Module 12

: Configuring
a Web Server
Contents
Overview 1
Overview of IIS 2
Preparing for an IIS Installation 3
Installing IIS 4
Configuring a Web Site 6
Administering IIS 19
Troubleshooting IIS 21
Lab A: Configuring a Web Server 23
Review 31

Information in this document, including URL and other Internet Web site referenc
es, is subject to change without notice. Unless otherwise noted, the example co
mpanies, organizations, products, domain names, e-mail addresses, logos, people,
places, and events depicted herein are fictitious, and no association with any
real company, organization, product, domain name, e-mail address, logo, person,
places or events is intended or should be inferred. Complying with all applicab
le copyright laws is the responsibility of the user. Without limiting the right
s under copyright, no part of this document may be reproduced, stored in or intr
oduced into a retrieval system, or transmitted in any form or by any means (elec
tronic, mechanical, photocopying, recording, or otherwise), or for any purpose,
without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or othe
r intellectual property rights covering subject matter in this document. Except
as expressly provided in any written license agreement from Microsoft, the furn
ishing of this document does not give you any license to these patents, trademar
ks, copyrights, or other intellectual property.
2000 Microsoft Corporation. All rights reserved.
Microsoft, MS-DOS, Windows, Windows NT, Active Directory, BackOffice, FrontPage,
IntelliMirror, NetShow, Outlook, PowerPoint, Visual Studio, and Windows Media a
re either registered trademarks or trademarks of Microsoft Corporation in the U.
S.A. and/or other countries.
The names of actual companies and products mentioned herein may be the trademark
s of their respective owners.
Simulations and interactive exercises were built with Macromedia Authorware
Overview
The Microsoft Windows 2000 based server products integrate Web publishing into the o
perating system with a built-in Web server, Microsoft Internet Information Servi
ces (IIS) 5.0. The integrated Web publishing environment that Windows 2000 provi
des makes it easy for an organization to publish and host Web content over a cor

porate intranet or the Internet.

At the end of this module, you will be able to:
Describe the uses of IIS.
Prepare for an IIS installation.
Install IIS.
Configure a Web site.
Administer IIS.
Troubleshoot IIS.

Overview of IIS
By default, IIS is installed automatically when you install Windows 2000. IIS is
designed to support simple Web sites in addition to multiple Web sites on a sin
gle Web server. The Web publishing features of IIS integrate the latest Internet
standards to provide high levels of security, better performance, and standards
-based publishing protocols.
In addition to the World Wide Web (WWW) server, other Internet services that wor
k in conjunction with IIS include:
File Transfer Protocol (FTP) service. Enables you to set up FTP sites for upload
ing and downloading files.
Network News Transfer Protocol (NNTP) service. Enables you to host electronic di
scussion groups, or newsgroups. Newsgroups contain threaded discussions, which c
onsist of articles and follow-up messages that are related to a particular subje
ct.
Simple Mail Transfer Protocol (SMTP) service. Enables you to receive mail messag
es from a client application and send these mail messages to another server over
the Internet. You can also configure domain controllers to use the SMTP service
for replication over site links.
Important It is recommended that you remove IIS if you do not plan on using the
server as a Web server. To remove IIS from Windows 2000 Server, you can cancel t
he selection of IIS from the default installation.
Preparing for an IIS Installation
Before you install IIS, make sure you configure your server running Windows 2000
with the following network services and information:
Transmission Control Protocol/Internet Protocol (TCP/IP). IIS requires TCP/IP to

provide the connectivity that is necessary for transmitting data.

Static IP address. You must use a static IP address for your server if you inten
d to use IIS to publish content on the Internet.
Domain name. To make your Web site accessible by a domain name, you need to have
a Domain Name System (DNS) server available. Client computers use DNS to resolv
e the names of Web servers.
NTFS. For Security purposes, it is recommended that you format all drives that c
ontain Web content with the NTFS file system.

