6427 a lab manual
TRANSCRIPT
-
8/9/2019 6427 a Lab Manual
1/170
-
8/9/2019 6427 a Lab Manual
2/170
Information in this document, including URL and other Internet Web site references, is subject to change without notice.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people,
places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain
name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright
laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be
reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft
Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject
matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this
document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no
representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the
products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of
Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of
Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any
changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from
any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply
endorsement of Microsoft of the site or the products contained therein.
© 2008Microsoft Corporation. All rights reserved.
Microsoft, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/orother countries.
All other trademarks are property of their respective owners.
Product Number: 6427A
Part Number: X14-69082
Released: 12/2007
-
8/9/2019 6427 a Lab Manual
3/170
Lab Instructions: Configuring an Internet Information Services 7.0 Web Server 1
Module 1
Lab Instructions: Configuring an Internet InformationServices 7.0 Web Server
Contents:
Exercise 1: Installing IIS Using Role Manager 2
Exercise 2: Installing IIS Using Unattended Setup 4
Exercise 3: Installing IIS on Server Core from Command Line 5Exercise 4: Configuring IIS and Validating Functionality 6
-
8/9/2019 6427 a Lab Manual
4/170
2 Lab Instructions: Config ring an Internet Inf rmation Services 7. Web Server
ab: Co figuri g an II 7.0
E
S
Y
si
a
EIn
T
1.
2.
3.
T
•
T
•
T
•
•
xercise 1:
cenario
u receive a s
tes and Web
plication tha
ercise Ove this exercise,
is exercise’s
Start the 6
Turn on N
Install the
ask 1: Start
Start 6427
ask 2: Turn
Open Netnetworks.
ask 3: Instal
Use Server
Test functi
Installing
rvice request
pplications. O
needs to be
rviewyou will learn
ain tasks are:
27A-NYC-SV
twork Discov
eb server rol
the 6427A-
-NYC-SVR1,
on Network
ork and Sha
l the Web s
Manager to
nality by load
IIS Using
from the Ente
ne of the co
osted in IIS7.
how to install
1 virtual mac
ry.
e.
YC-SVR1 v
and log on as
Discovery
ring Center a
rver role
add the Web
ing http://lo
eb Ser er
Role Man ger
rprise Design
panies acquir
Team to prep
ed by Woodg
are three We
rove Bank has
servers to ho
a classic ASP
st Web
IIS 7.0 using ole Manager..
hine and log n as LocalAd in.
irtual machine and log on as Local dmin
LocalAdmin with the pass ord of Pa$$ 0rd.
nd turn on N
Server (IIS) r
alhost in the
twork Disco
le and ASP a
browser.
ery and File Sharing for all public
s a required s rvice.
http://localhost/http://localhost/http://localhost/
-
8/9/2019 6427 a Lab Manual
5/170
Lab Instructions: Configuring an Internet Information Services 7.0 Web Server 3
Results: After this exercise, you should have successfully verified that the Web Server (IIS) role isinstalled and loaded the IIS Welcome page in Internet Explorer.
-
8/9/2019 6427 a Lab Manual
6/170
4 Lab Instructions: Configuring an Internet Information Services 7.0 Web Server
Exercise 2: Installing IIS Using Unattended Setup
Scenario
Now you will set up the second IIS Web server to host the new ASP.NET application. You will install IIS by
creating an Unattend.XML file based on the example given on the student CD by modifying it to only
install the features needed. This will be an ASP.NET application server and will need to have all security,compression and caching features installed so that development can experiment with configuration.
Exercise Overview
In this exercise, you will learn how to install IIS using unattended setup.
This exercise’s main tasks are:
1. Start the 6427A-NYC-SVR3 virtual machine and log on as LocalAdmin.
2.
Turn on Network Discovery.
3.
Create the Unattend.XML file by copying the default XML file provided and removing unnecessary
features.
4. Install IIS using Pkgmgr with the Unattend.XML file and verify once completed.
Task 1: Start the 6427A-NYC-SVR3 virtual machine and log on as LocalAdmin
•
Start 6427A-NYC-SVR3, and log on as LocalAdmin with the password of Pa$$w0rd.
Task 2: Turn on Network Discovery
• Open Network and Sharing Center and turn on Network Discovery and File Sharing for all publicnetworks.
Task 3: Create the Unattend.XML file by copying the default XML file provided and
removing unnecessary features
1. Open E:\mod01\labfiles\unattend.xml in Notepad and delete the following lines:
2. Save the modified file to c:\unattend.xml.
Task 4: Install IIS using Pkgmgr with the Unattend.XML file and verify once completed
1.
Start /w pkgmgr /n:unattend.xml to install IIS.
2. Verify installation by using the command echo %errorlevel%.
3. Use Server Manager to verify that the Web server role is installed, and open http://localhost in the
browser.
Results: After this exercise, you should have successfully installed IIS using an unattend file andverified the IIS Welcome page.
http://localhost/http://localhost/
-
8/9/2019 6427 a Lab Manual
7/170
Lab Instructions: Configuring an Internet Information Services 7.0 Web Server 5
Exercise 3: Installing IIS on Server Core from Command Line
Scenario
The final server you will install is a Server Core Web server that will act primarily as a redirection server to
the ASP server.
Exercise OverviewIn this exercise, you will learn how to install IIS via the command line in a Server Core environment.
This exercise’s main tasks are:
1.
Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator.
2.
Disable the firewall.
3.
Install IIS from the command line.
Task 1: Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator
• Start 6427A-NYC-SVR2, and log on as Administrator with the password of Pa$$w0rd.
Task 2: Disable the firewall
•
On NYC-SVR2, in the command prompt window, type netsh firewall set opmode disable and pressEnter.
Task 3: Install IIS from the command line
1. Type the following and then press Enter. Note that the feature names are case-sensitive:
Start /w pkgmgr /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-
StaticContent;IIS-DefaultDocument;IIS-HttpErrors;IIS-HttpRedirect;WAS-
WindowsActivationService;WAS-ProcessModel
• When the process completes, type echo %errorlevel%, and then press Enter.
2. On NYC-SVR1, in Internet Explorer, browse to http://nyc-svr2 to verify functionality.
Results: After this exercise, you should have successfully installed IIS on Microsoft® Server 2008 ServerCore from the command line and verified by loading the IIS Welcome page from another machinerunning Internet Explorer.
http://nyc-svr2/http://nyc-svr2/
-
8/9/2019 6427 a Lab Manual
8/170
6 Lab Instructions: Configuring an Internet Information Services 7.0 Web Server
Exercise 4: Configuring IIS and Validating Functionality
Scenario
With the three Web servers installed, configure each as necessary to perform its function.
Exercise OverviewIn this exercise, you will configure common IIS features and validate functionality.
This exercise’s main tasks are:
1.
Configure NYC-SVR1 for ASP debugging, detailed error messages, HTTP compression and SMTP
Service.
2.
