Insufficient data from Andrew Fryer

The place where I page to when my brain is full up of stuff about the Microsoft platform

IIS 7.5 and Windows Server Core

There is so much stuff on Windows7 & 2008 R2 features out there, but not so much on IIS 7.5.  The other reason it slipped off my radar was that reporting services in SQL Server 2008 directly uses http.sys for its portal and there is no longer a need to install IIS at all.  Anyway it’s now time for me to look at this in more detail as part of my series on server core.

Firstly IIS 7.5 like every other new bit of the Microsoft platform has embedded PowerShell support, meaning you can now directly manage  IIS 7.5.  Also you turn on IIS7.5 features using DISM rather than the complexity of the setup in the original server core..

where a basic install would have been

start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel

using DISM the equivalent command is

DISM –online /enable-feature /featurename:IIS-WebServerRole

From there you can then add the extra individual features you need, as from IIS 7 it is a very modular solution. For example to turn on you would use to turn on three features..

DISM –online /enable-feature /featurename:IIS-ISAPI Filter

DISM –online /enable-feature /featurename:IIS-NetFxExtensibility

DISM –online /enable-feature /featurename:IIS-ASPNET

Having done all of this the best approach would then be to remotely manage it from another machine.  Form there you can start use some of the new stuff in IIS 7.5

My top feature would be the best practices analyser.  This is primarily concerned with making sure your configuration is as secure as possible,  e.g.

  • Hiding custom errors from displaying remotely, the more the attacker knows about your site the quickest and easier it is to attack, for example one of mates always rubs his hands with glee when he says the site is talking to Oracle as opposed to SQL (he wouldn’t tell me why though).
  • Ensuring ssl certificates are up to date
  • Ensuring you are using ssl if you have basic authentication set.

For more on this refer to this article in the Windows Server TechCenter

Other new stuff includes

  • Application pre-load, so your application is already running when the user access it. To do this you need to add the following to the applicationHost.config file:

<application path="/myapp" preloadEnabled="true">
<virtualDirectory path="/" physicalPath="c:\inetpub\myapp"/>

and this to the web.config file

<add value="default.aspx"/>

There’s an article here to get you started with this

  • Configuration Log Tracking.  This pulls in all the changes you make and logs them. BTW this is off by default and you need to turn it by going to  “Application and Service Logs->Microsoft->Windows->IIS-Configuration” in event viewer and enable tracing. BTW  IIS generates 4 kinds of events. These are administrative, operational, analytic and debug. Right click on areas in event viewer and select “enable log” for categories you want to enable tracing.
  • The ability to work with multiple versions of the .net framework. While one application might need .net 2 another might need 3.5
  • Built in FTP and WebDAV support.

I could go on and on here, but I would suggest you might want to check up on all the new stuff in IIS 7.5 here, and hopefully try it out by installing the role on a full or server core installation of windows server 2088 R2.  It’s also an opportunity to confuse the web developers you might be working with by understanding their world a little better, and offering to help them deploy their applications more quickly.