By default, IIS is installed automatically when you install Windows 2000, unless
you choose not to install it. When you configure IIS during the installation of
Windows 2000 Server, Setup adds Internet Services Manager to the Administrative
Tools menu and creates the Default Web Site and Default File Transfer Protocol
(FTP) Site. You can use Internet Services Manager to manage the Web server and t
o configure Web and FTP sites. After you install IIS, you can test the IIS insta
llation by using a browser to view files over your intranet or the Internet.
Note Setup will upgrade existing versions of IIS to IIS 5.0 when you install Win
dows 2000 Server.
Performing the Installation
If you choose not to install IIS during Windows 2000 Setup, you can install it l
ater.
To install IIS:
1.
In Control Panel, double-click Add/Remove Programs.
2.
Click Add/Remove Windows Components, select the Internet Information Services (I
IS) check box, and then follow the on-screen instructions in the Windows Compone
nts wizard to install IIS.
Note To open Internet Services Manager, click Start, point to Programs,
point to Administrative Tools, and then click Internet Services Manager.
Important IIS requires continual management. To be informed of the latest securi
ty updates for IIS and Windows 2000, ensure that you subscribe to the security b
ulletin service at http://www.microsoft.com/technet/security/ bulletin/notify.as
p.
Testing the Installation
After you install IIS, test your installation by using Microsoft Internet Explor
er to view the files in your home directory. The home directory is the central l
ocation for your published pages. The location of the default home directory tha
t IIS creates during Setup is C:\Inetpub\wwwroot.
To test your IIS installation:
1.
Start Internet Explorer on a computer that has an active connection to your intr
anet or the Internet. This computer can be the computer that you are testing, al
though it is recommended that you use a different computer on the network.
2.
In the Address box, type http://server (where server is the name of your compute

r), and then press ENTER.

The home page for the default Web site installed during Setup appears in the bro
wser. A home page is the initial page of information for a Web site. If you did
not create a home page, Internet Explorer displays a message stating that the pa
ge is under construction.
Note If the page cannot be displayed, open Internet Services Manager. In the con
sole tree, click the name of the computer on which IIS is installed. In the deta
ils pane, verify that the Default Web Site, the Administration Web Site, and the
Default SMTP Virtual Server are running.
Configuring a Web Site
Before users can connect to your Web site, you must configure the
IP address and domain name that users will use to connect to the Web site.
You can also specify the type of authentication used to validate user logon
information. IIS 5.0 provides four methods of authentication: Anonymous,
Basic, Digest, and Integrated Windows authentication.
To publish Web content, you need to configure home and virtual directories
to store that content. To help users browse your Web site, you can assign a
default document. A default document is the page that appears if a user
request to the Web server does not include a file name.
Configuring Web Site Identification
You must set identification parameters for your Web site to enable Web browsers
to locate your Web server. To establish a Web site, you can configure the defaul
t Web site or use the Web Site Creation wizard to create a new site.
Configuring the Default Web Site
To configure the default Web site:
1.
In Internet Services Manager, right-click the Web site, and then click P
roperties.
You can specify the following identification settings on the Web Site tab.
Description. Determines the name of the Web site that appears in Internet Servic
es Manager.
IP Address. The Web site s IP address. If your computer has multiple IP addresses,
you can create a separate Web site for each of them.

TCP Port. Determines the TCP port on which the Web service is running. The defau
lt is port 80. You can change the port to any unique TCP port number, but users
must specifically request that port number or their requests will fail to connec
t to your server.
SSL Port. Determines the port for connections that use Secure Sockets Layer (SSL
) encryption. An SSL port number is required only when SSL encryption is used. T
he default is port 443. You can change the port to any unique TCP port number, b
ut users must specifically request that port number or their requests will fail
to connect to your server. A Web server requires a computer certificate or Web s
erver certificate to enable SSL.

