How to Install IIS 7 and Setup a Static Website

Why install IIS? The most obvious answer is because you need a web server that is easy to configure and work with. IIS 7 in Windows Server 2008 is a completely different animal than it has been in the past.

It seems Microsoft may have finally created a version of IIS that will compete against Apache for functionality and performance. IIS 7 is a giant step forward for the IIS platform with the following enhancements:

• Modular Design – In the past it was an all or nothing install for IIS, but not so anymore. With the ability to only load the modules that you need for server operation you increase both performance and security
• New Management Interface – IIS 7 has a completely new interface that allows you to quickly and easily change the settings you need to for each site. Also in this version is the ability to edit all the website settings in a text based configuration file
• Share tasks with site owners – If you are hosting multiple sites you can delegate administrative control to developers or content owners

In this article we will explore installing and enabling the basic features of IIS 7 and placing a static website into service. For this article, I will assume that you have installed Server 2008 and know how to launch Server Manager.

Installing IIS 7 on Windows Server 2008

Since the IIS web server is not installed by default, the first thing we have to do is install IIS as a role for the server we are working on.

1. Click on Start -> Administrative Tools -> Server Manager

2. In Server Manager scroll down to Roles Summary, and click on Add Roles

3. The Add Roles Wizard starts at this point and warns you that if you are going to add a role to make sure:

• The administrator account has a strong password
• Network settings, such as static IP, are configured
• The latest security updates from Windows Updates are installed

4. Click Next to go the Add Server Role page. Place a checkmark next to Web Server (IIS) and then click on the button Next

5. The next page will give you some basic information on IIS Web Servers and a few links with extra information if needed. Click on the button Next to continue

6. The next window is the Select Role Services. This very important screen will allow you to add only the modules necessary for your planned installation of IIS.

When you choose a module in this screen in the upper right corner you will get more information about what the module is for. For our example we are going to load the following modules:

• Static Content – Lets the Web server publish static Web file formats, such as HTML pages and image files.
  Use Static Content to publish files on your Web server that users can view using a Web browser.
• Default Document – Lets you configure a default file for the Web server to return when users do not specify a file in a URL.
  Default Documents make it easier and more convenient for users to reach your Web site.
• HTTP Errors – Allows you to customize the error messages returned to users’ browsers when the Web server detects a fault condition.
  Use HTTP Errors to provide users with a better user experience when they run up against an error message. Consider providing users with an e-mail address for staff who can help them resolve the error.
• HTTP Redirection – Provides support to redirect user requests to a specific destination.
  Use HTTP redirection whenever you want customers who are using one URL to actually end up at another URL. This is helpful in many situations, from simply renaming your Web site, to overcoming a domain name that is difficult to spell, or forcing clients to use a secure channel.
• HTTP Logging – Provides logging of Web site activity for this server.
  When a loggable event, usually an HTTP transaction, occurs, IIS calls the selected logging module, which then writes to one of the logs stored in the files system of the Web server. These logs are in addition to those provided by the operating system.
• Request Filtering – Screens all incoming requests to the server and filters these requests based on rules set by the administrator.
  Many malicious attacks share common characteristics, like extremely long requests, or requests for an unusual action. By filtering requests, you can attempt to mitigate the impact of these types of attacks.
• IIS Management Console – Provides infrastructure to manage IIS 7 by using a user interface.
  You can use the IIS management console to manage a local or remote Web server that runs IIS 7. To manage SMTP or FTP, you must install and use the IIS 6 Management Console.

