Internet Information Server - Instruktion Lab 5
Restricting Access to the Administration Web Site - Preparing the environment for testing
· To determine the Administration Web Site TCP port
- Start the Microsoft Management Console with the Internet Service Manager snap-in
- Double click IIS. The IIS folder opens displaying a computer icon.
- Double click a computer icon.
- Right click Administration Web Site and then click Properties. The Administration Web Site Properties dialog box appears displayjng the Web Site tab
- Record your TCP Port number and the TCP Port number of your partner
- Click cancel
- Close the Microsoft Management Console with save the changes
· To enable the guest account
- Start User Manager and enable the guest account
- Check the User Rights Policy and verify that guests can log on locally
- Close User Manager
- Press Ctrl + Alt + Del. The Microsoft Windows Security dialog box appears
- Click Logoff
- Click OK
Test your partner's Web site security
· To test your partner's Web site with Internet Explorer
- Log on as guest
- Click Start and then click Run. The Run dialog box appears
- In the Open box type iexplore //ServerY:ZZZZ/iisadmin/iisnew.asp and click OK. Are you able to access all or part of the Internet Service Manager page without proper authentication?
Securing the administration Web site
· To secure iisadmin folders
- Log on as Administrator
- Start Windows NT Explorer
- Open the \WINNT\System32\inetsrv folder
- Right click on the \WINNT\System32\inetsrv folder. A pop-up menu appears
- Click the Properties. The inetsrv Properties dialog box appears
- Click on the Security tab and then click Permissions. The Directory Permissions dialog box appears and displays that Everyone has change permissions
- Click Everyone and then click Remove. Everyone is removed from the Name box
- Click Replace Permissions on Subdirectories. The Replace Permissions dialog box is checked
- Click OK. You are prompted to replace security information on all existing subdirectories within C:\WINNT\System32\inetsrv
- Click Yes
- The inetsrv Properties dialog box appears
- Click OK
· To enable the authentication method for the administration Web site
- Start Internet Service Manager
- Open the properties for the Administration Web Site
- Click the Directory Security tab
- In the Password Authentication Method box, click Edit. The Password Authentication Method box appears
- Click Allow Anonymous to clear the box. Verify that the Windows NT Chalenge/Response box is the only one checked
- Click OK twice
- Start Control Panel
- Double click Services. The Services dialog box appears
- Click IIS Admin Service and then click Stop. You are warned that all IIS services will be stopped
- Click OK
- Scroll down the list and click World Wide Web Publishing Service
- Click Start. The World Wide Web Publishing Service starts
- Close the Services dialog box
- Log off as administrator
Verifying your partner's Web site security
· To verify your partner's security with IE
- Log on as guest
- Click Start and then click Run. The Run dialog box appears
- In the Open box type iexplore http://ServerY/ZZZZ/iisadmin/iisnew.asp and then click OK. An Authentication dialog box appears
- Type guest in the User name box and then click OK. You may have to do this six times or more before receiving an Error: Access is Denied page
- Close Internet Explorer
- Close the Microsoft Management Console with save the changes
- Log off as guest
- Log on as Administrator
|