Note SSL security is an increasingly common requirement for Web sites that provi
de e-commerce and access to sensitive business information.
2.
Click OK to close the Default Web Site Properties dialog box.
Creating a New Web Site
To create a new Web site by using the Web Site Creation wizard, open Internet Se
rvices Manager, right-click the name of your computer point to New, and then cli
ck Web Site.
Follow the instructions in the Web Site Creation wizard to configure your new si
te. You must provide a description of the Web site, the IP address, port setting
s, and the path of the Web site home directory. You must also specify whether to
allow anonymous connections to the Web site, and set Web access permissions.
The home directory determines the location of the published content for a site.
When you assign a home directory, you can specify either a local directory or a
shared folder. A local directory stores published pages on the local computer. A
shared folder stores published pages on another computer on the network, and ap
pears to browsers as though it were located on the Web server.
You can assign the home directory for your site on the Home Directory tab in the
Properties dialog box for the Web site.
Specifying a Local Directory
To specify a home directory that resides on the same computer as IIS, click A di
rectory located on this computer. Specify the path to the home directory in the
Local Path text box, or click Browse to locate the home directory.
Specifying a Shared Folder
To specify a home directory that resides on a different computer from IIS, click
A share located on another computer.
Note When you specify a shared folder, most of the settings on the
Home Directory tab remain the same as when you specify a local directory.
However, the Network Directory text box replaces the Local Path text box,
and the Connect As button replaces the Browse button.
Type the universal naming convention (UNC) name in the Network Directory text bo
x, and click Connect As to specify the user name and password that IIS uses to c
onnect to the shared folder.
Identifying Methods of Authentication
To prevent unauthorized access to your Web site, you must verify the identity of
users. Configure your Web site so that no user can access the information on yo
ur Web site without providing a valid Windows user name and password. This ident
ification process is called authentication. The authentication process determine
s whether a user has a valid Windows user account with appropriate permissions f
or accessing a particular Web site, folder, or file. Authentication can be set a
t the Web site, directory, or file level. IIS supports four methods of authentic
ation for controlling access to content on your server.
Note IIS also includes a method of authentication by using certificates. For mor
e information about using certificates with IIS, see module 5, Implementing Secur
ity on a Web Server, in course 2295A, Implementing and Supporting Microsoft Inter
net Information Services 5.0.
Anonymous Access
Anonymous access provides users access to the public areas of your Web site with
out prompting them for a user name or password. This authentication method is co

nfigured by default during the IIS installation process. When a user attempts to
connect to your public Web site, your Web server assigns the user to the Windo
ws user account called IUSR_computername, where computername is the name of the
IIS server.
Note The IUSR_computername account is included in the built-in Guests group. Thi
s group has security restrictions that determine the level of access.
Basic Authentication
Basic authentication prompts users for a user name and password before allowing
access to a Web page. You can set Basic authentication at the Web site, folder,
or file level. When the Web server verifies that the user name and password corr
espond to a valid Windows 2000 user account, it establishes a connection. You ca
n configure IIS to use a specific domain when validating users credentials becaus
e Basic authentication does not allow a user to specify a domain. If the server
rejects the credentials, the Web browser repeatedly displays the Logon dialog bo
x until the user either enters a valid user name and password or closes the dial
og box.
Basic authentication is part of the Hypertext Transfer Protocol (HTTP) specifica
tion, and is supported by most browsers. However, Web browsers using Basic authe
ntication transmit passwords in an unencrypted form. As a result, any hacker can
intercept a user name and password. To secure user account information transmit
ted across the network, you must use Basic authentication with SSL security.
Digest Authentication
Digest authentication is a new feature of IIS 5.0. This method is similar to Bas
ic authentication, but it involves a different way of transmitting the authentic
ation credentials. The authentication credentials pass through a process called
hashing. Hashing converts the password to a unique value, from which the server
can verify the client s knowledge of the password without the client having to sen
d the password.
Digest authentication works across proxy servers and other firewalls, unlike int
egrated Windows authentication. Digest authentication is only available for serv
ers in a domain with Windows 2000 domain controllers. Also, Web browsers that su
pport HTTP 1.1 can support Digest authentication.
Important All user accounts that use Digest authentication must be configured wi
thin the Active Directory directory service with the Store password using reversi
ble encryption account option.
Internet Explorer 5.0 is the only browser that currently supports Digest authent
ication. The Digest authentication method proceeds as follows:
1.
The Web server sends the browser certain information that will be used in the au
thentication process.
2.
The browser encrypts the user name and password by adding the additional informa
tion sent by the server and then performing a hash on it.
3.
The resulting hash is sent over the network to the server, along with the additi
onal information in clear text.
4.
The server then adds the additional information to a plain text copy of the clie
nt's password and hashes all of the information.
5.
Finally, the server compares the hash value it received with the one it just mad
e. Access is granted only if the two numbers are absolutely identical.

