MCSE Fast Track: Internet Information Server 4

Overview

The MCSE TestPrep series is a unique way of preparing for MCSE exams. Each chapter covers a different exam objective. Each objective is further broken down into manageable sections. The information will be presented in a brief, outline format and will include an abundance of tables, figures, screen shots, and lists. Following each section will be a series of review questions, exercises, and answer explanations. Two complete practice exams and a glossary will be located at the ...
See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (14) from $1.99   
  • New (3) from $8.50   
  • Used (11) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$8.50
Seller since 2005

Feedback rating:

(1617)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
New

Ships from: Fort Worth, TX

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$19.98
Seller since 2008

Feedback rating:

(281)

Condition: New
156205936X New item in stock, may show minimal wear from storage. No remainder mark. I ship daily and provide tracking! 100% Money Back Guarantee!

Ships from: FORT MYERS, FL

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$19.98
Seller since 2014

Feedback rating:

(3)

Condition: New
PAPERBACK New 156205936X New item in stock, may show minimal wear from storage. No remainder mark. I ship daily and provide tracking! 100% Money Back Guarantee!

Ships from: LEHIGH ACRES, FL

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Sending request ...

Overview

The MCSE TestPrep series is a unique way of preparing for MCSE exams. Each chapter covers a different exam objective. Each objective is further broken down into manageable sections. The information will be presented in a brief, outline format and will include an abundance of tables, figures, screen shots, and lists. Following each section will be a series of review questions, exercises, and answer explanations. Two complete practice exams and a glossary will be located at the end of the book.
  • Includes only the ESSENTIAL information needed to pass the NEW Internet Information Server 4 exam #70-87 (one of several electives)
  • PRACTICE, PRACTICE, PRACTICE rather than read pages of text everything written in concise chunks
  • Study HUNDREDS of sample test questions as well as practice taking the exam with two complete exams at the back of the book

Developed specifically for advanced-level users, this guide covers Microsoft Internet Information Server (IIS) 4.0 planning, installation, configuration and resource access. With sample test questions and test-taking tips, it reviews integration, application running, monitoring and troubleshooting.

Read More Show Less

Product Details

  • ISBN-13: 9781562059361
  • Publisher: New Riders
  • Publication date: 8/28/1998
  • Series: MCSE Fast Track Series
  • Pages: 333
  • Product dimensions: 5.90 (w) x 8.90 (h) x 0.86 (d)

Read an Excerpt


From Chapter 7: Troubleshooting

Resoloving Security Problems

...Security problems relate to a user or users being unable to utilize the sources you have made available to them or too many users being able to access what only one or two should be able to access. There is an unlimited number of reasons why these things could happen, based on what the resources are and how they are accessed.

Problem Areas

A number of different problem areas are examined below through the presentation of various issues involving server technologies.

In most Web server operations, you want to make the service available to the public, and to as many users as possible. Unfortunately, this can lead to the risk of letting in unwanted traffic, as well. Solutions to solving this problem are: using a firewall to restrict traffic, disabling anonymous usage, and/or moving the Web server service to a port other than its default 80--essentially hiding it from the outside world (discussed in more detail In the section on resolving WWW service problems).

  • Firewalls can be used to restrict incoming traffic to only those services you are choosing to allow in. Additionally, a firewall can be used to prevent all traffic from coming in. If you are attempting to make data available on the Web, consider putting the Web server outside the firewall and allowing traffic to pass to it but to nothing else on your network.
  • Anonymous usage is a staple of most public Web sites. If you do not want to have a public Web site, however, consider disabling the logon. You can configure the Web server to use user authentication to verify that everyone accessing ithas a valid Windows NT user account (and they must give a username and password before being allowed to interact with the server).
  • Secure Sockets Layer (SSL) 3.0 is included with IIS and its use should be mandatory on any site holding sensitive data (such as medical information, credit card information, and so on). SSL allows a secure connection to be established between the browser and the server, and encryption can be used between them.
  • Server Certificates, a part of SSL, can be created (unique digital identifications) to authenticate your Web site to browsers. This is used for public and private key (key pair) interactions of a secure nature.
  • NTFS permissions can be used in conjunction with IIS to secure individual files and directories from those who should not access them. The five permission types are:
    • Change--users can read and modify files, including deleting them and adding new ones to a directory
    • Full Control--the default for the Everyone group--users can modify, move, delete, take ownership, and even change permissions
    • No Access--overrides everything else and gives absolutely no access to the resource
    • Read--as the name implies, users can read the data
    • Special Access--users permissions have been set to something specific by the administrator
Far and away, the No Access permission is the most powerful permission. When it is implemented, the user that has been assigned this permission will have no access to that resource. It does not matter what other permissions have been assigned. The No Access permission will override any other assigned permissions.

