CHAPTER 3

Configuring and Managing Internet Information Server

Internet Information Server provides a graphical administration tool called Internet Service Manager that you can use to monitor, configure, and control the Internet services.

Internet Service Manager is the central location from which you can control all of the computers running Internet Information Server in your organization. You can run Internet Service Manager on any computer that is running Windows NT Workstation or Windows NT Server and that is connected through the network to your Web server. With remote administration you can administer your Web servers from the server computer itself, from a management workstation on the corporate local area network (LAN), or even over the Internet.

Internet Service Manager uses the Windows NT security model, so only validated administrators are allowed to administer services, and administrator passwords are transmitted in encrypted form over the network.

In addition to Internet Service Manager, Internet Information Server provides an HTML-based Internet Service Manager that you can run from any Web browser. You can perform the same administration tasks by using either version of Internet Service Manager. In this guide, any reference to Internet Service Manager refers to both versions of the tool unless otherwise noted.

This chapter tells you how to:

Use Internet Service Manager to view and configure the WWW, FTP, and gopher services.
Start, stop, and pause services.
Sort the services view.
Use Internet Service Manager property sheets to configure the Internet services.
Limit network use by constraining the network bandwidth allowed for the Internet services.
Use other Windows NT tools to configure Internet Information Server.

Microsoft Internet Service Manager

Internet Service Manager helps you configure and monitor all the Internet services running on the Windows NT–based computers in your network.

Connecting to a Web Server

You can administer any Internet Information Server on your network by connecting to it in Internet Service Manager. You can specify a Web server by typing the computer’s Domain Name System (DNS) host name, its Internet Protocol (IP) address, or its NetBIOS name (or computer name).

You can also find all the computers on your network that are running Internet Information Server.

To connect to a Web server

Properties

Connect to Server

2. In the Server Name box, type the Web server’s host name, IP address, or NetBIOS name.

To connect by selecting a Web server from a list

Properties

Find All Servers

2. From the list of servers displayed, double-click the one you want to connect to.

Selecting a View

Internet Service Manager displays a graphical view of the services running on your servers. You can view a complete report, or you can sort information by the service type or by computer name. Views enable you to tell at a glance which services are running. You can also display or hide services and sort services by their state (running, paused, or stopped).

To select a view

From the View menu, choose Servers View, Services View, or Report View. Views are described in the following sections.

To sort information in a view

From the View menu, choose Sort by Server, Sort by Service, Sort by Comment, or Sort by State. For example, you should sort by state to quickly see which services are currently running.

To display or hide services

From the View menu, choose the service that you want to display or hide (FTP, gopher, or WWW).

Report View

Report view is the default view. Report view alphabetically lists the selected computers, with each installed service shown on a separate line. Click the column headings to sort the entire list alphabetically. Report view is probably most useful for sites with only one or two computers running Internet Information Server.

Note If you are running other Internet services, such as Network News Transfer Protocol (NNTP) and Simple Mail Transfer Protocol (SMTP), they will be listed in the Report view of Internet Server Manager, along with the WWW, FTP, and gopher services.

The following illustration lists the functions of the buttons and icons in Internet Service Manager; you can also use the Properties and View drop-down menus for the same functions.

[03_i255b 7726 bytes ]

Connect to servers and view property sheets

2 Finds all Web servers on the network.

3 Displays property sheets to configure the selected service.

Start, stop, or pause a service

5 Stops the selected service.

6 Pauses the selected service.

Select which services should be displayed

8 Displays the gopher service in the Internet Service Manager main window.

9 Displays the WWW service in the Internet Service Manager main window.

Start Key Manager to create a Security Sockets Layer key

10 Displays the Key Manager window.

Make any necessary adjustments to services

12 Displays the property sheets for a service when you double-click it.

13 Displays server and service status.

Servers View

Servers view displays services running on network computers by computer name. Click the plus symbol next to a computer name to see which services that computer is running. Double-click a service name to see its property sheets. Servers view is most useful for sites running multiple Web servers when you need to know the status of the services installed on a specific computer.

Services View

Services view lists the services on every selected computer, grouped by service name. Click the plus symbol next to a service name to see the computers running that service. Double-click the computer name under a service to see the property sheets for the service running on that computer. Services view is most useful for sites with widely distributed Web servers when you need to know which computers are running a particular service.

