IIS (Internet Information Services) or Windows Web Server is a web server that hosts websites and web applications. As it stands IIS is the second most popular Windows web server in the world (second only to Apache HTTP). Windows Web Server first hit the scene in 1995 and since then there has been a different version of IIS available for almost every Windows operating system on the market.
Generally speaking, the last version of IIS that is suitable for an enterprise environment is IIS 6 or Microsoft Windows Server 2003. If you try to use any later version of the product you will struggle to function within a fast-paced environment. Below we’ve included a brief breakdown of the version history:
|Version ||Information/ Additional Features|
|IIS 6 (Windows Server 2003)||Support for IPV6 but no future updates|
|IIS 7||Available with Windows Vista with more security and support for .NET framework|
|IIS 7.5||Available with Windows 7 with support for TLS 1.1 and 1.2|
|IIS 8 (Windows Web Server 2012)||Support for SNI and offers general support until 2023|
|IIS 8.5||Available for Windows 8.1 with more login capabilities and dynamic site activation|
|IIS 10||Beta with support for HTTP/2 and PowerShell 5.0|
As it stands IIS 8.5 is the best version in terms of security and features. Once the beta has been completed for IIS 10 then we recommend you make the transition.
How to Install and Configure IIS
It may surprise you to know that while IIS does come with Windows it isn’t accessible unless you install it. However, the installation and configuration process is relatively straightforward.
- To begin, open the Control Panel and click Add or Remove Programs.
- Next click Add/Remove Windows Components.
- Check the Internet Information Services (IIS) box and click Next.
- Click Finish.
As you can see, the basic installation process is very quick. Once you’ve installed IIS it is time to configure it.
If you want to use PowerShell to install IIS then you can do this by entering the following command:
< PS C:\> Install-WindowsFeature -Name Web-Server -IncludeManagementTools >
See also: Powershell Cheatsheet
- Locate the My Computer icon on your desktop and click Manage.
- Click on the Services and Applications option in the Computer Management box.
- Click on Internet Information Services and then Web Sites.
- If your default node hasn’t started, right-click on the Default Web Site node.
Configuring IIS Websites and Active Directories
One of the main reasons why people use IIS is to deploy web applications. With IIS and the Advanced Installer utility, you can deploy web applications on multiple servers very quickly. This also has the advantage of eliminating the need to add new configurations for each machine.
The first step when configuring websites is to open the Files and Folders view. From here you can examine your current application files and add new ones. You want to make sure that your application files are placed in their own individual directory (The admin panel of the website you connect to will use these later).
Once you’ve done this switch to the IIS Server view and enter your new website name using the New Web Site toolbar.
At this point, you need to configure your website settings for HTTP and HTTPS. You also need new SSL options for your website. In the section below we show you how to configure a website or folder with SSL and HTTPS:
- Log on to your computer as an Administrator.
- Press Start and go to Settings. Click Control Panel.
- Double-click on Administrative Tools and Internet Services Manager.
- In the left-hand pane select the website you want to configure.
- Right-click on your Website (or folder or file) that you want to configure SSL for and click Properties.
- Click on the Directory Security tab.
- Select Edit.
- To add SSL as a requirement, click Require Secure-Channel (SSL).
- Next click Require 128bit Encryption.
- (Optional) If you want users to connect regardless of whether they have a certificate, click Ignore client certificates. If you want to block users without a certificate, select Accept client certificates.
Securing IIS with Secure Sockets Layer (SSL)
Most enterprise users are naturally going to want to secure their data against unauthorized access. This can be done through the use of SSL. SSL allows you to encrypt all the data that you transmit. This prevents any outside entities from getting access to data they don’t have permission to. In order to use SSL to secure your server, you need to install a server certification on the server machine. The first step to enabling SSL is to create a certificate. This can be achieved by following the steps below:
- Install Windows Server 2003.
- Ensure that you have IIS installed and configured.
- Install Microsoft Certificate Services (this allows you to create authentication certificates).
- Open Internet Explorer and browse for Microsoft Certificate Services (http://MyCA/certsrv).
- Click Request a Certificate and click Next.
- Next click Advanced request.
- Click Next, then submit a certificate request to this CA using a form. Click Next. This will raise the certificate request form and add the domain name of your server machine.
- Now click Server Authentication Certificate in the Intended Purpose or Type of Certificate Needed field.
- Select either Microsoft RSA SChannel Cryptographic Provider, Microsoft Base Crypto Provider version 1.0 or Microsoft Enhanced Cryptographic Provider. (Take extra care not to select Microsoft Strong Cryptographic Provider).