Configure NYC-SVR3 to trace server errors, enable directory browsing, enable windows authentication
and impersonation, configure UDDI, and enable dynamic output compression.
3.
Configure NYC-SVR2 to have no default documents, and redirect requests to NYC-SVR1.
Task 1: Configure NYC-SVR1 for ASP debugging, detailed error messages, and HTTP
compression
1.
On NYC-SVR1, in Internet Information Services (IIS) Manager, under ASP Compilation settings,
enable Client-side and Server-side debugging. Enable Send Errors to Browser.
• Under HTTP Response Headers, set Expire Web Content.
• Under Compression, enable Static Content Compression.
• Under Error Pages, enable Detailed error messages.
2. On NYC-SVR3, in Internet Explorer, browse to a page on NYC-SVR1 that does not exist, such as
http://nyc-svr1/default.asp to check error functionality.
Task 2: Configure NYC-SVR3 to trace server errors, enable directory browsing, enable
windows authentication and impersonation, configure UDDI, and enable dynamic
output compression and SMTP
1.
On NYC-SVR3, in Internet Information Services (IIS) Manager, under Failed Request Tracing,
enable Failed Request Tracing.
• Add a rule to trace status code 500 for critical errors.
2. Enable Directory Browsing, Windows Authentication, and ASP.NET Impersonation.
3.
In Server Manager, add the UDDI Services role and configure it to not require SSL.
4.
In IIS Manager, under Output Caching, add a cache rule for the aspx extension to enable User-
mode caching.
•
Under ASP.NET, configure SMTP email for email address [email protected],server name SMTP.WoodgroveBank.com.
5.
Test the configuration by browsing to http://localhost/uddi.
• Browse to http://localhost/aspnet_client and investigate the failed request log.
Task 3: Configure NYC-SVR2 to have no default documents, and redirect requests to
NYC-SVR1
1.
On NYC-SVR2, in the command prompt window, type
cd \windows\system32\inetsrv\config and then press Enter.
http://nyc-svr1/default.aspmailto:[email protected]://localhost/uddihttp://localhost/aspnet_clienthttp://localhost/aspnet_clienthttp://localhost/uddimailto:[email protected]://nyc-svr1/default.asp
-
8/9/2019 6427 a Lab Manual
9/170
Lab Instructions: Configuring an Internet Information Services 7.0 Web Server 7
• Type edit applicationHost.config and then press Enter.
•
Scroll down to (approximately line 169), and change"true" to "false".
•
Scroll down to (approximately line 246), and modify this lineto read:
2. On NYC-SVR3, in Internet Explorer, browse to http://nyc-svr2 to test the redirection.
Results: After this exercise, you should have successfully configured and verified the configuration ofthe three web servers.
http://nyc-svr2/http://nyc-svr2/
-
8/9/2019 6427 a Lab Manual
10/170
Lab instructions: Configuring IIS 7.0 Web Sites and Application Pools 1
Module 2
Lab instructions: Configuring IIS 7.0 Web Sites andApplication Pools
Contents:Exercise 1: Configuring Authentication Types 2
Exercise 2: Creating a Web Site and Web Application 4
Exercise 3: Creating an Application Pool 5
Exercise 4: Configuring an Existing Application Pool 6
-
8/9/2019 6427 a Lab Manual
11/170
-
8/9/2019 6427 a Lab Manual
12/170
Lab instructions: Configuring IIS 7.0 Web Sites and Application Pools 3
Task 3: Add Basic, Windows Integrated and Digest Security features to the IIS Role
•
Use Server Manager to add the Basic Authentication, Windows Authentication, and DigestAuthentication role services to the Web server role.
Task 4: Create a virtual directory named public
• Use Internet Information Services Manager to create a virtual directory named public pointing tothe physical directory c:\inetpub\public.
•
Copy the contents of c:\inetpub\wwwroot to c:\inetpub\public.
Task 5: Configure the public virtual directory for anonymous authentication
1.
Use Internet Information Services Manager to make sure that Anonymous Authentication is
enabled for Public.
2.
In Server Manager, enable the local Guest account, and allow Guest to log on locally.
3.
Use Switch User to logon as NYC-WEB-A\Guest with no password.
4.
Open http://localhost/public in the browser to verify that the local guest can browse to the public
directory.
5. Use Switch user to login as local administrator with password of Pa$$w0rd before continuing with
next exercise.
Results: After this exercise, you should have successfully verified that the Public directory is created. andloaded the IIS Welcome page in Internet Explorer with the Guest account.
http://localhost/publichttp://localhost/public
-
8/9/2019 6427 a Lab Manual
13/170
2 Lab instructions: Configuring IIS 7.0 Web Sites and Application Pools
Exercise 2: Creating a Web Site and Web Application
Scenario
Next you will create two web sites, and two web applications, in the employee and restricted virtual
directories, named Woodgrove and Exec respectively. Exec will be a .NET 3.0 application. You will also
delegate administrative access to ITAdmins_WoodgroveGG.
Exercise Overview
In this exercise, you will learn how to create web sites and applications.
This exercise’s main tasks are:
1.
Create a site named Woodgrove.
2.
Copy the Woodgrove application to the appropriate directory.
3.
Add the .NET 3.0 Feature to the server.
4.
Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG.
Task 1: Create a site named Woodgrove
•
On NYC-WEB-A, in IIS Manager, add a Web site named Woodgrove and set its physical path toc:\inetpub\woodgrove, and its http port to 88.
Task 2: Copy the Woodgrove Application to the Appropriate Directory
•
Copy the Woodgrove application from e:\Mod02\Labfiles\Woodgrove to c:\inetpub\woodgrove.
Task 3: Add the .NET 3.0 Feature and ASP.NET to the server
• In Server Manager, add .NET 3.0 Framework and ASP.NET.
Task 4: Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG
• In IIS Manager, under Permissions, give Full Control to the security groupITAdmins_WoodgroveGG.
Results: After this exercise, you should have successfully installed .NET 3.0 Framework, ASP.NET, andcreated the Woodgrove site and copied its content.
-
8/9/2019 6427 a Lab Manual
14/170
-
8/9/2019 6427 a Lab Manual
15/170
-
8/9/2019 6427 a Lab Manual
16/170
-
8/9/2019 6427 a Lab Manual
17/170
Lab Instructions: Configuring IIS 7.0 Application Settings 1
Module 3
Lab Instructions: Configuring IIS 7.0 Application Settings
Contents:Exercise 1: Configuring ASP.NET 2
Exercise 2: Configuring ASP.NET Application Development Settings 4
Exercise 3: Configuring a Web Server to Host Multiple Applications withSeparate Application Pools 5
Exercise 4: Configuring ASP.NET Security 7
-
8/9/2019 6427 a Lab Manual
18/170
2 Lab Instructions: Config ring IIS 7.0 Application Settings
ab: Co figuri g IIS 7.
E
S
Y
t
w
p
leu
E
In
c
H
T
1.
2.
3.
4.
5.