Note A hash value consists of a small amount of binary data, no more than 160 bi
ts. This value is produced by using a hashing algorithm.
Integrated Windows Authentication
Integrated Windows authentication is a secure form of authentication because in
this method the user name and password are not sent across the network. The curr
ent Windows logon information on the client computer is used instead of the actu
al Windows user account and password information.
Note Only Internet Explorer, version 2.0 or later, supports this authentication
method. This method does not work over HTTP proxy connections.
Selecting a Method of Authentication
You can select a method of authentication for your Web site depending on the typ
e of information that you want to make available and the level of security that
you want to assign to your site.
The following table describes which type of authentication method to select for
different requirements.
Authentication Method Use When
Anonymous access
You want users to access public areas of your Web site.
This method does not offer any authentication at all.
Basic authentication
You want to authenticate users who access your Web site
through any browser or proxy server. Use this method when you are sure that conn
ections between the user and Web Server are secure, such as with a direct cable
line or a leased line. To secure authentication data that is sent across the Int
ernet, you must use Basic authentication with SSL.
Digest authentication You want secure authentication for your Web sites and yo
u must go through a proxy server. Also, Web browsers that support HTTP 1.1 can s
upport Digest authentication.
Integrated Windows
You are configuring an intranet site, where the users an
d
authentication the Web server are in the same domain or in domains with trust r
elationships between them. This method cannot authenticate users who access the
Web site through a proxy server. This method works only with Internet Explorer v
ersion 2.0 or later.
Selecting Multiple Methods of Authentication
Based on your requirements, you can select more than one method of authenticatio
n. However, when you select multiple methods, one method takes precedence over o
thers during authentication.
When you use a combination of Anonymous access and any authentication method, An
onymous access takes precedence. If the anonymous user account does not have per
mission to access a specific resource, IIS and the Web browser negotiate an auth
entication method.
When IIS and a Web browser negotiate an authentication method, The Web browser
uses the most secure method that both can use. The order of preference is Integr
ated Windows authentication, Digest authentication, and Basic authentication. Fo
r example, if a web page is configured to use to use all three authentication me
thods, and a Web browser can use only Digest authentication and Basic authentica
tion, the most secure authentication method that IIS and the Web browser can neg
otiate is Digest authentication.

To use a method of authentication, you must configure authentication for a Web s

ite, directory, or file on the Web server.
Configuring Anonymous Access
The anonymous account must have the user right to log on locally. If the account
does not have the Log on locally user right, IIS cannot respond to any anonymou
s requests. By default, IUSR_computername accounts are granted this right, but y
ou can change the security privileges. However, if the anonymous user account do
es not have permission to access a specific resource, your Web server refuses to
establish an anonymous connection.
To change the account that is used for Anonymous access:
1.
In Internet Services Manager, locate and right-click the Web site, directory, or
file that you want to configure, and then click Properties.
2.
In the Properties dialog box, click the Directory Security tab if you want to co
nfigure a Web site or directory, or click the File Security tab if you want to c
onfigure a file.
3.
Under Anonymous access and authentication control, click Edit.
4.
In the Authentication Methods dialog box, under Anonymous access, click Edit.
5.
In the Anonymous User Account dialog box, type useraccount or click Browse to lo
cate the valid Windows user account that you want to use for anonymous access.
6.
If the user account is located on a different computer, clear the Allow IIS to c
ontrol password check box and type the account password.
Configuring Basic Authentication
To authenticate users with Basic authentication, the Windows user accounts being
used for Basic authentication must also have the Log on locally user right. By
default, most user accounts are not granted the Log on locally user right on a d
omain controller.
To enable Basic authentication for a Web site:
1.
Open Internet Services Manager, locate and right-click the Web site, directory,
or file that you want to configure, and then click Properties.
2.
In the Properties dialog box, click the Directory Security tab if you want to co
nfigure a Web site or directory, or click the File Security tab if you want to c
onfigure a file.
3.
Under Anonymous access and authentication control, click Edit.
4.
In the Authentication Methods dialog box, clear the Integrated Windows authentic
ation check box, and then select the Basic authentication check box.
5.
In the Internet Service Manager message box, click Yes to acknowledge that passw
ords will transmit without data encryption, and then click OK twice to close the