- Select the Use Local Machine store box and verify that Enable Strong Private Key Protection is unchecked.
- Click Submit. Now you will either have the certificate installed immediately or you will have to wait for it to be administered by the CA administrator.
Designating an SSL Server Certificate to a website
To add an SSL server certificate to a website:
- Open IIS Manager, click on Local Computer, and then Web Sites folder.
- Look for the website that you want to assign the certificate to and right-click Properties.
- Next, click the Directory Security section and click Server Certificate. (You’ll find this under Secure Communications).
- Raise the Web Server Certificate Wizard and press Assign an existing certificate.
- Complete the Web Server Certificate Wizard process. Once completed, go to the Properties page, select the Directory Security tab and press the View Certificate button (here you can view more information about the certificate).
IIS not only allows you to create sites and applications but also allows you to create virtual directories. In IIS you specify a name that maps to a physical directory. The direct name provides users with a way to access the content hosted on a server quickly. In many cases, this is another website, but it can also be smaller media elements like photos and videos as well.
In the older IIS 6.0, virtual directories and applications were considered to be separate objects. An application was comprised of the following metabase components:
As of IIS 7.0 and after, virtual directories and applications are still considered as separate objects but they also exist in a hierarchy. For example, one website can contain multiple applications. In turn, one website can contain multiple virtual directories which lead to a physical directory on a computer.
Log files are used to record a variety of actions on your server. Loading up the log files will show you everything from the date and time of the event, the IP address involved, and the quantity of data transmitted. Most of the time your log files can be found here:
< %SystemRoot%\system32\Logfiles\ >
On most contemporary versions of IIS, you can find your IIS log files by performing the following actions:
- Click Start and Control Panel.
- Click Administrative Tools and run Internet Information Services (IIS).
- Look for your website on the left-hand side of the tree and select it.
- Next, click the Logging icon.
- Look for the dialog box at the bottom of the screen that says Directory, and click Browse.
If you’re using IIS 6 then:
- Go back to step 3 of the instructions above.
- Right-click on your website and click Properties.
- Find the Website tab and look for the Active Log Format section.
- Click the Properties button and look at the bottom of the box where the log file directory and log file name are shown.
Generally speaking, your server will use port 80 for all of your HTTP traffic. However, if this isn’t suitable for your needs then you can change it as required. You can do this by following the steps below:
- Open Internet Information Services (IIS Manager).
- Right-click on your website then press Properties.
- In the Properties window find the TCP port box and change it to a port of your choice.
Please note that if you change the port from the default setting when you go to open up your website, you will need to enter your domain name and the new port. For example: domainname:80 (type the number of the port you wish to use instead of 80).
Windows 8 and 8.1
On Windows 8.1 there are a couple of differences:
- Type IIS Manager into the Search Box on the homepage.
- Select Internet Information Services Manager in the search results.
- On the left-hand side of the screen you’ll see a navigation tree; click Default Web Site.
- Next, go to the sidebar on the right hand of the screen and click Bindings.
- Highlight http from the main view and click Edit.
- Enter the new port you want to use in the Port text box.
- Press Ok and click Close.
- Go back to the left-hand tree and select the relevant server node.
- Finally, click Restart Server from the sidebar on the right-hand side.
Once you have IIS set up, you will need to keep ahead of any possible problems. Monitoring a complex application, such as IIS takes a lot of resources and you can reduce the amount of staff that you need to dedicate to the task by introducing automated tools.
SolarWinds Microsoft Management Tools can watch out for key attributes in the performance of IIS. You will particularly need the Web Performance Monitor and the Server and Application Monitor to keep IIS running smoothly. Both of these tools are written to a common platform, called Orion. This enables them to connect together into a contiguous tool. Both tools will also help you manage other Microsoft products, including Exchange Server, Sharepoint, and Office 365. These monitoring systems are not free to use. However, you can get both of them on a 30-day free trial.
What is IIS: A Windows Web Server at the Top of the Game
That concludes our guide to using IIS. IIS can be needlessly complex sometimes, but once you get the basics down like how to configure your website, then you’re well on your way to nailing the learning curve. The key is to keep at it, as learning to use the second-largest Windows web server in the world is more than worth the initial struggle you face when new to the utility.
Remember that IIS can be considerably different depending upon the operating system you’re using. If you don’t see the version of IIS you’re using supported in this article then there are plenty of other online resources covering all facets that you can think of. You’ll have to mix and match but you’ll be able to piece together more specific guidance for your system.
IIS Primer and Resources