6.
T
•
xercise 1:
cenario
u receive a s
add and con
ill be availabl
assword “sup
vel of securityser to contact
ercise Ove
this exercise,
oose and co
TTP errors.
is exercise’s
Start the 6
Start the 6
Add ASP.N
Create the
Configure
Configure
ask 1: Start
Start 6427
Configuri
rvice request
figure the AS
from the Int
ort” from thei
. If there is antheir district s
rview
you will learn
figure the ap
ain tasks are:
27A-NYC-DC
27A-NYC-WE
ET and Basic S
SalesSupport
asic Security
ustom error
the 6427A-
-NYC-DC1,
0 Appl cation Settings
g ASP.N T
from the Ente
.NET role serv
rnet and Sale
r client’s sites
error, the errales manager
rprise Design
ice, and Appli
s Associates w
to get contac
r message retfor login infor
Team to depl
cation Server
ill need to log
information
urned to themation.
y an applicat
role, on the
in with the u
or support. T
client browser
ion server. Yo
eb Server. Th
er name “sale
is requires a
should direct
need
server
s” and
edium
the
how to add t
ropriate auth
1 virtual mac
B-A virtual m
ecurity featur
pplication an
o allow acces
ages for 401.
YC-DC1 vi
nd log on as
e ASP.NET ro
entication mo
ine.
chine and lo
es to the IIS R
d copy the AS
s to authentic
spx for 401 e
rtual machi
LocalAdmin
le service and
del, and set u
on as Wood
le.
P.NET applica
ated Woodgr
rrors, and Oth
e and log
ith the pass
configure AS
p custom erro
.NET. You wil
r pages to ha
l
dle
rovebank\Administrator.
tion files.
vebank dom in users.
er_Errors.aspx for all other rrors.
n as Local dmin
ord of Pa$$ 0rd.
-
8/9/2019 6427 a Lab Manual
19/170
Lab Instructions: Configuring IIS 7.0 Application Settings 3
Task 2: Start the 6427A-NYC-WEB-A virtual machine and log on as
Woodgrovebank\Administrator
• Start 6427A-NYC-WEB-A, and log on as Administrator with the password of Pa$$w0rd.
Task 3: Add ASP.NET and Basic Security features to the IIS Role
•
On NYC-WEB-A, use Server Manager to add the ASP.NET and Basic Authentication role services.
Task 4: Create the SalesSupport application and copy the ASP.NET application files
1.
On NYC-WEB-A, use IIS Manager to add the SalesSupport application with a physical path of
c:\inetpub\wwwroot\SalesSupport.
2. Copy the application files from E:\Mod03\Labfiles\SalesSupport to
c:\inetpub\wwwroot\SalesSupport.
Task 5: Configure Basic Security to allow access to authenticated Woodgrovebank
domain users
1.
On NYC-WEB-A, use IIS Manager to disable Anonymous Authentication and enable Basic
Authentication for the domain and realm woodgrovebank .
2.
Browse to http://localhost/salessupport. Notice that you are prompted for credentials. Enter user
name yvonne with password Pa$$w0rd.
3. Close and reopen the browser, and then browse again to http://localhost/salessupport. Try logging
in with credentials that do not have a domain account, such as user name Bob with no password.
4. Close the browser before continuing to the next task.
Task 6: Configure custom error pages for 401.aspx for 401 errors, and Other_Errors.aspx
for all other errors
1. Copy the contents of E:\Mod03\Labfiles\WBErrors to c:\inetpub\custerr
\en-US.
2. In IIS Manager, edit the custom error for error 401 so that it redirects to 401.aspx. Edit the custom
error code for error 404 so that it redirects to Other_Erros.aspx. Note that you would repeat this forthe rest of the error codes if you were doing this in a real world situation.
3.
Open Internet Explorer and browse again to http://localhost/salessupport. Try logging in with
credentials that do not have a domain account, such as user name Bob with no password.
4.
If prompted, assign the site to the allowed list, and then note the custom 404 error.
Results: After this exercise, you should have successfully verified that the ASP.NET role service isinstalled, configured Basic authentication, and verified custom error pages in Internet Explorer.
http://localhost/salessupporthttp://localhost/salessupporthttp://localhost/salessupporthttp://localhost/salessupporthttp://localhost/salessupporthttp://localhost/salessupport
-
8/9/2019 6427 a Lab Manual
20/170
4 Lab Instructions: Configuring IIS 7.0 Application Settings
Exercise 2: Configuring ASP.NET Application Development Settings
Scenario
Next you will configure some test settings for the SalesSupport application. The Enterprise Design team is
planning on implementing a database to store the support resource data. You will need to enter the
provided connection string. You will also rename the cookie that the page uses to SalesSupport. Next youwill create a custom control for testing the new configuration. Finally, you will set some application
settings and then verify that the application can read them by loading the custom test page.
Exercise Overview
In this exercise, you will learn how to configure ASP.NET application development settings.
This exercise’s main tasks are:
1.
Configure ASP.NET Connection Strings to connect to Resources.MDF.
2.
Configure ASP.NET Session State settings to rename the cookie to SalesSupport.
3. Add a custom control: Woodgrovebank.TestControls Version=1.0.0.0.
4. Add application settings at Site and Application levels.
Task 1: Configure ASP.NET Connection Strings to connect to Resources.MDF
•
On NYC-WEB-A, in IIS Manager, modify the Connection Strings for the SalesSupport applicationto use the following connection string as LocalResources:
datasource=.\SQLEXPRESS;AttachDbFileName=e:\mod03\labfiles\resources.mdf;IntegratedSecurit
y=True
Task 2: Configure ASP.NET Session State settings to rename the cookie to SalesSupport
•
Rename the Session State cookie name to SalesSupport_SessionID.
Task 3: Add a custom control: Woodgrovebank.TestControls Version=1.0.0.0• In IIS Manager, register a new custom control with the tag preface of Woodgrovebank . Set the
Namespace to TestControls and the Assembly to Version=1.0.0.0.
Task 4: Add application settings at site and application levels
1.
Open Internet Explorer and browse to http://localhost/salessupport
/test.aspx. Enter username yvonne and password Pa$$w0rd. Notice that the test application reports
that no application settings are defined.
2.
In IIS Manager, add an Application setting named DefaultLocation with the value "New York " to
the Default Web Site.
3. In Internet Explorer, refresh the page and compare the results.
4. In IIS Manager, note the inheritance setting for the Application Settings, Add another Application
setting named debug_mode with value "true".5.
In Internet Explorer, refresh the page and compare results. Close Internet Explorer before
continuing.