Starting, Stopping, and Pausing Services

You can quickly start, stop, or pause a service from Internet Service Manager.

To start, stop, or pause a service

2. From the Properties menu, choose Start Service, Stop Service, or Pause Service.

Configuring and Managing Services

You can configure and manage the WWW, FTP, and gopher services by using Internet Service Manager. The following information focuses on the WWW service, the most commonly used service.

In Internet Service Manager, double-click a computer name or a service name to display its property sheets. Click the tab at the top of each property sheet to display the properties for that category. After setting the properties for the service, click OK to return to the main Internet Service Manager window. Detailed information about each property sheet is included in later chapters on security, directories, and logging.

Note In special circumstances, you may need to use Registry Editor (Regedt32.exe) to configure Internet Information Server or Windows NT Server. See Chapter 10, “Configuring Registry Entries,” for information on registry entries and when you need to use them.

The Service Property Sheet

You use the Service property sheet to control what kind of authentication is required to gain access to your Web site and to specify the account used for anonymous client requests to log on to the server. Most Internet sites allow anonymous logons. See Chapter 5, “Securing Your Site Against Intruders,” for more information.

The Directories Property Sheet

You use the Directories property sheet to specify which directories (folders) are available to users and to create a Web site composed of folders that reside on different computers. You can also designate a default document that appears if a remote user does not specify a particular file, or instead enable directory browsing. Directory browsing means that the user is presented with a hypertext listing of the directories and files so that the user can navigate through your directory structure. For more detailed information, see Chapter 6, “Planning Your Content Directories.”

The Logging Property Sheet

You use the Logging property sheet to log service activity. Logging provides valuable information about how a Web server is used. You can send log data to text files or to an Open Database Connectivity (ODBC)–supported database. If you have multiple Web servers or services on a network, you can log all their activity to a single database on any network computer.

By using the Logging property sheet, you can also select the format you want for logging, either Standard format or National Center for Supercomputing (NCSA) Common Log File format.

See Chapter 7, “Logging Server Activity,” for more information.

The Advanced Property Sheet

You use the Advanced property sheet to prevent certain individuals or groups from gaining access to your Web site. You control access by specifying the IP address of the computers to be granted or denied access. For more information, see Chapter 5, “Securing Your Site Against Intruders.”

You can also set the maximum network bandwidth for outbound traffic, to control (throttle) the maximum amount of traffic on your site. For more information, see the following section.

Limiting Network Use

You can constrain your Internet services by limiting the network bandwidth allowed for all of the Internet services on your Web server.

Limiting the bandwidth dedicated to users of Microsoft Internet Information Server is especially useful if your Internet line has multiple purposes. Limiting bandwidth allows other operations (such as e-mail and remote logons) to use the same line without being slowed down by too much activity on the Web server.

To change bandwidth

2. Click the Advanced tab.

3. Select Limit Network Use by all Internet Services on this computer.

4. Select the number of kilobytes per second you want to allow for Internet services.

5. Click Apply and then click OK.

If the bandwidth being used remains below the level you set, client requests for information are answered. If the bandwidth is close to the value you set, client requests are delayed until the network traffic decreases. Delaying responses enables the Web server to smooth out network traffic volumes without actually denying browser requests. If the bandwidth exceeds the level you set, client requests to read files are rejected and requests to transfer files are delayed until the bandwidth equals or falls below the set value.

Using a Browser to Administer Internet Information Server

The HTML Internet Service Manager program performs the same administrative functions as Internet Service Manager. You can use HTML Internet Service Manager with your Web browser to administer Internet Information Server over the Internet. To use HTML Internet Service Manager, use your Web browser to open http://computername/iisadmin. To administer any of the services, you must be logged on to a user account that has Administrator privileges on the computer being administered. If you are using a browser that is capable of Windows NT Challenge/Response authentication (such as Microsoft Internet Explorer version 2.0 or later), you can use Windows NT Challenge/Response authentication. If you are not using a browser capable of Windows NT Challenge/Response authentication, then you must use Basic authentication (although this is not recommended).

Important When remotely administering a Web server through a browser, there are three actions you should guard against.

