A348 Setting Up the IIS Web Server - The Basics

IIS is the Web server for XP and Windows. Web server installation and administration is relatively simple, mainly setting up directories accessible to the Internet.

• Installing IIS - IIS is not normally installed on XP systems. To install:
  1. Insert XP installation CD.
  2. Start | Setting | Control Panel | Add or Remove Programs | Add/Remove Windows Components
  3. Check Internet Information Services (IIS) and click Next. The Windows Components Wizard should start.
  4. When IIS is installed, go through the tests and configuration below this section.

   

• IP address or host name - At IUS, the IP will be dynamically and automatically assigned. All machines are known locally (on themselves) as localhost. IUS machines also have a name assigned that is accessible Internet-wide. To connect to the Web server on the same machine and get the default page, in a browser enter:

http://localhost

To find out what the Internet name or IP of a Windows machine use:

• ipconfig /all

from the command prompt. You should see something like below.
 

C:\ ipconfig /all Windows IP Configuration Host Name . . . . . . . . . : LF111-201.ius.edu DNS Servers . . . . . . . . : 129.79.1.1 198.88.18.1 0 Ethernet adapter : Description . . . . . . . . . : PPP Adapter. Physical Address. . . . . . : 44-45-53-54-00-00 DHCP Enabled. . . . . . . . : Yes IP Address. . . . . . . . . . . : 149.160.29.92 Subnet Mask . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . : 149.160.29.92

The IP is 149.160.29.92 and the Internet name is LF111-201.ius.edu. To connect to the Web server on the LF111-201.ius.edu machine from the Internet and get the default Web page enter from a browser:
 

http://149.160.29.92 http://LF111-201.ius.edu

• Virtual directories - The default location for Microsoft server scripts/pages is C:\InetPub\wwwroot. To use other directories one must define a virtual directory.
• Login with administrator privileges
• Create a directory using Windows Explorer on: C:\A348
• Start | Run | Control | Administrative Tools | Internet Information Services
• Expand local computer, Web Sites, and Default Web Site.
• Right click on Default Web Site.
  • New | Virtual Directory
    • Alias: A348
    • Directory: C:\A348
    • Execute (including scripts) and Browse
• With the virtual A348 directory, an HTML file named C:\A348\guru.htm could be loaded from the local machine by:

http://localhost/A348/guru.htm

• User Account for IIS - Some IIS installations require a user account and sufficient access privileges to update files.
  • Login with administrator privileges
  • Start | Run | Control | Administrative Tools | Computer Management | Local Users and Groups | Users
  • Select Launch IIS Process Account
  • Check User Cannot Change Password and Password Never Expires
  • Select Member Of
    • Enter: Administrators
  • OK each menu

Server program execution

IIS requires that the virtual directory where the server program resides have execute privileges and the Launch IIS Process Account have sufficient privileges.

• Scripts - Server scripts (designated with ASP or ASPX extension) are similar to client scripts but run on the server, sending output to the browser.

  Assume that a directory C:\A348 has been defined as a virtual directory named A348 with execute privileges. Any ASP file placed in the directory can then be executed; a program named test.asp located on directory C:\A348 can then be executed by:

http://localhost/A348/test.asp

• C++ - Any executable file can be a CGI program. Assume that a directory C:\CGI has been defined as a virtual directory named CGI with execute privileges. Any exe file placed in the directory can then be executed; a program named test.exe located on directory C:\CGI can then be executed by:

http://localhost/CGI/test.exe

• Perl - Perl can be used as a CGI or script programming language. It can be freely downloaded from http://www.ActivePerl.com
• IIS - Under Windows 2000/XP, assuming ActivePerl is installed at C:\Perl:

Login with administrator privileges Create a directory using Windows Explorer on: C:\A348 Start | Run | Control  | Administrative Tools | Internet Information Services Expand local computer and Web Sites. Right click on Default Web Site and open the Properties editor. Click on Home Directory tab. Set Local Path to C:\inetpub\wwwroot Click Configuration button. Click App Mappings tab then Add button. Enter: Executeable: C:\Perl\bin\perl.exe %s %s Extension: .pl Click OK to back out of menus.

The Perl program in virtual directory A348 could then be executed without specifying the Perl interpreter by:

http://localhost/A348/test.pl

• Command Prompt - To execute a Perl program with a .pl extension at the command prompt or by clicking on the file icon, the simplest approach is to associate the file extension with the Perl interpreter.

Locate the perl.exe interpreter using Find. It is probably located as Perl\bin\perl.exe Open Windows Explorer and point to the perl.exe file. Tools | Folder Options | File Types Look for a .pl extension in the list of files types, if not found, continue. Click New and enter .pl as the File Extension. Click Change | Other... Locate and click on perl.exe Open | OK | Close

The Perl program in directory C:\A348 could then be executed without specifying the Perl interpreter by:

C:\A348\test.pl

• Warnings - Placing executable files in public directories allow any Internet user access to execute those files on your machine. Be careful what you place in public directories. Test that the programs execute as intended and attempt to defend against common attacks. These will be discussed later in the course.

Adding Secure Access to the Server

The following restricts access to virtual directories by the Integrated Windows Authentication, a secure login method. Only those users or groups explicitly listed will be able to access the directory over the Internet.

Disable Simple File Sharing

Disabling Simple File Sharing is necessary in order to enable the creation of Access Control Lists for shared disks and folders:

1. Click Start | My Computer | Tools | Folder Options | View.
2. Scroll to the bottom of the list of advanced settings and un-check Use Simple File Sharing (Recommended).
3. Click OK.

Create User Accounts

There are a couple of ways to create user accounts, but let's start simply by clicking Start | Control Panel | User Accounts.

You'll see all of the existing accounts on the computer.

Click Create a new account, and enter the new user's name.

Click Next, and choose the account type. This determines (rather simplistically) which group the user will be placed in. There's generally no good reason to grant remote users Computer administrator privileges, so select Limited, and then click Create Account. The new account appears in the User Accounts window.
 

Create Passwords

By default, Windows XP will not permit a network user to access the XP machine using an account set up without a password.

In Control Panel | User Accounts, click the desired account, and then click Create a password. Enter the password, and then enter it again to confirm it. Enter a password hint if you'd like – a user who forgets the password can look at the hint at the logon screen as a memory aid. Then click Create Password to make it take effect.

Define Virtual Drive Access

1. Locate the folder of the virtual drive defined for IIS.
2. Right click | Sharing and Security | Security
3. Add the names of users (or group) that should be given access to the folder. Set the permissions for each user (group).
4. Click Advanced and uncheck the Inherit from parent .... This will restrict access to only those users (groups) explicitly listed.

Define Database Directory Access

The database directory must be accessible by IIS and the program updating the database.

1. Locate the folder of the database.
2. Right click | Sharing and Security | Security
3. Add the names of users (or group) that should be given access to the database folder. Set the permissions for each user (group) to FULL.
4. Add the name of the IIS Guest account, IUSR_machinename and set the permissions to FULL.

Authentication Method

By default IIS allows anyone to access the virtual drive as an anonymous user.

1. Start | Run | Control | Administrative Tools | Internet Information Services
2. Expand local computer, Web Sites, and Default Web Site.
3. Right click on the virtual directory | Properties | Directory Security | Edit 
4. Only Integrated Windows authentication should be checked.