IIS- Site Publishing - Use FrontPage publishing tool Nicolas Paour

  28. Don’t use NT delete Directory Using FrontPage with IIS- Site deletion - Use FrontPage delete option Nicolas Paour

  29. FrontPage extensions allow to use specific components: Insert menu, Component submenu Hit Counter Confirmation Field Include Page Scheduled Include Page Categories Search Form Additional Components (not used) Using FrontPage with IIS- Components(bis) - Nicolas Paour

  30. Frequent TroubleShooting http://membres.lycos.fr/paour/easy_doc/index.html Nicolas Paour

  31. TroubleShootings • Missing key 6013 • Wrong value Wrong NTFS rigth in Pickup folder See aspupload example Don’t use your NT account (logon with a test account). Add these lines: TYPE <%=Request.ServerVariables("AUTH_TYPE")%> <br> PASSWORD <%=Request.ServerVariables("AUTH_PASSWORD")%> <br> USER <%=Request.ServerVariables("AUTH_USER")%> <br> Nicolas Paour

  32. ASPUload use: Create d:\components\aspupload admin (full)(full) system (full)(full) Copy aspupload.dll in « aspupload » folder Test script : http://sopra100.sopra-hp.net/upload/default.htm Error : Example 1 regsvr32 D:\component\aspupload\bin\AspUpload.dll D:\component\aspupload\bin\ (RX)(RX) Or AspUpload.dll (RX) Upload folder : Everyone (RWX)(RX) OR Nicolas Paour

  33. Find a dll if « Library not registered » or « ActiveX component can't create object » error. Example 2 • Read object : Server.CreateObject("Persits.Upload") • Open regedit • Search in HKEY_CLASSES_ROOT\Persits.Upload\CLSID the data. • {B4E1B2EC-151B-11D2-926A-006008123235} • Search {B4E1B2EC-151B-11D2-926A-006008123235} in HKEY_CLASSES_ROOT\CLSID keys • Note the string data of HKEY_CLASSES_ROOT\CLSID\{…}\InprocServer32 • Example : C:\wwwroot\SOPRA100\_dll\AspUpload.dll Nicolas Paour

  34. Secure access Example 3 Add these lines: TYPE <%=Request.ServerVariables("AUTH_TYPE")%><br> PASSWORD <%=Request.ServerVariables("AUTH_PASSWORD")%><br> USER <%=Request.ServerVariables("AUTH_USER")%><br> TYPE PASSWORD USER • Anonymous access : • ..\Secure | IUSR_Computername (RX)(R) • Challenge/Response (remove IUSR account): • ..\Secure | training (RX)(R) • Or for IIS5 Digest (NT2000) – Integrated TYPE NTLM or Negotiate PASSWORD USERSOPRA-HP\training • Basic (remove IUSR account): • ..\Secure | training (RX)(R) TYPE Basic PASSWORD trai123ning USERSOPRA-HP\training Nicolas Paour

  35. Secure access Example 4 • Challenge/Response (remove IUSR account): • ..\Secure | training (RX)(R) Access Denied !!! Change secure folder as IIS Application OR Remove global.asa OR Allow Everyone (RX)(R) on global.asa folder Nicolas Paour

More Related