If your browser supports only Basic authentication, do not turn off Basic authentication while you are administering Internet Information Server.
If you stop a service, you will be disconnected and will not be able to restart it using the HTML Internet Service Manager.
If you delete the Iisadmin virtual directory on the server you are administering, you will be unable to use the HTML Internet Service Manager on that computer.

Using Other Windows NT Tools

In addition to Internet Service Manager, you can use other Windows NT utilities to configure, control, and monitor the Internet services. You might use the Windows NT utilities instead of Internet Service Manager for some tasks if you are already familiar with the standard Windows NT tools. This section explains how you can use Windows NT utilities to monitor or configure Internet Information Server.

Configuring Server Options with Control Panel

Use Control Panel to set Windows NT systems and options.

The Network Application

The Network application in Control Panel configures your Transmission Control Protocol/Internet Protocol (TCP/IP) settings, including IP address, subnet mask, and default gateway. Double-click TCP/IP Protocol in the Installed Network Software listing to display the TCP/IP Configuration dialog box.

Click the DNS tab to configure DNS settings, such as hostname, domain names, and DNS servers, to resolve names.

The Services Application

The Services application is used to start, stop, and pause the WWW, gopher, and FTP services. You can also use Internet Service Manager to start, stop, and pause the services.

Use the Startup button to specify whether the service starts automatically when your server restarts. If you have a specific reason, you can also use this dialog box to override the account used by the WWW service as set in the Service property sheet of Internet Service Manager. You should change this setting only if it is part of your security strategy; otherwise, use the default settings in the Log On As box.

The ODBC Application

The ODBC application in Control Panel is used to set up ODBC connectivity. See Chapter 8, “Publishing Information and Applications,” for more information about using the ODBC application.

Setting File Access with Windows Explorer

Use Windows Explorer to set directory and file permissions on Windows NT File System (NTFS) drives. Use the Permissions item in the Security dialog box to set permissions. Setting directory and file permissions is an important part of securing your Web site. For more information, see Chapter 5, “Securing Your Site Against Intruders.”

File access control is not available on file allocation table (FAT) file systems. You can convert your file system to NTFS with the Convert.exe utility. See the Windows NT documentation for more information.

Managing User Accounts with User Manager for Domains

User Manager for Domains, in the Administrative Tools submenu of the Start menu, is a tool that you can use to manage security for a Windows NT Server computer. With User Manager for Domains you can:

Create and manage user accounts.
Create and manage groups.
Manage the security policies.
Manage servers individually or as members of a domain

Tracking Problems with Event Viewer

Event Viewer, in the Administrative Tools submenu of the Start menu, is a tool that you can use to monitor events in your system. You can use Event Viewer to view and manage System, Security, and Application event logs. Event Viewer can notify administrators of critical events by displaying pop-up messages, or by adding event information to log files. The information allows you to better understand the sequence and types of events that led up to a particular state or situation.

Monitoring Services with Performance Monitor

You can monitor a Web site to analyze the site’s use and improve its performance. Windows NT includes a utility called Performance Monitor that measures the performance of Windows NT objects, such as processes, memory, and cache. Each object has an associated set of counters that provide information about the object. With Performance Monitor, you can create charts that provide a snapshot of a service’s activity. You can also create logs of the service’s performance, prepare reports that provide performance measurements, and generate alerts when a service counter meets a threshold. For more information on using Performance Monitor, see the Windows NT Help system.

Internet Information Server automatically installs Windows NT Performance Monitor counters for the WWW, FTP, and gopher services, as well as Internet Information Services Global. You can use these counters with the Windows NT Performance Monitor for real-time measurement of your Internet service use. A list of these counters and their descriptions follows. Except where noted otherwise, each counter is available to monitor any of the three services. (For example, you can monitor Connection Attempts for WWW, FTP, or gopher; but you can monitor Current CGI Requests for the WWW service only.

Note The WWW service appears in the Windows NT Performance Monitor as the HTTP Service.