7. Click Next to get to the Confirm Installation Selections screen to verify your chosen settings.

8. Click Install and installation will start

9. After installation you should see the Installation Results page. Click Close to finish the process.

10. In the Server Manager window, under Roles Summary, you should now see Web Server (IIS)

11. Let’s go ahead and open IIS Manager by going to Start -> Administrative Tools -> Internet Information Services (IIS) Manager

12. Once IIS Manager opens, expand out the web server and then expand the Sites folder. Right click on sites and then click on Add Web Site

13. In the Add Web Site window we have some basic information to fill out for a static site:

• Site Name – Name of the site, this will be either domain.com or *.domain.com (Where * would represent a sub domain name such as www or blog for example)
• Physical Path – The location on the local server that will hold the files for the website. If you did not set this up beforehand you can create a folder through this interface
• Type – choose either http or https depending on whether your site will use Secure Socket Layer (SSL) certificate or not
• IP Address – From the dropdown you can specify what IP the website should answer on or use the default switch of All Unassigned
• Host Name – If you would like this site to respond to other domain names you can put these here

You have now installed IIS 7 and configured a static website. Just place your html files in the directory you specified when creating the site and you are good to go.

How to Test SMTP AUTH using Telnet

Below are instructions on how to test SMTP AUTH against a mail server using Telnet and entering the commands by hand.

The first thing you need to do is get a base64 encoding of your username and password. There are a couple ways to do this, the example below uses Perl:

1. perl -MMIME::Base64 -e 'print encode_base64("username");'
2. perl -MMIME::Base64 -e 'print encode_base64("password");'

What will be returned from each command is a base64 encoding of the username and password; save these as you will need them later. Now connect to the mail server using Telnet:

1. telnet mailserver.com 25
2. Greet the mail server:

1. EHLO mailserver.com

Tell the server you want to authenticate with it:

1. AUTH LOGIN

The server should have returned 334 VXNlcm5hbWU6; this is a base64 encoded string asking you for your username, paste the base64 encoded username you created earlier, example:

1. dXNlcm5hbWUuY29t

Now the server should have returned 334 UGFzc3dvcmQ6;. Again this is a base64 encoded string now asking for your password, paste the base64 encoded password you created, example:

1. bXlwYXNzd29yZA==

Now you should have received a message telling you that you successfully authenticated. If it failed your user/pass may have been wrong or your mailserver is broken.

Below is a log of a real successful SMTP AUTH connection over Telnet:

1. user@localhost [~]# telnet exampledomain.com 25
2. Trying 1.1.1.1...
3. Connected to exampledomain.com (1.1.1.1).
4. Escape character is '^]'.
5. 220-server1.exampledomain.com ESMTP Exim 4.66 #1 Wed, 09 May 2007 23:55:12 +0200
6. 220-We do not authorize the use of this system to transport unsolicited,
7. 220 and/or bulk e-mail.
8. EHLO exampledomain.com
9. 250-server1.exampledomain.com Hello  [1.1.1.2]
10. 250-SIZE 52428800
11. 250-PIPELINING
12. 250-AUTH PLAIN LOGIN
13. 250-STARTTLS
14. 250 HELP
15. AUTH LOGIN
16. 334 VXNlcm5hbWU6
17. dXNlcm5hbWUuY29t
18. 334 UGFzc3dvcmQ6
19. bXlwYXNzd29yZA==
20. 
    
21. 235 Authentication succeeded

Send a test mail using Telnet

Let us try to send an email to the user now. As the "example.com" domain does not really existing your DNS settings will likely not point to the right server. So we are simulating an SMTP session with the telnet command. Install the telnet package if you haven't already:

$> aptitude install telnet

Then establish a TCP connection to the SMTP port:

$> telnet localhost smtp

The server should reply:

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailtest ESMTP Postfix (Debian/GNU)

Great. Postfix is listening and wants us to speak SMTP. First we need to be friendly:

ehlo example.com

Postfix appreciates our friendliness and tells us which features it provides:

250-my-new-mailserver
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Hey, Postfix, we have a mail from steve@example.com:

mail from:<steve@example.com>

Looks like Postfix is happy with that because return codes that start with a '2' are good news:

250 2.1.0 Ok

Tell Postfix who the recipient of the mail is:

rcpt to:<john@example.com>

Postfix accepts that:

250 2.1.5 Ok

Then we are ready to send the actual mail:

data

Postfix agrees and tells us we can send the actual mail now and end our input with a dot on an empty line:

354 End data with <CR><LF>.<CR><LF>

Okay, type in the mail:

Hi John,

just wanted to drop you a note.
.