Authentication Methods and Properties dialog boxes.

Configuring Digest Authentication
To enable Digest authentication for a Web site:
1.
Open Internet Services Manager, locate and right-click the Web site, directory,
or file that you want to configure, and then click Properties.
2.
In the Properties dialog box, click the Directory Security tab if you want to co
nfigure a Web site or directory, or click the File Security tab if you want to c
onfigure a file.
3.
Under Anonymous access and authentication control, click Edit.
4.
In the Authentication Methods dialog box, select the Digest authentication for W
indows domain servers check box.
5.
In the IIS WWW Configuration message box, click Yes to acknowledge that the meth
od works only with Windows 2000 domain controllers.
6.
Click OK twice to close the Authentication Methods and Properties dialog boxes.
Configuring Integrated Windows Authentication
To enable Integrated Windows authentication:
1.
Open Internet Services Manager, locate and right-click the Web site, directory,
or file that you want to configure, and then click Properties.
2.
In the Properties dialog box, click the Directory Security tab if you want to co
nfigure a Web site or directory, or click the File Security tab if you want to c
onfigure a file.
3.
Under Anonymous access and authentication control, click Edit.
4.
In the Authentication Methods dialog box, select the Integrated Windows authenti
cation check box, and then click OK twice to close the Authentication Methods an
d Properties dialog boxes.

You can assign a default document so that Web page content appears to the user e
ven when a browser request does not include a specific Hypertext Markup Language
(HTML) file name. You can use a default document as:
A home page that provides information for pages, Web sites, or section of a Web
site.
An index page that provides links to other content on the Web site.

To assign a default document:

1.
Open the Properties dialog box for the Web site, and then click the Documents ta
b.
2.
Select the Enable Default Document check box.
After you enable a default document, you can configure multiple default document
s. To add a new default document, click Add.
When you assign multiple default documents, the Web server searches the list of
default documents in the order in which the names appear. The server returns the
first document it finds. To change the search order, select a document in the l
ist of default documents, and then click the arrows to move the selected documen
t up or down accordingly.
Administering IIS
When administering IIS, it is important that you apply the most current security
updates to ensure that your IIS server is up-to-date and secure. Also, Windows
2000 Administration Tools, which are included on the Windows 2000 Server compact
disc, provide the administrative tools that enable you to manage a Web server r
emotely and monitor IIS performance.
Note The file called adminpak.msi is located in the \i386 directory on the Windo
ws 2000 Server compact disc, or in the systemroot\system32 directory on a comput
er running Windows 2000 Server. To install Windows 2000 Administration Tools, ri
ght-click adminpak.msi, and then click Install.
Applying the Latest Security Updates
To ensure that your Web server can take advantage of the most current security u
pdates, you should verify that your Web server is running the most current softw
are, including service packs, hot fixes, and security updates.
Important To help you determine what software is needed on your Web server, to r
eceive the most current security information, and to obtain information on the I
IS lockdown tool, subscribe to the security bulletin service at http://www.micro
soft.com/technet/security/bulletin/notify.asp.
Managing Web Servers Remotely
Use Internet Services Manager to connect to and manage Web servers remotely from
any computer that is running Windows 2000.
To connect to another Web server by using Internet Services Manager:
1.
Open Internet Services Manager from the Administrative Tools menu.
2.
In the console tree, right-click Internet Information Services, and then click C
onnect.
3.
In the Connect To Computer dialog box, type the name of the Web server to which
you want to connect, and then click OK.
Note For more information about using Internet Services Manager to manage a Web
server remotely, in Internet Services Manager, click the Action menu, and then c
lick Help.
Monitoring Internet Information Services
Open System Monitor from the Administrative Tools menu to monitor IIS performanc
e. When you install IIS, the following performance objects and counters for moni
toring service activity are added to System Monitor:

