Internet Information Server - Instruktion Lab 5


Restricting Access to the Administration Web Site - Preparing the environment for testing
· To determine the Administration Web Site TCP port
  1. Start the Microsoft Management Console with the Internet Service Manager snap-in
  2. Double click IIS. The IIS folder opens displaying a computer icon.
  3. Double click a computer icon.
  4. Right click Administration Web Site and then click Properties. The Administration Web Site Properties dialog box appears displayjng the Web Site tab
  5. Record your TCP Port number and the TCP Port number of your partner
  6. Click cancel
  7. Close the Microsoft Management Console with save the changes

· To enable the guest account
  1. Start User Manager and enable the guest account
  2. Check the User Rights Policy and verify that guests can log on locally
  3. Close User Manager
  4. Press Ctrl + Alt + Del. The Microsoft Windows Security dialog box appears
  5. Click Logoff
  6. Click OK

Test your partner's Web site security
· To test your partner's Web site with Internet Explorer
  1. Log on as guest
  2. Click Start and then click Run. The Run dialog box appears
  3. In the Open box type iexplore //ServerY:ZZZZ/iisadmin/iisnew.asp and click OK. Are you able to access all or part of the Internet Service Manager page without proper authentication?

Securing the administration Web site
· To secure iisadmin folders
  1. Log on as Administrator
  2. Start Windows NT Explorer
  3. Open the \WINNT\System32\inetsrv folder
  4. Right click on the \WINNT\System32\inetsrv folder. A pop-up menu appears
  5. Click the Properties. The inetsrv Properties dialog box appears
  6. Click on the Security tab and then click Permissions. The Directory Permissions dialog box appears and displays that Everyone has change permissions
  7. Click Everyone and then click Remove. Everyone is removed from the Name box
  8. Click Replace Permissions on Subdirectories. The Replace Permissions dialog box is checked
  9. Click OK. You are prompted to replace security information on all existing subdirectories within C:\WINNT\System32\inetsrv
  10. Click Yes
  11. The inetsrv Properties dialog box appears
  12. Click OK

· To enable the authentication method for the administration Web site
  1. Start Internet Service Manager
  2. Open the properties for the Administration Web Site
  3. Click the Directory Security tab
  4. In the Password Authentication Method box, click Edit. The Password Authentication Method box appears
  5. Click Allow Anonymous to clear the box. Verify that the Windows NT Chalenge/Response box is the only one checked
  6. Click OK twice
  7. Start Control Panel
  8. Double click Services. The Services dialog box appears
  9. Click IIS Admin Service and then click Stop. You are warned that all IIS services will be stopped
  10. Click OK
  11. Scroll down the list and click World Wide Web Publishing Service
  12. Click Start. The World Wide Web Publishing Service starts
  13. Close the Services dialog box
  14. Log off as administrator

Verifying your partner's Web site security
· To verify your partner's security with IE
  1. Log on as guest
  2. Click Start and then click Run. The Run dialog box appears
  3. In the Open box type iexplore http://ServerY/ZZZZ/iisadmin/iisnew.asp and then click OK. An Authentication dialog box appears
  4. Type guest in the User name box and then click OK. You may have to do this six times or more before receiving an Error: Access is Denied page
  5. Close Internet Explorer
  6. Close the Microsoft Management Console with save the changes
  7. Log off as guest
  8. Log on as Administrator