Results: After this exercise, you should have configured ASP.NET development settings and verified testpage functionality.
http://localhost/salessupport/test.aspxhttp://localhost/salessupport/test.aspxhttp://localhost/salessupport/test.aspxhttp://localhost/salessupport/test.aspx
-
8/9/2019 6427 a Lab Manual
21/170
Lab Instructions: Configuring IIS 7.0 Application Settings 5
Exercise 3: Configuring a Web Server to Host Multiple Applications withSeparate Application Pools
Scenario
You will now deploy the SalesSupport application to two new instances. Once instance will be a test
deployment with additional testing configuration. Another instance will be for the German division of
Woodgrove and will need to be set for German globalization settings. Additionally, you will disable the
debug mode for the production version of SalesSupport.
Exercise Overview
In this exercise, you will learn how to create an application pool.
This exercise’s main tasks are:
1.
Create three application pools named SalesSupport, SalesSupport_De, and SalesSupport_Test.
2.
Create the applications SalesSupport_De and SalesSupport_Test.
3. Use XCopy to deploy the files from the SalesSupport directory to the SalesSupport_DE and
SalesSupport_Test directories.
4.
Assign the applications to the appropriate application pools.
5. Configure application pool recycling for unlimited requests.
6. Configure the SalesSupport_Test application pool to record recycled events.
7. Configure the SalesSupport .NET compilation debug setting to False.
8.
Configure the SalesSupport_De application globalization settings for Germany.
Task 1: Create three application pools named SalesSupport, SalesSupport_De, and
SalesSupport_Test
•
On NYC-WEB-A, in IIS Manager, add three application pools named SalesSupport,SalesSupport_De, and SalesSupport_Test.
Task 2: Create the applications SalesSupport_De and SalesSupport_Test
1.
In IIS Manager, create an application named SalesSupport_De with a physical path ofc:\inetpub\wwwroot\SalesSupport_De.
2.
Create an application named SalesSupport_Test with a physical path of
c:\inetpub\wwwroot\SalesSupport_Test.
Task 3: Use XCopy to deploy the files from the SalesSupport directory to the
SalesSupport_DE and SalesSupport_Test directories
• At the command prompt, change to the c:\inetpub\wwwroot directory and then use XCopy to copythe files and directory structure from SalesSupport to SalesSupport_De and SalesSupport_Test.
Task 4: Assign the applications to the appropriate application pools
1.
In IIS Manager, modify the SalesSupport, SalesSupport_De and SalesSuppot_Test to use their
correspondingly named application pools.
2. Disable anonymous authentication and enable basic authentication with the domain and realm of
woodgrovebank for both SalesSupport_De and SalesSupport_Test applications.
Task 5: Configure production application pool recycling for unlimited requests
• In IIS Manager, modify the SalesSupport and SalesSupport_De application pool recycling so thatthey do not recycle on regular intervals.
-
8/9/2019 6427 a Lab Manual
22/170
-
8/9/2019 6427 a Lab Manual
23/170
Lab Instructions: Configuring IIS 7.0 Application Settings 7
Exercise 4: Configuring ASP.NET Security
Scenario
Next, you will configure the machine key, .NET trust level, and File and Folder security.
Exercise OverviewIn this exercise, you will configure ASP.NET security settings.
This exercise’s main tasks are:
1.
Set the machine key of SalesSupport_de.
2.
Configure the SalesSupport_Test site for medium trust level.
3.
Configure File and Folder security so that only ITAdmins_WoodgroveGG can access the Test.aspx
page on SalesSupport.
4.
Enable Tracing and Logging for the SalesSupport_Test site.
5.
Configure Request Filtering so that only ASPX requests are processed.
Task 1: Set the machine key of SalesSupport_de
•
On NYC-WEB-A, in IIS Manager, generate a new Machine Key for SalesSupport_De.
Task 2: Configure the SalesSupport_Test site for medium trust level
• In IIS Manager, set the .NET Trust Level to Medium for the application SalesSupport_Test.
Task 3: Configure File and Folder security so that only ITAdmins_WoodgroveGG can
access the Test.aspx page in SalesSupport
1.
In IIS Manager, modify the permissions of SalesSupport\test.aspx so that permissions are not
inherited and only ITAdmins_WoodgroveGG is allowed.
2.
In Internet Explorer, browse to http://localhost/salessupport/test.aspx and try to use the
credentials of yvonne as user name and password Pa$$w0rd.
3.
Refresh the page and log in with a user account that is a member of ITAdmins_WoodgroveGG, suchas user name Betsy and password Pa$$w0rd.
4.
Close Internet Explorer before continuing.
Task 4: Enable Tracing and Logging for the SalesSupport_Test site
1.
In IIS Manager, add all of the role services for Health and Diagnostics to the Web Server role.
2. In Notepad, open c:\inetpub\wwwroot\SalesSupport_Test\test.aspx.
a. Modify the first line to read:
b. Modify the fifth line to read:
Response.Write("This message should appear");
c.
Save the file and close Notepad.
3. In Internet Explorer, browse to http://localhost/salessupport_test
/test.aspx and use credentials of user name Betsy and password Pa$$w0rd if prompted.
4. Examine the page for trace messages and information. Close Internet Explorer.
http://localhost/salessupport/test.aspxhttp://localhost/salessupport_test/test.aspxhttp://localhost/salessupport_test/test.aspxhttp://localhost/salessupport_test/test.aspxhttp://localhost/salessupport_test/test.aspxhttp://localhost/salessupport/test.aspx
-
8/9/2019 6427 a Lab Manual
24/170
-
8/9/2019 6427 a Lab Manual
25/170
Lab Instructions: Configuring IIS 7.0 Modules 1
Module 4
Lab Instructions: Configuring IIS 7.0 Modules
Contents:Exercise 1: Configuring and Editing Native Modules 2
Exercise 2: Configuring and Editing Managed Modules 4
-
8/9/2019 6427 a Lab Manual
26/170
2 Lab Instructions: Config ring IIS 7.0 Modules
ab: Co figuri g and
E
S
Y
r
a
EIn
a
T
1.
2.
3.
4.
5.
6.
7.
T
•
T
•
xercise 1:
cenario
u received a
quired to inst
d vulnerabilit
ercise Ove this exercise,
d reduce the
e main tasks
Start the 6
Backup the
Examine th
Remove th
Validate th
Restore th
Validate th
ask 1: Start
Start 6427
ask 2: Back
Open com
Configuri
service reques
all, test, and r
y, you must r
rviewstudents will l
server footpri
for this exerci
27A-NYC-WE
current Web
e modules cu
e Default Doc
at the module
modules to t
at the module
the 6427A-
-NYC-WEB-
p the curre
and prompt
diting Modules
g and Editing Nati e Modul s
t from the ap
n an applicat
move the un
lication deve
ion on the sp
ecessary mo
lopment team
cified Web se
ules.
specifying th
rver. To reduc
e modules tha
e the server f
t are
otprint
modules froearn how to r
nt.
emove native a Web server to improve s curity
e are as follo s:
B-B virtual m chine and lo on as Administrator.
server config ration.
server.rently installed on the Web
ctory Listingment Modul and the Dire odule.
s have been r moved and test the new s rver configuration.
he Web serve configuratio .
s have been r stored and t st the server onfiguration.