Following the Basic Steps in the Access Control Process

Solving most security problems involves using a great deal of common sense (if passwords are used, make them more than one character in length, and so on) and understanding what is taking place. The following steps illustrate the access control process:

1. The Web server receives a request from the browser to perform an operation.

2. The Web server checks to see whether the IP address is permitted. If there are no restrictions on IP address ranges, or the request is coming from a valid range, processing continues.

3. The Web server checks to see whether the user is permitted.

4. The Web server checks to see if its own permissions will allow access.

5. A check is made to see whether the NTFS permissions will allow access.

If any of the steps above falls, the access is denied. If they all succeed, access is granted.

Resolving Resource Access Problems

A user or users who are unable to access a resource identify resource access problems. A lack of appropriate security or the TCP/IP configuration of the host can cause this problem for clients.

Using IPCONFIG to Resolve DHCP Address Problems

When a DHCP client gets an IP that is not configured correctly or if the client doesn't get an IP address at all, IPCONFIG can be used to resolve these problems. If the client gets incorrect IP parameters, it should be apparent from the results of IPCONFIG /all. You should be able to see that some of the parameters don't match the IP address or that sonic parameters are completely blank. For example, you could have the wrong default gateway (in which case the entry would not appear), or th client might not be configured to be a WINS client.

When a DHCP client fails to receive an address, the results of IPCONFIG /all are different. In this case, the client has an IP address of 0.0.0.0--an invalid address-and the DHCP server is 255.255.255.255--a broadcast address.

To fix this problem, you can release the incorrect address with IPCONFIG /release and then try to obtain a new IP address with IPCONFIG /renew. The IPCONFIG /renew command sends out a new request for a DHCP address. If a DHCP server is available, the server responds with the lease of an IP address. If there is no response, it sends a request for a new one.

In many cases, the DHCP client will acquire the same address after releasing and renewing. That the client receives the same address indicates the same DHCP server responded to the renewal request and gave out the address that had just been released back into the pool of available addresses. If you need to renew an address because the parameters of the scope are incorrect, you must fix the parameters in DHCP configuration before releasing and renewing the address. Otherwise, the client could receive the same address again with the same incorrect parameters.

Diagnosing and Resolving Name Resolution Problems

Name resolution problems are easily identified as such with the PING utility. If you can ping a host using its IP address but cannot ping it by its host name, you have a resolution problem. If you cannot ping the host at all, the problem lies elsewhere.

Problems that can occur with name resolution and their solutions fit into the following categories:

  • The entry is misspelled. Examine the HOSTS or LMHOSTS file to verify that the host name is correctly spelled. If you are using the HOSTS file on a system prior to Windows NT 4.0, capitalization is important because this file is case sensitive, whereas LMHOSTS is not case sensitive (regardless of the Windows NT version number).
  • Comment characters prevent the entry from being read. Verify that a pound sign is not at the beginning of the line (with the exception of entries such as #PRE and #DOM in LMHOSTS only), or anywhere on the line prior to the host name.
  • There are duplicate entries in the file. Because the files are read in linear fashion, with any duplication, only the first entry is read and all others are ignored. Verify that all host names are unique.
  • A host other than the one you want is contacted. Verify that the IP address entered in the file(s) is valid and corresponds to the host name...
Read More Show Less

