A first look at Internet Information Services 7.0

Microsoft made several improvements to IIS with version 7.0. Learn what's changed in the areas of security, troubleshooting, installation and more.

While Microsoft Internet Information Services 6.0 (IIS) was already a very good Web server, the product now has a number of improvements with IIS 7.0. Some of these enhancements are related to security and server management, while others are geared toward Web developers. Let's take a look at some the new features that matter most to network administrators.

Improved management tools

It may seem trivial, but my favorite improvement has got to be the new management tools. If you look at Figure A, you can see that the user interface has been completely redesigned from scratch. One of Microsoft's reasons for doing this was to create a management interface that allows you to manage Internet Information Services and ASP.NET through a single console.

Figure A (click to enlarge)

As with most things in Windows Server 2008, IIS 7.0 has been tied into Windows PowerShell, which means you can perform various management tasks from the command line or through a PowerShell script. Microsoft has also created a new command line tool named APPCMD.EXE that helps automate common management tasks. In doing so, Microsoft has done away with the IIS 6.0-style administration scripts.

Improved troubleshooting

If you have ever tried to troubleshoot a problem with Internet Information Services 6.0, then you know that the troubleshooting process can be difficult, to say the least. Fortunately, Microsoft has finally taken some steps to make the troubleshooting process easier. The log file entries that IIS 7.0 produces are much more detailed than those created by IIS 6.0, and they include more status codes. These improvements should help administrators troubleshoot problems much faster.

Compartmentalized installation

One of the things about Internet Information Services that always bugged me was that it always seemed a bit bloated. Sure, Windows Server 2003 allows you to pick which IIS components you want to install, but many of these components are made of sub-components that cannot be disabled. Granted, IIS isn't that large of an application, but there is something to be said for reducing the potential attack surface of a Web server.

With Internet Information Services 7.0, Microsoft broke down IIS into dozens of modular components, each of which can be individually enabled or disabled. In Figure B, you can see just how granular the installation process has become.

Figure B (click to enlarge)

SSL-encrypted FTP

Although IIS has supported Secure Sockets Layer (SSL) encryption for websites for many years now, for some reason, Microsoft never offered the ability to encrypt FTP traffic. In Internet Information Services 7.0, the company has completely rewritten its FTP server module to bring it up to date. Not only does it now support SSL encryption, but it also makes it easy to create FTP publishing points for Web applications, using either an independent authentication method or authentication via Microsoft Active Directory.

One thing I want to mention about the new FTP publishing service is that it is not actually included with Internet Information Services 7.0 -- although it is considered to be an officially supported IIS 7.0 feature. You can download the FTP publishing service here.

Delegated administration

Another cool new feature is something called delegated administration. The basic idea behind this feature is to make a single IIS server capable of hosting multiple websites. In the past, if admins could administer one website, they could manage every site hosted by the server. Internet Information Services 7.0 allows you to perform delegations so that administrators are limited to managing only specific websites or even individual parts of a website.

Remote administration

Traditionally, if an administrator wanted to manage Internet Information Services, then the tool of choice was usually the IIS Manager console. However, IIS 7.0 contains a new remote management tool called Web Management Services (WMSVC) that you can use to manage the server over the Web by using HTTPS. It is important to keep in mind that Web Management Services is not installed by default. You can find detailed instructions for installing this new component here.

All of these improvements go a long way toward making Internet Information Services 7.0 a lot more secure and easier to manage than IIS 6.0.

You can follow SearchWindowsServer.com on Twitter @WindowsTT.

ABOUT THE AUTHOR
Brien M. Posey, MCSE, is a Microsoft MVP for his work with Windows 2000 Server, Exchange Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. For more information, visit www.brienposey.com.

This was first published in September 2008

Dig deeper on Windows Server and Network Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close