YC-WEB-B virtual ma hine and log on as Ad inistrator
, and log on as Administr tor with the assword of Pa$$w0rd.
nt Web ser er configuration
and use appcmd to backup the server co figuration.
-
8/9/2019 6427 a Lab Manual
27/170
Lab Instructions: Configuring IIS 7.0 Modules 3
Task 3: Examine the modules currently installed on the Web server
•
Use the IIS Manager to examine the modules.
Task 4: Remove the Default Document Module and the Directory Listing Module
1.
Browse the default Web site.
2.
Use Notepad to edit the applicationHost.config.3. Delete the DefaultDocumentModule and the DirectoryListingModule entries from within the
tag.
4.
Delete the references to the DefaultDocumentModule and the DirectoryListingModule from
within the tag.
5. Delete the DefaultDocumentModule and the DirectoryListingModule entries from within the
tag.
Task 5: Validate that the modules have been removed and test the new server
configuration
1.
Use IIS Manager to validate that the removed modules entries are missing.
2. Use Internet Explorer to check the default Web site.
3.
Use Internet Explorer to retrieve the default Web page.
• Default Web pageURL: http://localhost/default.aspx
Task 6: Restore the modules to the Web server configuration
• Open command prompt and use appcmd to restore the server configuration.
Task 7: Validate that the modules have been restored and test the server configuration
• Open command prompt and use appcmd to backup the server configuration.
Results: After this exercise, you should have successfully removed native modules from a Web server, andthen confirmed that the server operates as expected
-
8/9/2019 6427 a Lab Manual
28/170
4 Lab Instructions: Configuring IIS 7.0 Modules
Exercise 2: Configuring and Editing Managed Modules
Scenario
To increase throughput, it has been determined that output caching would be beneficial on some of the
applications on the Web server. You need to make sure that the Output Cache module is installed and
configured as specified in the service request. The development team also requested the installation of anew Managed Module that provides an additional level of logging for their application.
Exercise Overview
In this exercise, students will learn how to add new managed modules to a Web server.
The main tasks for this exercise are as follows:
1. Install the logging managed module.
2.
Confirm the installation of the logging managed module.
3.
Test the Web site’s forms authentication page.
4. Examine the modules currently running on the Web server.
5. Remove the forms authentication managed module.
6.
Test the new configuration.
Task 1: Install the logging managed module
1.
Create a new folder:
• C:\inetpub\ logging_module\
2.
Copy files for logging_module Web site.
• Source: E:\Mod04\Labfiles\logging_module
• Destination: C:\inetpub\ logging_module\
3. Change the security for C:\inetpub\logging_module\logs to allow Users (NYC-WEB-B\Users).
4.
Use IIS Manager to add a new Web site:• Site name: logging_module
•
Physical path: C:\inetpub\logging_module
• Port: 8181
Task 2: Confirm the installation of the logging managed module
1.
Use Internet Explorer to view the logging_module Web site.
2. Load the Web site's second page.
3.
Use IIS Manager to examine the modules for the logging_module Web site.
4.
Examine the logs created by the logging_module Web site.
• Location: C:\inetpub\logging_module\logs
Task 3: Test the Web site’s forms authentication page
•
Use Internet Explorer to log into the default Web site and retrieve a confidential memo.
• Destination: Shared Documents
• Email: [email protected]
•
Password: Pa$$w0rd
mailto:[email protected]:[email protected]:[email protected]
-
8/9/2019 6427 a Lab Manual
29/170
Lab Instructions: Configuring IIS 7.0 Modules 5
• Memo: Woodgrove Confidential Memo
Task 4: Examine the modules currently running on the Web server
• Use IIS Manager to examine the OutputCache module.
Task 5: Remove the forms authentication managed module
•
Use IIS Manager to remove the FormsAuthentication module.
Task 6: Test the new configuration
• Attempt to view the Shared Documents folder again using Internet Explorer.
Results: After this exercise, you should have successfully added a managed module to the Web server.
-
8/9/2019 6427 a Lab Manual
30/170
Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites 1
Module 5
Lab Instructions: Securing the IIS 7.0 Web Server and WebSites
Contents:Exercise 1: Configure a Secure Web Server 2
Exercise 2: Configure Authorization, Authentication, and Access 5
Exercise 3: Configure Logging 9
-
8/9/2019 6427 a Lab Manual
31/170
2 Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites
ab: Securing I S 7.0
E
S
A
p
A
aH
T
1.
2.
3.
4.
5.
6.
7.
8.
9.
T
•
T
•
xercise 1:
cenario
dditional secu
rotect the We
dditional ISAP
thorized forerbert Dorner
e main tasks
Start the 6
Start the 6
Create a se
Block IP ad
Examine th
Install the .
Set ISAPI a
Set the rig
Test and v
ask 1: Start
Start 6427
ask 2: Start
Start 6427
Configur
rity measures
b server again
I and CGI rest
specific site..
for this exerci
27A-NYC-DC
27A-NYC-WE
lf-signed serv
dresses as spe
e current ISAP
NET Framewo
d CGI restrict
ts and permis
lidate the ne
the 6427A-
-NYC-DC1.
the 6427A-
-NYC-WEB-
eb Server an Web ites
a Secure Web Server
need to be p
st unauthoriz
t in place to
d access by s
rotect the W
ecific IP addr
b server. Thes
esses and do
e measures w
ains.
ill
rictions need
You must giv
e are as follo
1 virtual mac
B-B virtual m
r certificate f
cified in the s
I and CGI Res
rk 1.1.
ions to use AS
sions for Acti
configuratio
YC-DC1 vi
YC-WEB-B
, and log on
o be put into
separate acc
place. Then y
ss to the IT A
u are given a
dmin group a
list of accoun
nd the develo
ts
per,
s:
n as Administine and log o ator.
chine and lo on as Administrator.
r the Web server.
rvice request..
rictions.
P.NET version 1.1.
e Directory u ers.
n.
rtual machi e and log n as Administrator
virtual ma hine and log on as Ad inistrator
as Administr tor with the assword of Pa$$w0rd.
-
8/9/2019 6427 a Lab Manual
32/170
Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites 3
Task 3: Create a self-signed server certificate for the Web server
1. On NYC-WEB-B, open the IIS Manager.
2. Open Server Certificates.
3.
Create a Self-Signed Certificate:
• Friendly name: woodgrovebank
Task 4: Block IP addresses as specified in the Service Request
1. Using the IIS Manager, set IPv4 Address and Domain Restrictions.
2. Add a deny rule entry:
• Specific IPv4 address: 10.10.20.1
3.
Add a deny rule entry:
• IPv4 address: 10.10.10.0
•
Mask: 255.255.255.0
Task 5: Examine the current ISAPI and CGI Restrictions
•
Using the IIS Manager, examine the ISAPI and CGI Restrictions.
Task 6: Install the .NET Framework 1.1
1. Install the .NET Framework 1.1.
•
File location: E:\ Mod05\Labfiles
• Installer: dotnetfix.exe
2.