Postfix tells us it has received the mail and queued under a queue ID:

250 2.0.0 Ok: queued as A9D64379C4

Thanks, Postfix, we are done:

quit

Installing IIS 7 on Windows Server 2008 or Windows Server 2008 R2

Before You Begin

Ensure that you have administrative user rights on the computer on which you plan to install IIS 7 or above. Note that by default, you do not have administrative user rights if you are logged on as a user other than as the built-in administrator, even if you were added to the local Administrators group on the computer (this is a new security feature in Windows Server 2008 called Local User Administrator).

Log on either to the built-in administrator account, or explicitly invoke applications as the built-in administrator by using the runas command-line tool.

Note: You can run runas /user:administrator cmd.exe so that every application you run from that command line will be elevated, eliminating the need to use the runas syntax from that command line.

If you are logged on to an account other than the built-in local administrator account, you may see the following security alert dialog box.

Figure 1: Windows^® Security (User Account Control)

Install IIS 7.5 on Windows Server 2008 R2

IIS is one of the Windows Server^® server roles. IIS can be installed through the graphical user interface (GUI) by using the new Server Manager interface after the Windows Server operating system is installed.

Server Manager provides a single dashboard to install or uninstall server roles and features. Server Manager also gives an overview of all currently installed roles and features. When IIS is chosen from the Server Manager, the basic components and services needed for IIS are automatically selected.

1. Click Start -> All Programs -> Administrative Tools -> Server Manager.

Figure 2: Server Manager

2. In the Server Manager window, scroll down to Roles Summary, and then click Add Roles. The Add Roles Wizard will start with aBefore You Begin page. The wizard asks for verification of the following:

a. The administrator account has a strong password.

b. The network settings, such as IP addresses, are configured.

c. The latest security updates from Windows^® Update are installed.

3. Select Web Server (IIS) on the Select Server Roles page. An introductory page will open with links for further information.

Note: When you use the Add Roles Wizard to install IIS, you get the default installation, which has a minimum set of role services. If you need additional IIS role services, such as Application Development or Health and Diagnostics, make sure to select the check boxes associated with those features in the Select Role Services page of the wizard.

Figure 3: Select Server Roles

4. Select the IIS services to be installed on the Select Role Services page. Add only the modules necessary. In this case, ASP.NET is selected, and a description of ASP.NET appears in the right pane. Once desired modules are added, click Next.

Figure 4: Select Role Services

5. Add any required role services.

Figure 5: Wizard warning page

6. IIS is now installed with a default configuration for hosting ASP.NET on Windows Server. Click Close to complete the process.

Figure 6: Installation Results page

7. Confirm that the Web server works by using http://localhost.

Figure 7: Default Web site

Note: Install only the absolutely necessary IIS services to minimize the IIS installation footprint. This also minimizes the attack surface, which is one of the benefits of IIS 7 and above.

Use a Script to Install IIS 7.5 on Windows Server 2008 R2

You can also use a script to install IIS 7.5. Note that if you use this script, you get the full IIS installation, which installs all available feature packages. If there are feature packages you do not need, you should edit the script to install only the packages you require. For more information, see Installing IIS 7.5 on Windows Server 2008 R2.