Table of Contents

MCSE Fast Track: Internet Information Server 4

Part I  - What's Important to Know About Exam 70-087

  • Chapter 1 - Planning
    • Choosing a Security Strategy
    • Understanding Implementation Strategies
    • Choosing Appropriate Technologies
    • What Is Important to Know
  • Chapter 2 - Installation and Configuration
    • Installing IIS
    • Configuring IIS to Support the FTP Service
    • Configuring IIS to Support the WWW Service
    • Configuring and Saving Consoles by Using Microsoft Management Console
    • Verifying Server Settings by Accessing the Metabase
    • Choosing the Appropriate Administration Method
    • Customizing the Installation of Microsoft Site Server Express Analysis Content Analyzer
    • Customizing the Installation of Microsoft Site Server Analysis Report Writer and Usage Import
    • What Is Important to Know
  • Chapter 3 - Configuring and Managing Resource Access
    • Creating and Sharing Directories
    • Creating and Sharing Virtual Directories
    • Creating and Sharing Virtual Servers
    • Writing Scripts for Service Management
    • Using Content Analyzer
    • Configuring SMTP
    • Configuring NNTP
    • Configuring Certificate Server
    • Configuring Index Server
    • Managing MIME Types
    • Managing the FTP Service
    • Managing the WWW Service
    • What Is Important to Know
  • Chapter 4 - Integration and Interoperability
    • Configuring IIS to Connect to a Database
    • Configuring Integration with Index Server
    • What Is Important to Know
  • Chapter 5 - Running Applications
    • Configuring IIS to Support Server-Side Scripting
    • Configuring IIS to Run ISAPI Applications
    • Configuring ADO Support
    • What Is Important to Know
  • Chapter 6 - Monitoring and Optimization
    • Maintaining IIS 4.0 Logs
    • Monitoring Performance of Various Functions Using Performance Monitor
    • Analyzing Performance
    • Optimizing the Performance of IIS
    • Optimizing the Performance of Index Server
    • Optimizing the Performance of Microsoft SMTP Service
    • Optimizing Performance of Microsoft NNTP Service
    • Optimizing a Web Site Using Content Analyzer
    • What Is Important to Know
  • Chapter 7 - Troubleshooting
    • Resolving IIS Configuration Problems
    • Resolving Security Problems
    • Resolving Resource Access Problems
    • Resolving Index Server Probl ems
    • Other Index Server Issues
    • Resolving Setup Issues When Installing IIS on a Windows NT Server 4.0 Computer
    • Use a WebMap To Find and Repair Broken Links, Hyperlink Texts, Headings, and Titles
    • Resolving WWW Service Problems
    • Resolving FTP Service Problems
    • What Is Important to Know
    • Objective Review Notes

Part II  - Inside Exam  70-087

  • Chapter 8 - Fast Facts Review
    • What to Study
  • Chapter 9 - Insider's Spin on Exam 70-087
    • Get into Microsoft's Mindset
    • Understand the Time Frame of the Exam
    • Get Used to Answering Questions Quickly
    • Become Acquainted with All the Resources Available to You
    • Where the Questions Come From
    • Different Flavors of Questions
    • In the Future
  • Chapter 10 - Sample Test Questions
    • Questions
    • Answers and Explanations
  • Chapter 11 - Hotlist of Exam-Critical Concepts
  • Chapter 12 - Did You Know?
  • Index
Read More Show Less

First Chapter

[Figures are not included in this sample chapter]

MCSE Fast Track: Internet Information Server 4
- 3 -
Configuring and Managing Resource Access

OBJECTIVES

Create and share directories with appropriate permissions. Tasks include:

  • Setting directory-level permissions
  • Setting file-level permission

Create and share local and remote virtual directories with appropriate permissions.Tasks include:

  • Creating a virtual directory and assigning an alias
  • Setting directory-level permissions
  • Setting file-level permissions

Create and share virtual servers with appropriate permissions. Tasks include:

  • Assigning IP addresses

Write scripts to manage the FTP service or the WWW service

Manage a Web site by using Content Analyzer. Tasks include:

  • Creating, customizing, and navigating WebMaps
  • Examining a Web site by using the various reports provided by Content Analyzer
  • Tracking links by using a WebMap

Configure Microsoft SMTP Service to host personal mailboxes

Configure Microsoft NNTP Service to host a newsgroup

Configure Certificate Server to issue certificates

Configure Index Server to index a Web site

Manage MIME types

Manage the FTP service

Manage the WWW service

CREATING AND SHARING DIRECTORIES

To create and share a new WWW or FTP directory, start the Internet Service Managerand select the server on which you want to create the directory. After that, followthe steps outlined here:

1. Right-click and select New. This brings up the choice of creating an FTP or WWW site. Make the appropriate selection and the corresponding wizard starts. (WWW is used for the rest of this discussion.)

2. Enter the Web site description and select Next.

3. Select or verify the IP address to use.

4. The TCP port defaults to 80. This is the default used for all WWW services. If you want to offer the service but hide it from most browsers, choose another port.

5. If SSL is to be used, enter the appropriate port for it (the default is 443), and click Next.

6. Enter the path for what will appear as the home directory (you can also use the Browse button to specify).

7. By default, the check box appears allowing Anonymous Access to This Web Site (see Figure 3.1). If you do not want anonymous access, remove the check. Choose Next.