Internet Information Services Global. Contains counters that report on bandwidth

throttling and on usage of the IIS Object Cache.
Bandwidth throttling limits the bandwidth used by IIS services to a value that i
s set by an administrator. If the amount of bandwidth approaches or exceeds this
limit, bandwidth throttling delays or rejects IIS service requests until more b
andwidth becomes available.
The IIS Object Cache stores frequently used objects and objects that can slow pe
rformance if they are retrieved repeatedly. The counters report on the size, con
tent, and effectiveness of the IIS Object Cache.
Web Service. Provides counters that show data about the anonymous and non-anonym
ous connections to the HTTP service application and HTTP requests that have been
handled since the Web service was started.
Active Server Pages. Monitors applications running on your Web server that use A
ctive Server Pages. To monitor requests processed by calls to Common Gateway Int
erface (CGI) applications or Internet Server Application Programming Interface (
ISAPI) extensions, use the counters on the Web Service object.
Note For more information about using System Monitor, see module 12, Monitoring a
nd Optimizing Performance in Windows 2000, in Course 2152, Implementing Microsoft
Windows 2000 Professional and Server.
Troubleshooting IIS
You can use your Web browser to test a Web site that is connected to the Interne
t, or to test a Web site on your intranet. If the Web page does not appear after
using these testing methods, examine the error message to determine the cause o
f the problem.
Testing a Web Site that is Connected to the Internet
To test a Web site that is connected to the Internet:
1.
Ensure that the home directory for your Web server contains all of the HTML file
s for the Web site.
2.
Open the Web browser on a computer that has an active connection to the Internet
. This computer can be the computer you are testing, although it is recommended
that you use a different computer on the network.
3.
In the Address box, type the Uniform Resource Locator (URL) for the Web site s hom
e directory, and then press ENTER.
Note The URL includes the name of your Web site and the path of the file that yo
u want to view. For example, if your site is registered in DNS as examples.nwtra
ders.com and you want to view the file called homepage.htm that is located in th
e root of the home directory, type
http://examples.nwtraders.com/homepage.htm
Testing a Web Site on Your Intranet
To test a Web site on your intranet:
1.
Ensure that your computer has an active network connection and the DNS or WINS S
erver service is functioning properly.
2.
Open the Web browser.

3.
In the Address box, type the URL of the Web server s home directory, and then pres
s ENTER.
Note The URL begins with http:// followed by the Windows Networking name of your
server and the path of the file that you want to view. For example, if your sit
e is registered in WINS as Admin1 and you want to view the file called homepage.
htm that is located in the root of the home directory, type http://admin1/homepa
ge.htm
Resolving IIS Problems
When you are not able to display a Web page while testing a Web site, carefully
examine the error message. The error message contains information that can help
you to identify the cause of the problem. The following table lists common conne
ctivity problems and their solutions.
Problem Solution
The client cannot find Check name resolution and connectivity.
the Web server.
Access is forbidden. Check the authentication method and file permissions.
File not found. Check that the file exists and that its location is correct.
File does not display Check the page design to ensure that all elements exist, s
uch
correctly. as graphics. Verify that the permissions are set correctly.
Tip If your computer has IIS installed on it, you can use your Web browser to ac
cess the IIS online documentation, which contains many troubleshooting tips and
procedures. To access the IIS online documentation, in the Address box, type htt
p://localhost/iishelp and then press ENTER.
Objectives
After completing this lab, you will be able to:
Configure IIS.
Create a Web site.
Configure Web site security.
Configure a default document for a Web site.
Prerequisites
Before working on this lab, you must have:
Knowledge of the operations of IIS.
Knowledge of the options for Web site security.
Lab Setup
To complete this lab, you need the following:
A computer running Windows 2000 Advanced Server