To install IIS 7.5 with a script, type the following at a command prompt:

CMD /C START /w PKGMGR.EXE /l:log.etw /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS-HttpErrors;IIS-HttpRedirect;IIS-ApplicationDevelopment;IIS-ASP;IIS-CGI;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-HttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-CustomLogging;IIS-ODBCLogging;IIS-Security;IIS-BasicAuthentication;IIS-WindowsAuthentication;IIS-DigestAuthentication;IIS-ClientCertificateMappingAuthentication;IIS-IISCertificateMappingAuthentication;IIS-URLAuthorization;IIS-RequestFiltering;IIS-IPSecurity;IIS-Performance;IIS-HttpCompressionStatic;IIS-HttpCompressionDynamic;IIS-WebServerManagementTools;IIS-ManagementScriptingTools;IIS-IIS6ManagementCompatibility;IIS-Metabase;IIS-WMICompatibility;IIS-LegacyScripts;WAS-WindowsActivationService;WAS-ProcessModel;IIS-FTPServer;IIS-FTPSvc;IIS-FTPExtensibility;IIS-WebDAV;IIS-ASPNET;IIS-NetFxExtensibility;WAS-NetFxEnvironment;WAS-ConfigurationAPI;IIS-ManagementService;MicrosoftWindowsPowerShell

Unattended Installation of IIS 7.0 on Windows Server 2008

Automating the installation of IIS by using unattended scripts is very useful if you need to deploy multiple Web servers and want to ensure that each of the Web servers is set up with identical components and services.

In the Windows Server 2008 and Windows Vista operating systems, Pkgmgr.exe is used for unattended scripts, letting you install or uninstall optional features from a command prompt or scripts. (Note: Pkgmgr.exe replaces Sysocmgr.exe which was used in Windows Server^® 2003.) For instructions and an overview of Pkgmgr.exe, see Installing IIS 7.0 and Above from the Command Line. See also Unattended Setup to Install IIS 7.0 and Above. Note that to use Pkgmgr.exe, you must make sure you have administrative user rights on the computer.

Install IIS 7.0 on Windows Server 2008

1. To start Server Manager, click Start Menu -> All Programs -> Administrative Tools -> Server Manager. The Server Manager window opens.

Figure 8: Server Manager

2. In the Server Manager window, select Roles. The Role Summary View is displayed.

Figure 9: Start Add Roles Wizard

3. Click Add Roles. The Add Roles Wizard opens. Click Next to select roles to install.

Figure 10: Add Roles Wizard Introduction

4. Select Web Server (IIS).

Figure 11: Select Web Server (IIS) in Add Roles Wizard

5. The Add Roles Wizard notifies you of any required dependencies; since IIS depends on the Windows Process Activation Service (WAS) feature, the following informational dialog box appears. Click Add Required Role Services to continue.

Figure 12: Add Dependencies

6. The Web Server is now selected for install. The Select Server Roles dialog box opens. Click Next to continue.

Figure 13: Selected Web Server (IIS)

7. The following dialog box and information appears. Click Next to continue.

Figure 14: Introduction to Web Server dialog box

8. The Add Roles Wizard displays a list of all IIS 7.0 features available to install as shown below. Note that features comprising the default install are pre-selected.

Figure 15: Web Server Features Listed

9. To install just the IIS 7.0 default features, click the Install button, and then proceed to Step 14. If you need to install additional features, proceed to step 10.

10. For this example, we install additional IIS features. Select the check box for ASP.NET. The Wizard warns if adding an IIS feature will also cause other features to be installed.

Figure 16: Dependency Information

11. Click Add Required Role Services to continue.

12. Continue selecting additional IIS Role Services features to install.

Figure 17: Add Features For Web Server

13. When you have selected all the features you require, click Next to continue.

14. The Wizard provides a summary of what will be installed.

Figure 18: Summary of Features

15. Click Install to continue. The Installation Progress dialog box opens.

Figure 19: Install Progress

16. When the IIS 7.0 installation is complete, the following dialog box opens. Click Close to return to the Server Manager.

Figure 20: Installation Summary

17. You can now perform a quick check to verify that IIS 7.0 is installed. Start the Windows^® Internet Explorer^® Web browser, and enter the address http://localhost. You should see the default IIS "Welcome" page.