Install the .NET Framework 1.1 Service Pack 1.
• File location: E:\ Mod05\Labfiles
• Installer: NDP1.1sp1-KB867460-X86.exe
Task 7: Set ISAPI and CGI restrictions to use ASP.NET version 1.1
1.
Using the IIS Manager, set the ISAPI and CGI Restrictions.
2. Allow ASP.NET v1.1.4322.
Task 8: Set the rights and permissions for Active Directory users
•
Set the rights and permissions for Active Directory users.
• Folder: C:\inetpub\wwwroot\
• Location: WoodgroveBank.com
•
Object names to select: ITAdmins_WoodgroveGG
• Object names to select: Herbert
• Allow: Full control
Task 9: Test and validate the new configuration
• Validate the new configuration.
• Group or user names: ITAdmins_WoodgroveGG
•
Group or user names: Herbert Dorner
-
8/9/2019 6427 a Lab Manual
33/170
-
8/9/2019 6427 a Lab Manual
34/170
Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites 5
Exercise 2: Configure Authorization, Authentication, and Access
Scenario
Additional security measures need to be put in place to protect the Web server. An application is
protected with forms authentication, but it is discovered that some of the content can bypass forms
authentication and still be accessed, such as a jpg, by entering the direct URL path and file name. Youmust configure the protected content to use the managed forms authentication module.
The main tasks for this exercise are as follows:
1. Turn off the Web site cache for the shared documents folder.
2.
Sign into the Woodgrove Bank Web site and retrieve the confidential memo.
3.
Bypass the Web site forms authentication.
4. Modify the applicationHost.config file to handle forms authentication.
5. Reconfigure the authorization and authentication so that the protected content uses forms
authentication.
6.
Test and validate the Web site’s new configuration
Task 1: Turn off the Web site cache for the shared documents folder• Using the IIS Manager, add Custom HTTP Response Header.
• Name: Cache-Control
•
Value: no-cache
Task 2: Sign into the Woodgrove Bank Web site and retrieve the confidential memo
1.
Use Internet Explorer to log into the default Web site and retrieve a confidential memo.
•
Destination: Shared Documents
• Email: [email protected]
• Password: Pa$$w0rd
•
Memo: Woodgrove Confidential Memo
2.
Sign-out of the Web site.
Task 3: Bypass the Web site forms authentication
•
Use Internet Explorer to retrieve the Confidential Memo.
• Confidential Memo URL: http://localhost/docs/shared/Woodgrove_memo.jpg
Task 4: Modify the applicationHost.config to unlock the URL Authorization
section by changing the override mode default to allow
• Unlock URL Authorization in the applicationHost.config file:
•
File location: C:\windows\system32\inetsrv\config •
File name: applicationHost.config
• Section:
• Original code:
•
Replacement code:
mailto:[email protected]:[email protected]:[email protected]
-
8/9/2019 6427 a Lab Manual
35/170
6 Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites
Task 5: Modify the applicationHost.config section to change the
Classic .NET application pool to Integrated mode• Change the Classic .NET application pool to Integrated mode in the applicationHost.config file:
• File location: C:\windows\system32\inetsrv\config
•
File name: applicationHost.config
• Section:
• Original code:
•
Replacement code:
Task 6: Modify the applicationHost.config file to disable all other authentication types
except for anonymous
• Disable all other authentication types except for anonymous in the applicationHost.config file:
• File location: C:\windows\system32\inetsrv\config
•
File name: applicationHost.config
• Section:
• Append enabled="false" to:
•
clientCertificateMappingAuthentication
• digestAuthentication
• iisClientCertificateMappingAuthentication
•
windowsAuthentication
Task 7: Modify the applicationHost.config file to protect all content by removing the
managedHandler precondition from the section
•
Protect all content by removing the managedHandler precondition in the applicationHost.config file:
• File location: C:\windows\system32\inetsrv\config
• File name: applicationHost.config
•
Section:
• Original code:
• Replacement code:
-
8/9/2019 6427 a Lab Manual
36/170
Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites 7
• Original code:
•
Replacement code:
Task 8: Reconfigure the authorization and authentication so that the protected content
uses forms authentication
1. Reconfigure authorization so that the protected content uses forms authentication in the Web.Config
file:
•
File location: C:\inetpub\wwwroot •
File name: Web.Config
• Section:
• Add the line , above the line
• Original code:
•
Replacement code:
2.
Using the IIS Manager, reconfigure authentication so that the protected content uses forms
authentication.
• Launch Authentication
•
Disable Anonymous Authentication
Task 9: Test and validate the Web site’s new configuration
1.
Use Internet Explorer to log into the default Web site and retrieve the confidential memo.
• Destination: Shared Documents
• Email: [email protected]
•
Password: Pa$$w0rd
• Memo: Woodgrove Confidential Memo
2.
Sign-out of the Web site.
3.
Use Internet Explorer and attempt to retrieve the Confidential Memo.
• Confidential Memo URL: http://localhost/docs/shared/Woodgrove_memo.jpg
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]
-
8/9/2019 6427 a Lab Manual
37/170
-
8/9/2019 6427 a Lab Manual
38/170
Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites 9
Exercise 3: Configure Logging
Scenario
Additional security measures need to be put in place to protect the Web server. You received a service
request to keep a log of all visitors to the Web server for the past 24 hours. You must enable and
configure logging and then test and verify the log.
The main tasks for this exercise are as follows:
1. Examine and configure logging options.
2. Test the logging operations.
Task 1: Examine and configure logging options
• Using the IIS Manager, set the logging options.
• Select: Use local time for file naming and rollover
Task 2: Test the logging operations
1.
Using Internet Explorer, refresh the Web site.2.
View the log file:
• Log file location: C:\ inetpub\logs\LogFiles\W3SVC1
Results: After examining the configuration of the Web server’s logging settings, the current log file wasexamined and proven to successfully track the Web server’s activity.
-
8/9/2019 6427 a Lab Manual
39/170
Lab Instructions: Configuring Delegation and Remote Administration 1
Module 6
Lab Instructions: Configuring Delegation and RemoteAdministration
Contents:Exercise 1: Configuring Remote Administration 2
Exercise 2: Configuring Delegated Administration 4
Exercise 3: Configuring Feature Delegation 7
-
8/9/2019 6427 a Lab Manual
40/170
2 Lab Instructions: Config ring Delegation and Remote Administration
ab: Codmini
figuritration
g Dele
gation
E
S
Y
t
Ab
t
Y
t
In
T
1.
2.
T1.
2.
3.
T
1.
xercise 1:
cenario
u need to be
st it by access
new site hasusiness owner
e other sites
u have been
eir site. You
this exercise
is exercise’s
Configure
Test NYC-
ask 1: Confi
Add the IIS
Configure
Credentials
Start the II
ask 2: Test
On NYC-D
Configuri
able to confi
ing the admin
een set up a. You will nee
osted on the
assigned a se
ust unlock th
you will practi
ain tasks are:
YC-WEB-B f
EB-B remote
gure NYC- Management
he IIS Manag
.