Counter Description

Aborted Connections Total number of connections disconnected due to error or over-the-limit requests made to gopher service

Bytes Received/sec Rate at which data bytes are received by service

Bytes Sent/sec Rate at which data bytes are sent by service

Bytes Total/sec Rate of total bytes transferred by service (sum of bytes sent and received)

CGI Requests The total number of Common Gateway Interface (CGI) requests executed since WWW service startup; CGI requests invoke custom gateway executables, which the administrator can install to add forms processing or other dynamic data sources

Connection Attempts Number of connection attempts made to service

Connections/sec Rate at which HTTP requests are currently being handled

Connections in Error Total number of connections (since service startup) that resulted in errors when processed by gopher service

Current Anonymous Users Number of anonymous users currently connected to service

Current CGI Requests Current number of CGI requests simultaneously being processed by WWW service (includes WAIS index queries)

Current Connections Current number of connections to the service (sum of anonymous and non-anonymous users)

Current ISAPI Extension Requests Current ISAPI extension requests simultaneously being processed by WWW service

Current NonAnonymous Users Number of non-anonymous users currently connected to a specific (WWW, FTP, or gopher) service

Files Received Total files received by (uploaded to) service since service startup (WWW or FTP only)

Files Sent Total files sent by (downloaded from) service since service startup

Files Total Total files transferred by server since service startup (WWW or FTP only)

Get Requests Total number of HTTP GET requests received by WWW service; GET requests are generally used for basic file retrievals or image maps, though they can be used with forms

Gopher Plus Requests The total number of Gopher Plus requests received by gopher service since service startup

Head Requests Total number of HTTP HEAD requests received by WWW service; HEAD requests typically indicate that a client is querying the state of a document they already have to see if it needs to be refreshed

ISAPI Extension Requests Total number of HTTP ISAPI extension requests received by WWW service; ISAPI Extension Requests are custom gateway dynamic-link libraries (DLLs), which the administrator can install to add forms processing or other dynamic data sources

Logon Attempts Number of logon attempts made by service since service startup

Maximum Anonymous Users Largest number of anonymous users simultaneously connected to service since service startup

Maximum CGI Requests Largest number of CGI requests simultaneously processed by the WWW service since service startup

Maximum Connections Largest number of users simultaneously connected to service since service startup

Maximum ISAPI Extension Requests Largest number of ISAPI extension requests simultaneously processed by WWW service since service startup

Maximum NonAnonymous Users Largest number of non-anonymous users simultaneously connected to service since service startup

Not Found Errors Number of requests that could not be satisfied by service because requested document could not be found; typically reported as HTTP 404 error code to client

Other Request Methods Number of HTTP requests that are not GET, POST, or HEAD methods; may include PUT, DELETE, LINK, or other methods supported by gateway applications

Post Requests Number of HTTP requests using POST method; generally used for forms or gateway requests

Total Anonymous Users Total number of anonymous users that have ever connected to service since service startup

Total NonAnonymous Users Total number of non-anonymous users that have connected to service since service startup

Select Internet Information Services Global in the Object list box in the Windows NT Performance Monitor Add to Chart dialog box to monitor general-use and cache-use information about Internet Information Server. Counters for this object are:

Counter Description

Cache Flushes Total number of times since service startup that cache has been flushed

Cache Hits Total number of times since service startup a file-open, directory-listing, or service-specific object's request was found in the IIS cache

Cache Hits % Ratio of cache hits to all cache requests

Cache Misses Total number of times since service startup a file-open, directory-listing, or service-specific object's request was not found in the cache

Cache Size Configured maximum size of the shared HTTP, FTP, and gopher memory cache

Cache Used Current number of bytes containing cached data in shared memory cache (includes directory listings, file handle tracking, and service-specific objects)

Cached File Handles Current number of open file handles cached by all Internet Information Server services

Current Blocked Async I/O Requests Current number of asynchronous I/O requests blocked by bandwidth throttling

Directory Listings Current number of cached directory listings cached by all Internet Information Server services

Measured Async I/O Bandwidth usage Measured bandwidth in bytes of asynchronous I/O averaged over one minute

Objects Current number of objects cached by all of Internet Information Server services (includes file-handle tracking objects, directory-listing objects, and service-specific objects)

Total Allowed Async I/O Requests Total asynchronous I/O requests allowed by bandwidth throttling since service startup

Total Blocked Async I/O Requests Total asynchronous I/O requests blocked by bandwidth throttling since service startup

Total Rejected Async I/O Requests Total asynchronous I/O requests rejected by bandwidth throttling since service startup