FIGURE 3.1 Selecting the home directory path and whether anonymous access is allowed.
8. Select the access permissions for the directory. Choices include:
  • Allow Read Access--assigned by default
  • Allow Script Access- -assigned by default
  • Allow Execute Access--which includes Script access
  • Allow Write Access--allows files to be written here
  • Allow Directory Browsing--allows directories to be seen and changed

9. Choose Finish.

Choosing the Access Rights

The five rights that you can select for IIS access work in conjunction with allother rights. Like share rights, the IIS rights are in addition to NTFS rights,and of greatest value when you are using anonymous access. Allowing Read access letsusers view a file if their NTFS permissions also allow this. Taking away Read, however,prevents the user from viewing the file regardless of what NTFS permissions are set.

At A Glance: Access Rights

Permission Needed for
Execute Allows for CGI and ISAPI scripts to execute
Script Sufficient for IDC, IDQ, and ASP

NOTE: As listed previously, the names of the rights are pretty self-explanatory as to what they offer. The only caveats to note are that Read and Script access are assigned by default, and Execute is a superset of Script access.

Changing Permissions and Access for Directories

Afte r the wizard has been run and the directory is configured for site access,you can change permissions and access for individual directories by selecting thedirectory in Internet Service Manager, right-clicking, and choosing Properties.

Figure 3.2 shows the properties for a directory. Notice that access permissionshave now been set to read and write, or any combination thereof, and permissionsare now None, Script, or Execute (which includes Script).

Click the Directory Security tab of the directory's properties and you will seethat you have three items you can configure:

  • Anonymous Access and Authentication Control
  • Secure Communications
  • IP Address and Domain Name Restrictions

The latter two are discussed later in this chapter in the section "DirectorySecurity Tab." Selecting Edit on the Enabling Anonymous Access portion opensthe screen shown in Figure 3.3. From here, you can choose to allow or disallow anonymousaccess, and (by choosing Edit) the name of the anonymous access account (which defaultsto IUSR_computername).

FIGURE 3.2 The properties for a WWW directory.

FIGURE 3.3 The Authentication Methods dialog box for the WWW anonymous user.

Changing Permissions and Access for Files

You can also control the permissions for specific files in a similar manner. First,select the file and choose its properties. A screen similar to Figure 3.4 appears.Choosing the File Security tab, you can set the same options for the file as wereillustrated in Figure 3.3 for the directory.

FIGURE 3.4 The properties for a WW W file.

CREATING AND SHARING VIRTUAL DIRECTORIES

As the name implies, virtual directories are entities that do not exist, but giveyou the ability to reference relative file locations to make it appear as if theyare in a directory. In so doing, you can get around issues such as disk space, anddetermining where best to store files. The biggest disadvantage to using virtualdirectories, however, is a slight decrease in performance because files must be retrievedfrom the LAN, rather than being centralized if the virtual directories are on differentservers (they need not be). The only other downside is that virtual directories arenot visible in directory listings and must be accessed through explicit links withinHTML files, or by typing in the complete URL in the browser; for example, http://www.microsoft.com/iis.

Virtual directories must exist on servers that all reside within the same NT domainand within the domain in which the IIS server resides. Aside from this restriction,the directories can be either local or remote.

If you choose to create the virtual directory on a local computer, the InternetService Manager can be used to assign an alias to it. To do so, follow these steps:

1. Start the Internet Service Manager from the Programs portion of the Start menu.

2. Open a Web site, right-click the left pane, and choose New.

3. Select Virtual Directory (as shown in Figure 3.5). This starts the New Virtual Directory Wizard.

FIGURE 3.5 Select Virtual Directory from the New menu.

4. Enter an al ias to be used for the virtual directory name, and click Next (as shown if Figure 3.6).

FIGURE 3.6 Enter an alias to be used for the virtual directory.
5. Enter the physical path to the virtual directory as shown in Figure 3.7 (you can also select the Browse button), and click Next.
FIGURE 3.7 Enter the physical path for the virtual directory to use.
6. Select the access permissions for the virtual directory. Choices include:
  • Allow Read Access
  • Allow Script Access
  • Allow Execute Access
  • Allow Write Access
  • Allow Directory Browsing

The choices, and defaults, are shown in Figure 3.8.
FIGURE 3.8 Selecting Access rights for the new virtual directory.
7. Select Finish.

After the wizard has been run and the virtual directory is configured for siteaccess, you can change permissions and access for individual directories or filesby selecting the directory/file in Internet Service Manager, right-clicking, andchoosing Properties.