Managemen
YC-WEB-B
C1, add the II
g Remot
ure the serve
istration feat
d you have b to give the b
server.
vice request t
e error page f
ce configurin
r remote ad
administratio
EB-B for r role service t
ment service
t service.
remote ad
Managemen
and Remote
Administration
r remotely. Yo
res from a re
u must enabl
ote comput
remote admi
r.
nistration and then
een asked tousiness owne
elegate the a permission t
dministrationadminister t
of the site to teir site only,
heut not
foro allow all site
eature so that
owners to ad
it can be del
minister the e
gated.
rror messages
a Web server for remote administration.
inistration.
n.
mote admi istrationNYC-WEB- .
IIS Managerto accept both Windows Credentials and
inistration
t Console.
-
8/9/2019 6427 a Lab Manual
41/170
-
8/9/2019 6427 a Lab Manual
42/170
-
8/9/2019 6427 a Lab Manual
43/170
-
8/9/2019 6427 a Lab Manual
44/170
-
8/9/2019 6427 a Lab Manual
45/170
Lab Instructions: Configuring Delegation and Remote Administration 7
Exercise 3: Configuring Feature Delegation
Scenario
You need to be able to configure the server remotely. You must enable remote administration and then
test it by accessing the administration features from a remote computer.
A new site has been set up and you have been asked to delegate the administration of the site to the
business owner. You will need to give the business owner permission to administer their site only, but not
the other sites hosted on the server
You have been assigned a service request to allow all site owners to administer the error messages for
their site. You must unlock the error page feature so that it can be delegated.
In this exercise you will practice configuring delegated administration so that all site owners can
administer the error messages for their site.
This exercise’s main tasks are:
1.
Configure feature delegation for the Human Resources and Sales sites.
2.
Test feature delegation for the Human Resources site.
Task 1: Configure feature delegation for the Human Resources and Sales sites
• On NYC-WEB-B, use feature delegation to set Error Pages to Read/Write.
Task 2: Test feature delegation for the Human Resources site
1.
On NYC-DC1, log in as woodgrovebank\herbert with a password of Pa$$w0rd.
2.
Use IIS Manager to connect to the HR site on NYC-WEB-B with the user name
3. Set a custom error page of /ErrorPages/custom404.htm for the 404 error page.
4.
Use Internet Explorer to open URL: http://hr.woodgrovebank.com/missingpage.htm
Results: After completing this exercise, you should have successfully configured the Human Resourcesand Sales sites so that the site owners can customize error pages for each site.
http://hr.woodgrovebank.com/missingpage.htmhttp://hr.woodgrovebank.com/missingpage.htmhttp://hr.woodgrovebank.com/missingpage.htm
-
8/9/2019 6427 a Lab Manual
46/170
Lab Instructions: Using Command-line and Scripting for IIS 7.0 Administration 1
Module 7
Lab Instructions: Using Command-line and Scripting for IIS7.0 Administration
Contents:Exercise 1: Manage IIS Web Sites with PowerShell 2
Exercise 2: Use Microsoft.Web.Administration 4
Exercise 3: Automate IIS Administration using Scripts 5
Exercise 4: Navigating IIS tasks using WMI and AppCmd 7
-
8/9/2019 6427 a Lab Manual
47/170
2 Lab Instructions: Using ommand-line and Scripting for IIS 7.0 A ministration
ab: Usidmini
ng Cotration
mand
line an
E
S
T
t
t
In
T
1.
2.
3.
4.
5.
6.
T
T
•
T
•
xercise 1:
cenario
e developme
at PowerShell
e Web servic
this exercise,
e main tasks
Start the 6
Use Power
Use Power
Stop the w
Start the w
List the Po
ask 1: Start
ask 2: Use P
Use the ge
ask 3: Use P
Use the ge
Manage II
nt team requi
l will correctly
.
you will learn
for this exerci
27A-NYC-WE
hell to identi
hell to identi
3svc service u
3svc service u
ershell.exe p
the 6427A-
owerShell t
-service cmd
owerShell t
-service -inc
S Web Sit
res additional
manage the s
how to use P
e are as follo
B-B virtual m
y all services.
y running ser
ing PowerSh
ing PowerSh
ocess using t
YC-WEB-B
identify al
let.
identify r
lude w* | sor
d Scrip ing fo IIS 7.0
es with P werShell
tools to mana
erver’s service
ge their Web
s and make s
sites. First you
re it can succ
need to mak
ssfully stop a
e sure
nd start
werShell to anage IIS 7.0..
s:
chine and lo on as Wood rovebank\Administrator.
ices that start with a "w".
ll.
ll.
e get-wmiobject cmdlet.
virtual ma hine and log on as Ad inistrator
l services
ces that stanning servi rt with a w
-object -pro erty status mdlet.
-
8/9/2019 6427 a Lab Manual
48/170
Lab Instructions: Using Command-line and Scripting for IIS 7.0 Administration 3
Task 4: Stop the w3svc service using PowerShell
•
Use the stop-service cmdlet.
• Use the get-service cmdlet to confirm.
Task 5: Start the w3svc service using PowerShell
•
Use the start-service cmdlet.
• Use the get-service cmdlet to confirm.
Task 6: List the Powershell.exe process using the get-wmiobject cmdlet
•
Use the Get-WmiObject -query "Select * From Win32_Process Where Name = 'powershell.exe'"cmdlet.
Results: After this exercise, you should have successfully identified, stopped and started services using
PowerShell.
-
8/9/2019 6427 a Lab Manual
49/170
-
8/9/2019 6427 a Lab Manual
50/170
-
8/9/2019 6427 a Lab Manual
51/170
6 Lab Instructions: Using Command-line and Scripting for IIS 7.0 Administration
2.
Type the following at the end of the profile script:
new-variable iissites –value (New-Object
Microsoft.Web.Administration.ServerManager).Sites –scope “global”new-variable iisapppools –value (New-Object
Microsoft.Web.Administration.ServerManager).ApplicationPools –scope “global”
update-typedata –append (join-path –path $PSHome –childPath “iis.types.ps1xml”)
3. At the PowerShell Command Prompt run $iissites.Find(“^Default*”).
Task 6: Review and run a script to create a Web site
1. The script is located in E:\Mod07\Labfiles\scripts\CreateWebsite
\CreateWebsite\CreateWebsite\Bin\Debug\CreateWebsite.exe.
2.
Copy the script to the C:\drive and run it from PowerShell.
Task 7: Use PowerShell script to verify site was created
• Use $iissites.Find to locate NewSite.
Results: After this exercise, you should have successfully created a Microsoft.PowerShell profile script.
You should have also used a saved script to list Web site. Finally, you should have successfully created asite named NewSite.
