Creating an iis website on windows 2003 server

You can configure anonymous authentication by using the default anonymous user account IUSR , or you can set up a local user account for anonymous users. In the Actions pane, click Edit to set the security principal user credentials under which anonymous users will connect to the site. In the Edit Anonymous Authentication Credentials dialog box, select one of the following options:. If you want to configure a specific user account that IIS uses to access your site or application, select Specific user.

Then click Set to open the Set Credentials dialog box, and enter a user name and password for the identity. Then click OK. If you want IIS processes to run by using the account that is currently specified on the property page for the application pool, select Application pool identity.

By default, this identity is the IUSR account. If you use the IUSR account, you grant anonymous users all the internal network access associated with that account.

The variable username is the account that IIS uses for anonymous authentication, and the variable password is the password, which is encrypted in the configuration file by default.

For example, to use an account named Moe and a password of pssword1 for anonymous access, enter the following at the command prompt:.

When a client request to your website doesn't include a document name, IIS looks for a file whose name is defined as a default document. Typically, the default document name is Default. You can define a list of default document names in order of precedence. The variable string is the file name that you want to add to the list. For example, to add a file named home. To remove a file named home. You can optionally configure your web server to compress static content to use bandwidth more efficiently and to enhance the performance of your website.

Invoke "AppCreate", false ;. Write " Failed. ToInt32 e. These is. VBS code FileSystemObject" for each site in fso. GetFolder Source. GetFileName Site. ReturnValue" End If. Print s End If End Sub. Path End If End Function. CreateObject "WScript. Shell" WshShell. Sub CheckError if Err. Number then msgbox err. ChangeStartMode "Manual" s. StopService End If Next end sub. The content you requested has been removed. Ask a question. Quick access.

Search related threads. Remove From My Forums. Asked by:. Archived Forums. Now that we have a couple of web sites and virtual directories created, let's look at a few administration tasks. First let's look at how we can control access to our web sites. NTFS permissions is your front line of defense but it's a general subject that we can't cover in detail here. Web permissions are specified on the Home Directory tab of your web site's properties:. By default only Read permission is enabled, but you can also allow Write access so users can upload or modify files on your site.

Script source access so users can view the code in your scripts generally not a good idea , or Directory browsing so users can view a list of files in your site also not a good idea. Web permissions apply equally to all users trying to access your site, and they are applied before NTFS permissions are applied.

IP address restrictions can be used to allow or deny access to your site by clients that have a specific IP address, have an IP address within a range of addresses, or have a specific DNS domain name. This opens the following dialog, which by default does not restrict access to your site:.

The main thing to watch for here is that denying access based on domain name involves reverse DNS lookups each time clients try to connect to your web site, and this can significantly impact the performance of your site.

The final way of controlling access to your sites is to use the Authentication Methods dialog box we looked at previously:. Since web sites are prime targets for attackers, you probably want to log hits to your site to see who's visiting it. By default IIS 6 logs traffic to all content as can be seen on the bottom of the General tab of the properties for a web site or virtual directory:.

The default logging format is the W3C Extended Log File Format, and clicking Properties indicates new log files are created daily in the indicated directory. It's a good idea to specify that local time be used for logging traffic as this makes it easier to interpret the logs:. The key of course is to review log files regularly to look for suspicious activity. You can download these tools here.