CREATING AND SHARING VIRTUAL SERVERS

The major benefit of virtual servers is that they allow you to expand your sitebeyond the limitations of a single site per server. You can combine a number of differentsites (domain names) on a single server through the implementation of virtual servers.

Also known as multihomed hosts, multihomed servers, or just plain multihoming, vvirtual servers allow one host to respond to requests for the following totally differententries:

http://www.synergy.com

http://www.synergy_technology.com

and

http://www.st.com

All the previous domain names are Fully Qualified Domain Names (FQDNs). FQDNsare explained fully in MCSE Inside Track: TCP/IP from New Riders Publishing.

Assigning an IP Address

Each site is specified by a unique IP address, and the absence of a unique IPaddress makes the site visible to all virtual servers.

Creating a Virtual Server

To create a virtual server, you must first have created a directory to publish(local or virtual). Then, follow these steps:

1. Start Internet Service Manager.

2. From the Action menu, select New, and then Web Site (see Figure 3.9).

FIGURE 3.9 Creating a virtual server begins with choosing to create a new site.
3. Enter an IP address to use for the site and the TCP port, as shown in Figure 3.10. Click Next.
FIGURE 3.10 Enter the IP address and port for the virtual server.
4. Enter the path for the home directory and whether anonymous access is allowed. Click Next.
5. Configure the appropriate rights, and click Finish.

Permissions for directories and sites on virtual servers can be configured thesame as in the previous sections.

WRITING SCRIPTS FOR SERVICE MANAGEMENT

New to IIS 4.0 is the Microsoft Script Debugger. It can be used to d ebug scriptswritten in JScript, Visual Basic Scripting Edition (VBScript), and a number of otherlanguages. If you know one of these languages, you can simply manage administrativetasks by writing scripts to manage your services (FTP or WWW).

Management tasks to automate should include the inspection of log files (describedin "Managing the FTP Service" and "Managing the WWW Service").The log files can be examined for statistical information such as the number of hits,errors, and so on.

USING CONTENT ANALYZER

The Content Analyzer is a new method of managing your Web site in a simplifiedmanner. It will let you create WebMaps, as shown in Figure 3.11, that let you seea graphical representation of your entire site.

The graphical representation includes all HTML pages, audio and video files, graphicimages, and links to other services. The left side of the WebMap display (shown inFigure 3.11) is a tree view of the site, and the right pane shows Cyberbolic view.You can choose to see either of the two, or both, whichever is most convenient foryou.

FIGURE 3.11 The WebMap view available in Content Analyzer.

In addition to the graphical representation, Content Analyzer can be used to createa set of links to your site in a report that you can use for troubleshooting. Youcan also save the maps of your site (to a database, spreadsheet, or HTML file) forcomparison at later points in time to see what has changed as time has progressed.

CONFIGURING SMTP

SMTP, an acronym for Simple Mail Transfer Protocol, enables you to send mail toothers on your network as well as to the Internet. The SMTP Site prope rty sheet isused to set the basic connection parameters such as the port to use (default portis 25), number of simultaneous connections (default is 1000), and length of inactivitybefore disconnect (default is 60 seconds).


NOTE: A more popular use for the SMTP service is to link its capabilities to a Web page. In other words, if you have a Web site that requires some type of response by the visitor, you can provide a resource for him to use to send you email, without needing a mail client on his end. So, you've given the visitor the power to email you something without requiring him to have an email client such as Outlook installed on their machine.

Regardless of its size, each site has only one Microsoft SMTP site for the service.You cannot create additional sites or delete existing ones. To display the SMTP propertysheets, follow these steps:

1. Expand the SMTP tree in Internet Service Manager.

2. Highlight and right-click the SMTP site and choose Properties.
Five tabs are displayed, as follows:

  • The SMTP Site tab enables you to determine how this server connects to, sends, and receives messages with other servers.

  • The Operators tab enables you to determine which groups have operator status.
  • The Messages tab lets you configure limits on message size and decide what to do with undeliverable mail; you can also specify a maximum number of recipients who can receive a single message (the default is 100).
  • The Delivery tab specifies how many messages should be sent per connections, the route to use, and so on.
  • The Directory Security tab lets you specify other servers to accept only or restrict only.

CONFIGURING NNTP

NNTP, an acronym for Network News Transport Protocol, enables you to configurea server for clients to read newsgroups. The Microsoft NNTP Service included withIIS 4.0 is the server side of the operation, whereas Microsoft Internet Mail andNews is a common client (now being replaced in the market by Outlook Express).