The files in the C:\MOC\Win2153\Labfiles\Module12\ folder

Important The lab does not reflect the real-world environment. It is recommended
that you always use complex passwords for any administrator accounts, and never
create accounts without a password.
Important Outside of the classroom environment, it is strongly advised that you
use the most recent software updates that are necessary. Because this is a class
room environment, we may use software that does not include the latest updates.
Scenario
Northwind Traders is creating an intranet Web site to keep employees up-to-date
about company initiatives and other news. All employees will access most of thi
s Web site. However, parts of the Web site contain information to which only man
agers should have access. An important design objective for the Web site is that
the information on the site be protected from unauthorized access.
Estimated time to complete this lab: 30 minutes
Exercise 1 Creating a Web Site
Scenario
As the network administrator for Northwind Traders, you have been given the resp
onsibility to create an intranet Web site. Another company has designed the cont
ent of the Web site for Northwind Traders. You need to ensure that users in your
company are able to access the content.
Goal
In this exercise, you will create a Web site by using IIS.
Tasks Detailed Steps
1. Stop the Default Web Site. a. Log on as administrator@domain.nwtraders.msft
(where domain is the name of your domain) with a password of password.
b. Open Internet Services Manager from the Administrative Tools
menu.
c. In the console tree, under Internet Information Services, expand server (whe
re server is the name of your computer).
d. Right-click Default Web Site, and then click Stop.
2. Create a new Web site with the name NWTraders Web Site and a Web site home di
rectory of C:\MOC\ Win2153\Labfiles\ a. b. c. Right-click server, point to New
, and then click Web Site. In the Web Site Creation wizard, click Next. On the W
eb Site Description page, in the Description box, type NWTraders Web Site and th
en click Next.
Module12\Web. d. On the IP Address and Port Settings page, verify that the Web
site uses all unassigned IP addresses and TCP port 80, and then click Next.
e. On the Web Site Home Directory page, in the Path box, type C:\MOC\Win2153\La
bfiles\Module12\Web
f. Verify that the Allow anonymous access to this Web site check box is selecte
d, and then click Next.
g. On the Web Site Access Permissions page, verify that the Read and Run script
s check boxes are selected, click Next, and then click Finish.
3. Set home.htm as the default home page for the Web site that you created. a.
b. In Internet Services Manager, in the console tree, right-click NWTraders Web
Site, and then click Properties. Review the information on the Web Site and Hom
e Directory tabs to verify that the information that you entered in the wizard a
ppears.
c. On the Documents tab, click Add.
d. In the Add Default Document dialog box, in the Default Document Name box, ty
pe home.htm and then click OK.
e. Click the arrow button to the left of the default document list until
home.htm is at the top of the list.
Module 12: Configuring a Web Server
Tasks Detailed Steps