Counter	Description
Aborted Connections	Total number of connections disconnected due to error or over-the-limit requests made to gopher service
Bytes Received/sec	Rate at which data bytes are received by service
Bytes Sent/sec	Rate at which data bytes are sent by service
Bytes Total/sec	Rate of total bytes transferred by service (sum of bytes sent and received)
CGI Requests	The total number of Common Gateway Interface (CGI) requests executed since WWW service startup; CGI requests invoke custom gateway executables, which the administrator can install to add forms processing or other dynamic data sources
Connection Attempts	Number of connection attempts made to service
Connections/sec	Rate at which HTTP requests are currently being handled
Connections in Error	Total number of connections (since service startup) that resulted in errors when processed by gopher service
Current Anonymous Users	Number of anonymous users currently connected to service
Current CGI Requests	Current number of CGI requests simultaneously being processed by WWW service (includes WAIS index queries)
Current Connections	Current number of connections to the service (sum of anonymous and non-anonymous users)
Current ISAPI Extension Requests	Current ISAPI extension requests simultaneously being processed by WWW service
Current NonAnonymous Users	Number of non-anonymous users currently connected to a specific (WWW, FTP, or gopher) service
Files Received	Total files received by (uploaded to) service since service startup (WWW or FTP only)
Files Sent	Total files sent by (downloaded from) service since service startup
Files Total	Total files transferred by server since service startup (WWW or FTP only)
Get Requests	Total number of HTTP GET requests received by WWW service; GET requests are generally used for basic file retrievals or image maps, though they can be used with forms
Gopher Plus Requests	The total number of Gopher Plus requests received by gopher service since service startup
Head Requests	Total number of HTTP HEAD requests received by WWW service; HEAD requests typically indicate that a client is querying the state of a document they already have to see if it needs to be refreshed
ISAPI Extension Requests	Total number of HTTP ISAPI extension requests received by WWW service; ISAPI Extension Requests are custom gateway dynamic-link libraries (DLLs), which the administrator can install to add forms processing or other dynamic data sources
Logon Attempts	Number of logon attempts made by service since service startup
Maximum Anonymous Users	Largest number of anonymous users simultaneously connected to service since service startup
Maximum CGI Requests	Largest number of CGI requests simultaneously processed by the WWW service since service startup
Maximum Connections	Largest number of users simultaneously connected to service since service startup
Maximum ISAPI Extension Requests	Largest number of ISAPI extension requests simultaneously processed by WWW service since service startup
Maximum NonAnonymous Users	Largest number of non-anonymous users simultaneously connected to service since service startup
Not Found Errors	Number of requests that could not be satisfied by service because requested document could not be found; typically reported as HTTP 404 error code to client
Other Request Methods	Number of HTTP requests that are not GET, POST, or HEAD methods; may include PUT, DELETE, LINK, or other methods supported by gateway applications
Post Requests	Number of HTTP requests using POST method; generally used for forms or gateway requests
Total Anonymous Users	Total number of anonymous users that have ever connected to service since service startup
Total NonAnonymous Users	Total number of non-anonymous users that have connected to service since service startup

Counter	Description
Cache Flushes	Total number of times since service startup that cache has been flushed
Cache Hits	Total number of times since service startup a file-open, directory-listing, or service-specific object's request was found in the IIS cache
Cache Hits %	Ratio of cache hits to all cache requests
Cache Misses	Total number of times since service startup a file-open, directory-listing, or service-specific object's request was not found in the cache
Cache Size	Configured maximum size of the shared HTTP, FTP, and gopher memory cache
Cache Used	Current number of bytes containing cached data in shared memory cache (includes directory listings, file handle tracking, and service-specific objects)
Cached File Handles	Current number of open file handles cached by all Internet Information Server services
Current Blocked Async I/O Requests	Current number of asynchronous I/O requests blocked by bandwidth throttling
Directory Listings	Current number of cached directory listings cached by all Internet Information Server services
Measured Async I/O Bandwidth usage	Measured bandwidth in bytes of asynchronous I/O averaged over one minute
Objects	Current number of objects cached by all of Internet Information Server services (includes file-handle tracking objects, directory-listing objects, and service-specific objects)
Total Allowed Async I/O Requests	Total asynchronous I/O requests allowed by bandwidth throttling since service startup
Total Blocked Async I/O Requests	Total asynchronous I/O requests blocked by bandwidth throttling since service startup
Total Rejected Async I/O Requests	Total asynchronous I/O requests rejected by bandwidth throttling since service startup