The default port for NNTP is 119, although this changes to 563 if SSL is used.When the client connects to the service, it requests a list of available newsgroups.The NNTP service authenticates the user, and then sends the list of newsgroups.

The client picks a newsgroup to view, and requests the list of articles. Authenticationtakes place again by the NNTP service, and then the list of articles is sent. Theclient then picks articles she wants to see, and the NNTP Service sends them.

Posting Articles

Posting articles works in a similar fashion: NNTP verifies that the client isallowed to post to the newsgroup, and then takes the article, adds it to the newsgroup,and updates the index.

Every newsgroup has its own directory (with the same name as the newsgroup), andevery article is stored as a separate file within that directory (with an .NWS extension).By default, %SystemRoot%\Inetpub\nntproot is the main directory.

Creating a New Newsgroup

When you create a new newsgroup (through the Groups property sheet of InternetServi ce Manager), NNTP automatically creates the new directory. Within the newsgroupdirectory, indexes are also stored. They have an extension of .XIX, and one is createdfor every 128 articles.

The NNTP service starts automatically when the NT Server starts but can be paused,stopped, or started from the Services icon of the Control Panel (where it appearsas Microsoft NNTP Service). It, like other IIS-related services, can also be paused,stopped, or started from the Microsoft Management Console.

CONFIGURING CERTIFICATE SERVER

Microsoft Certificate Server enables you to generate, create, and use keys fordigital authentication. To use, you must first obtain an industry- recognized servercertificate (generated with Key Manager) from a certificate authority. The followingis a listing of the Web sites of several certificate authorities within the UnitedStates:

Certificate Authorities Web Site
BankGate http://www.bankgate.com
GTE CyberTrust http://www.cybertrust.gte.com
Thawte Consulting http://www.thawte.com
VeriSign http://www.verisign.com

NOTE: You can generate a certificate with Certificate Server without getting certified by an agency, but they aren't considered valid.

After you've created a certificate or a certificate authority has issued you avalid certificate, use Key Manager to activate the certificate.

CONFIGURING INDEX SERVER

Index Server is configured based on the size of the site and the number of documentsit contains. Four items should be taken into consideration when configuring IndexServer:

  • Number of documents in the corpus
  • Size of the corpus
  • Rate of search requests arriving at the server
  • Complexity of queries

Increasing the amount of memory and going with the fastest CPU available willincrease Index Server performance. The disk space needed for the data is always roughly40% the size of the corpus.

Index Server can be used to index multiple servers by sharing a folder on theremote volume and creating a virtual directory on the indexing server. The biggestdifficulty in doing this is maintaining link integrity.

MANAGING MIME TYPES

MIME is an acronym for Multipurpose Internet Mail Extension, and is usedto define the type of file sent to the browser based on the extension. If your serveris supplying files in multiple formats, it must have a MIME mapping for each filetype or browsers will most likely be unable to retrieve the file.

MIME mappings for IIS 4.0 are different than they were in previous versions. Themappings are kept in the Registry under KEY_LOCAL_MACHINE\SOFTWAR E\Classes\MIME\Databases\Content Type, and can be viewed, edited, or new ones added by using REGEDIT or REGEDT32.Figure 3.12 shows an example of the MIME mapping for text files in REGEDT32.exe.

FIGURE 3.12 The MIME mapping for text files.

These mappings occur whether IIS is installed or not. It appears to be a Windowscommon registry of MIME types.

If you are not comfortable with editing the Registry directly (and you probablyshould not be), you can also add entries to the Registry through the HTTP Headerstab of any directory or virtual directory. The File Types button at the bottom ofthe properties page enables you to enter MIME Maps in a much simpler way than editingthe Registry. The button is shown in Figure 3.13.

FIGURE 3.13 The MIME Map option appears on the HTTP Headers tab.

Selecting the Add button enables you to specify new MIME types by giving the associatedextension and the content type as shown in Figure 3.14.

FIGURE 3.14 The MIME Map option allows you to specify file type extensions and content type.

MANAGING THE FTP SERVICE

Once installed and running, the FTP service can be managed through two main utilities:

  • The Services icon of the Control Panel
  • Internet Service Manager

Using the Control Panel Method

The first utility of note is the Services icon in the Control Panel. From here,you can start, pause, or stop the FTP Publishing Service, as well as configure itfor startup in three ways:

  • Automatic (the default)--the service is started when all of IIS star ts
  • Manual--requires interaction from the administrator to actively start it
  • Disabled--it does not start at all

Once started, the service can be stopped or paused (as well as started again aftereither of the other two). When the service is stopped, it is unloaded, whereas whenit is paused, it remains loaded with the intention of it being restarted again.