3. (continued) f. On the Operators tab, verify that only the Administrators gr

oup is listed as operators.
g. Click OK to close the NWTraders Web Site Properties dialog box.
h. Minimize Internet Information Services.
4. View your Web site s home page. a. b. Click Start, and then click Run. In the
Open box, type http://localhost and then click OK.
c. Internet Explorer displays the Northwind Traders home page. Minimize Interne
t Explorer.
Exercise 2 Configuring Web Site Security
Scenario
Northwind Traders intranet Web site is functional and employees are accessing it.
Management has requested a secure area of the Web site where managers can place
information that only other managers can access. After confidential portions of
the Web site have been secured, all users need to continue to be able to access
information on the Web site without having to enter user names and passwords.
Goal
In this exercise, you will configure Web site security by using several authenti
cation methods.
Tasks Detailed Steps
1. Assign the Log on locally a. Run the C:\MOC\Win2153\Labfiles\Module12\lab12
.cmd command
right to Everyone. file to assign the Logon locally right to the Everyone group
.
2. Configure the Web site for Basic Security, and then access your Web site as n
wtraders.msft\Paul with a password of password. a. b. c. Restore Internet Info
rmation Services. In the console tree, right-click NWTraders Web Site, and then
click Properties. On the Directory Security tab, under Anonymous access and auth
entication control, click Edit.
d. In the Authentication Methods dialog box, clear the Anonymous access and Int
egrated Windows authentication check boxes.
e. Select the Basic authentication check box.
f. In the Internet Service Manager message box, read the warning, and then clic
k Yes.
g. Click OK to close the Authentication Methods dialog box.
h. Click OK to close the NWTraders Web Site Properties dialog box.
i. Restore Internet Explorer.
j. Click the Refresh button.
Internet Explorer prompts you for your network credentials. When anonymous acces
s is disabled, you must provide a valid user name and password to view any page
on the Web site.
k. In the Enter Network Password dialog box, in the User Name box, type nwtrade
rs.msft\Paul
l. In the Password box, type password
m. Verify that the Save this password in your password list check box is not se
lected, and then click OK.
n. Minimize Internet Explorer.
(continued) (continued)
Module 12: Configuring a Web Server
Tasks Detailed Steps
4. Configure the Web site for Integrated Windows Authentication, and then test t
he authentication. a. In Internet Services Manager, right-click Nwtraders Web S
ite, and then click Properties. b. On the Directory Security tab, under Anonymou
s access and authentication control, click Edit. c. In the Authentication Method
s dialog box, select the Integrated Windows authentication check box. d. Clear t
he Basic authentication check box, and then click OK. e. Click OK to close the N
WTraders Web Site Properties dialog box. f. Minimize Internet Information Servic

es. g. Click Start, and then click Run. h. In the Open box, type http://localhos
t and then click OK. Internet Explorer displays the Northwind Traders Web page w
ithout prompting you for your credentials.
Why were you not prompted for your credentials when you accessed the Northwind T
raders Web site?
4. (continued) i. On the Northwind Traders Intranet Web Page, click Click here
for the Northwind Traders Management Web Page. Internet Explorer displays the se
cured Web page without prompting you for your credentials.
Why were you not prompted for your credentials when you accessed the secured Web
page?
4. (continued) j. Close Internet Explorer.
Exercise 3 Restoring Your Configuration
Scenario
After you have tested the Web site for Northwind Traders, you must restore IIS t
o its original configuration.
Goal
In this exercise, you will restore the original Web site settings for your compu
ter.
Review
1.
The computer running Windows 2000 Server in your department stores some product
information and white papers that you want to share with other employees of your
organization. Your organization has a network of computers running Windows 2000
, Windows 98, and the Macintosh operating system. How do you publish the require
d information so that it is accessible to all of the users in your network?
2.
You are about to host a new Web site for your company, and you want users to ref
er to the Web site by using a specific name. How do you enable users to connect
to the Web site by using this name?
3.
You are responsible for your company s intranet Web site that contains gen
eral information and white papers. Your network spans multiple domains, and you
do not have a corporate standard for Web browsers. You must configure IIS to ena
ble all employees of the company to have access to the information. Which access
or authentication method do you use to achieve this?
a.
Anonymous access.
b.
Basic authentication.
c.
Digest authentication.
d.
Integrated Windows authentication.
4.
Your Web page designer created Web pages for your company s Web site. The home pag
e for the Web site is called nwtradershome.htm. You have been assigned the task
of publishing the Web site. How do you ensure that users can access the home pag
e without explicitly specifying the file name nwtradershome.htm?

5.
You want to authenticate all of the users who access the official Web site of yo
ur organization through any Web browser. Which of the following methods of authe
ntication is best suited for your requirements?
a.
Anonymous access.
b.
Basic authentication.
c.
Digest authentication.
d.
Integrated Windows authentication.