FTP Site Options with Internet Service Manager

From the Internet Service Manager, you can select your FTP site and choose tostop, pause, or start the site by right-clicking it. You can also manage all propertiesof the site from here, as shown in Figure 3.15.

FIGURE 3.15 The Properties sheets for an FTP site.

There are five tabs to the properties, each containing specific information onthe Web site. Each tab is discussed in the paragraphs that follow in the order thatthey appear by default.

FTP Site Tab

The FTP Site tab enables you to change the description (name) of the FTP site,the IP address, and the TCP port. As has been pointed out before, port 21 is thedefault TCP port, but changing it to another value allows the site to become "hidden."Additional settings on this tab enable you to specify a number of seconds for a connectiontimeout, limit the number of connections allowed (if bandwidth is an issue; the defaultis limited to 1,000 connections), and enable logging. By default, the logs are writtento %SystemRoot%\System32\Logfiles.

You can choose for the log files to be created in a number of different time periods.The way in which you choose for them to be created governs the name of the log filescreated (which al ways consist of some combination of variables). The following summarizesthe log files:

Log Time Period Log File Name
Daily inyymmdd.log
Weekly inyymmww.log
Monthly inyymm.log
Unlimited File Size inetsv#.log
When File Size Reaches...(19MB is the default, but
another MB can be specified)
inetsv#.log

Security Accounts Tab

The Security Accounts tab is where you can allow or disallow anonymous accessand define which Windows NT user accounts have operator privileges. You can alsochoose to allow only anonymous connections and enable automatic password synchronization.

At A Glance: Anonymous Only Access

Access Steps Required Note
Anonymous only 2 You cannot configure only anonymous access until you have first enabled anonymous access

Messages Tab

The Messages tab allows you to specify a message to be displayed when users accessthe site. This can be done in three ways:

  • Upon welcome
  • Upon exit
  • Upon there being too many users (maximum connections reached)

Home Directory Tab

The Home Directory tab lets you specify a home directory in either of two ways:

  • On this computer (the default)
  • As a share on another computer

If you are specifying a directory on this computer, you must give the path. Ifyou are specifying a share on another computer, you must give the UNC path (\\server\share).In either scenario, you then assign permissions for that directory of Read and/orWrite, and choose whether you want to log access. You also must specify whether directorylistings should appear in UNIX style or MS-DOS style. UNIX should be chosen in mostimplementations for maximum compatibility.

Directory Security Tab

The Directory Security tab allows you to configure IP address and Domain Namerestrictions. When configuring, you have two choices:

  • Specify all addresses that are prohibited
  • Specify all addresses that are allowed access

Recall that the three ways to enter addresses are as a single computer (by IPaddress), a group of computers (by IP address), or by domain name. Refer to Chapter1, "Planning," for more information about entering addresses.

MANAGING THE WWW SERVICE

Once installed and running, the WWW service can be managed through two main utilities:the Services icon of the Control Panel and the Internet Service Manager. Each ofthese utilities is discussed in the following sections.

Using the Control Panel Method

The first utility of note is the Services icon in the Control Panel. From here,you can start, pause, or stop the World Wide Web Publishing Service, or configureit for startup in three ways:

  • Automatic (the default)--the service is started when all of IIS starts
  • Manual--requires interaction from the administrator to actively start it
  • Disabled--it does not start at all

Using the Internet Service Manager

From the Internet Service Manager, you can select your Web site (or any Web siteif you have multiples) and choose to stop, pause, or start the site by right-clickingit.

You can also manage all properties of the site from here, as shown in Figure 3.16.

FIGURE 3.16 The Properties sheets for a Web site.

There are nine tabs to the properties, each containing specific information ofthe Web site. In order of how they appear by default, each tab is discussed in theparagraphs that follow.

Web Site Tab

The Web Site tab enables you to change the description (name) of the Web site,the IP address, and the TCP port. As has been pointed out be fore, port 80 is thedefault TCP port, but changing it to another value allows the site to become "hidden."This is useful in a situation where you want to create an intranet and avoid trafficfrom the Internet. The Advanced tab will allow you to assign multiple identitiesfor the Web site. Additional settings on this tab enable you to configure the SSLport, limit the number of connections allowed (if bandwidth is an issue; the defaultis unlimited), and enable logging. By default, the logs are written to:

%SystemRoot%\System32\Logfiles

You can choose for the log files to be created in a number of different time periods,identical for those already presented for FTP. The way in which you choose for themto be created governs the name of the log files created (which always consist ofsome combination of variables).

Operators Tab

The Operators tab simply allows you to define which Windows NT user accounts haveoperator privileges.

Performance Tab

The Performance tab allows you to tune the Web site according to the number ofhits you expect each day. There are three settings:

  • Fewer than 10,000
  • Fewer than 100,000 (the default)
  • More than 100,000

You can also enable bandwidth throttling from the Performance tab to prevent theentire network from being slow to service the Web site. By default, bandwidth throttlingis not enabled. Finally, on the Performance tab you can configure HTTP keep-alivesto be enabled. This maintains the open connection and uses it for the next account,rather than having to create a new connection each time a user accesses the site.

ISAPI Filters Tab

The ISAPI Filters tab enables you to add or remove filters for the site. ISAPIfilters are discussed in great detail in Chapter 5, "Running Applications."

Home Directory Tab

The Home Directory tab lets you specify a home directory in three ways:

  • On this computer (the default)
  • As a share on another computer
  • As an URL to be redirected to

If you are specifying a directory on this computer, you must give the path. Ifyou are specifying a share on another computer, you must give the UNC path (\\computername\sharename).In either scenario, you then assign permissions for that directory. If you go withthe third option and redirect the home directory to an URL, you must specify theURL and choose how the client will be sent. You can send the client as:

  • The exact URL you enter
  • A directory below the URL you enter
  • A permanent redirection for the resource

Documents Tab

The Documents tab enables you to define the default documents to display if aspecific document is not specified in the URL request.

Directory Security Tab

The Directory Security tab enables you to configure Anonymous Access and authentication,as well as Secure Communications and IP address and Domain Name restrictions. Whenconfiguring the latter, you have two choices:

  • Specify all addresses that are prohibited
  • Specify all addresses that are allowed access

The three ways to enter addresses are as a single computer (by IP address), agroup of computers (by IP address), or by domain name.

HTTP Headers Tab

The HTTP Headers tab enables you to specify an ex piration time for your content(the default is none), set custom headers, assign a rating to your content (to alertparents of pornography, and so on), and configure MIME maps (see the section "ManagingMIME Types").

Custom Errors Tab

The last tab, Custom Errors, enables you to configure the error message returnedto the user when an event occurs. For example, error 400 is, by default, a Bad Request,and the file 400.htm is used to return the message 404 is Not Found, andso on.

WHAT IS IMPORTANT TO KNOW

The following bullets summarize the chapter and accentuate the key concepts tomemorize for the exam:

  • The Microsoft Management Console is the primary utility used for most tasks. Accessed by choosing Internet Service Manager from the Programs menu, it is used for almost everything, including creating and sharing new directories or virtual directories, or servers.
  • Access permissions for directories include:
  • Allow Read Access
  • Allow Script Access
  • Allow Execute Access
  • Allow Write Access
  • Allow Directory Browsing
  • The five rights that you can select for IIS access work in conjunction with all other rights. Like share rights, the IIS rights are in addition to NTFS rights, and of greatest value when you are using anonymous access. Allowing Read access lets a user view a file if her NTFS permissions also allowed such. Taking away Read, however, prevents the user from viewing the file regardless of what NTFS may do.
  • Read and Script access are assigned by default, and Execute is a sup erset of Script access.
  • With virtual directories, you can get around issues such as disk space, determining where best to store files, and so on.
  • There are two downfalls to using virtual directories:
    1. A slight decrease in performance as files must be retrieved from the LAN, rather than being centralized.

    2. Virtual directories do not show up in WWW listings, and must be accessed through explicit links within HTML files, or by typing the complete URL in the browser; for example, http://www.microsoft.com/ii 

  • You should also have a scripts directory under every virtual home directory to handle the executables there.
  • The Internet Service Manager (HTML) can let you manage the FTP and WWW service remotely (WWW must first be running in order to use).
  • Remotely, you can do almost everything you can locally with the exception of making MIME Registry changes or stopping and starting services (if you stopped WWW, you would be disconnected).
  • MIME is used to define the type of file sent to the browser based on the extension. If your server is supplying files in multiple formats, it must have a MIME mapping for each file type or browsers will most likely be unable to retrieve the file. Mappings can be added or changed with REGEDIT or REGEDT32.
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)