-
8/9/2019 6427 a Lab Manual
52/170
Lab Instructions: Using Command-line and Scripting for IIS 7.0 Administration 7
Exercise 4: Navigating IIS tasks using WMI and AppCmd
Scenario
You need to verify which tasks are running on the server. Use WMI and AppCmd to display the list of
running tasks.
In this exercise, students will use WMI and AppCmd for IIS administration.
The main tasks for this exercise are as follows:
1. Use AppCmd to identify tasks running on the Web server.
2. Use AppCmd to identify all running application pools.
3. Use AppCmd to recycle all running application pools.
4.
Move all applications in a site to NewAppPool apppool.
5.
Store configuration information to file, and then restore the configuration information.
6.
Use WMI to list the default Web site on the Web server.
Task 1: Use AppCmd to identify tasks running on the Web server
1.
Open a Command Prompt.2. Navigate to c:\windows\system32\inetsrv to run AppCmd.
Task 2: Use AppCmd to identify all running application pools
Task 3: Use AppCmd to recycle all running application pools
• Use this command: appcmd list apppool /xml | appcmd recyle apppool /in
Task 4: Move all applications in a site to NewAppPool apppool
•
Use this command: appcmd list app /site.name:"NewSite" /xml | appcmd set app /in /applicationPool:NewAppPool
Task 5: Store configuration information to file, and then restore the configurationinformation
• To store configuration information: appcmd list config “Default Web Site/” /section:caching /xml /config > config.xml
• To restore configuration information: appcmd set config “Default Web site/” /in < config.xml
Task 6: Use WMI to list the default Web site on the Web server
1. Using Notepad create a file named GetSite.vbs with the following code:
Set oIIS = GetObject("winmgmts:root\WebAdministration")
Set oSite = oIIS.Get("Site.Name='Default Web Site'")
WScript.Echo "Retrieved an instance of Site "WScript.Echo " Name: " & oSite.Name
WScript.Echo " ID: " & oSite.ID
2.
Open a Command Prompt and navigate to folder where GetSite.vbs is located
3.
Type cscript //h:cscript.
4. Run GetSite.vbs script.
-
8/9/2019 6427 a Lab Manual
53/170
8 Lab Instructions: Using Command-line and Scripting for IIS 7.0 Administration
Results: After this exercise, you should have successfully used AppCmd to recycle application pools,move application and store configuration information to a file. You should have also successfullyidentified the default Web site using WMI.
-
8/9/2019 6427 a Lab Manual
54/170
Lab Instructions: Tuning IIS 7.0 for Improved Performance 1
Module 8
Lab Instructions: Tuning IIS 7.0 for Improved Performance
Contents:Exercise 1: Deploying Applications 2
Exercise 2: Configuring IIS Performance Options 5
Exercise 3: Managing Application Pools to Improve Performance 6
-
8/9/2019 6427 a Lab Manual
55/170
2 Lab Instructions: Tuning IIS 7.0 for Improved Performance
ab: Tu ing IIS 7.0 for
E
S
Y
n
E
InX
T
1.
2.
3.
4.
5.
6.
7.
T•
T
•
xercise 1:
cenario
u receive a r
ew installation
ercise Ove
this exercise,copy.
is exercise’s
Start the 6
Start the 6
Add ASP.N
Create the
Deploy a s
Deploy the
Create and
ask 1: StartStart 6427
ask 2: Start
oodgrove
Start 6427
Deployin
quest to depl
so that the E
rview
students will l
ain tasks are:
27A-NYC-DC
27A-NYC-WE
ET and Dyna
SalesSupport
cond copy of
application u
assign an ap
the 6427A--NYC-DC1.
the 6427A-
ank\Admin
-NYC-WEB-
Impro ed Pe forma ce
Applications
oy a second c
terprise Desi
opy of an inst
n QA team c
alled applicati
n test the pr
on, and then
posed updat
eploy update
s.
s to the
earn how to deploy an application, as welll as application updates, wi h
1 virtual mac ine.
B-A virtual m chine and lo on as Wood rovebank\Administrator.
ic Content C mpression fe tures to the IIS Role.
pplication and copy the ASP.NET application files.
sSupport2 usithe SalesSup ort application named Sale g Xcopy.
ng Xcopy.pdates to SalesSupport2 usi
lication pool or SalesSupp rt2 and test f unctionality.
C1 virtual machine
YC-WEB-
istrator
virtual ma hine and log on as
, and log on as LocalAdmin with the password of Pa$$w0rd.
-
8/9/2019 6427 a Lab Manual
56/170
-
8/9/2019 6427 a Lab Manual
57/170
4 Lab Instructions: Tuning IIS 7.0 for Improved Performance
Exercise 2: Configuring IIS Performance Options
Scenario
Next you will configure performance options for the SalesSupport application. First, you will use
Performance Monitor to look at the current machine performance. Then you will configure and test
output caching, compression, and throttling.
Exercise Overview
In this exercise, students will learn how to configure IIS Performance Options.
This exercise’s main tasks are:
1.
Use Performance Monitor to measure performance.
2.
Configure Output Caching.
3.
Configure Compression.
4.
Configure connection limit throttling.
Task 1: Use Performance Monitor to measure performance
1.
On NYC-WEB-A, open Performance Monitor.
2. Remove all counters, and then add the Web Service counters Bytes Sent/sec for all instances.
3. With Performance Monitor running, in Internet Explorer, browse to
http://localhost/salessupport/test.aspx.
4.
After the page loads, click refresh several times rapidly. Notice that the time is dynamically updated
with each refresh. Close Internet Explorer.
5. Examine the throughput in Performance Monitor.
Task 2: Configure Output Caching
1. In IIS Manager, add a cache rule to the SalesSupport application for the extension .aspx.
•
Select Kernel-mode caching.
•
Click At time intervals, and then delete the existing text and type 00:00:10.
2.
In Internet Explorer, browse to http://localhost/salessupport/test.aspx and click refresh several times
rapidly for at least 30 seconds. Notice how often the time is updated.
3. Browse to http://localhost/salessupport2/test.aspx, and then click refresh several times rapidly.
Notice that the time updates with each refresh.
4.
In Reliability and Performance Monitor, compare the graphs for the two pages. You may need to
zoom in to see the difference.
Task 3: Configure Compression
1. In Internet Explorer, browse to http://localhost. Click refresh several times rapidly.
2.
In Reliability and Performance Monitor examine the throughput.
3.
In IIS Manager, enable static content compression for the default web site.4.
In Internet Explorer, browse to http://localhost and click refresh several times rapidly.
5. In Reliability and Performance Monitor examine the throughput.
6. In Internet Explorer, browse to http://localhost/salessupport/test.aspx and click refresh several
times rapidly.
7.
In Reliability and Performance Monitor examine the throughput.
8.
In IIS Manager, enable dynamic content compression.
http://localhost/salessupport/test.aspxhttp://localhost/salessupport/test.aspxhttp://localhost/salessupport2/test.aspxhttp://localhost/http://localhost/http://localhost/salessupport/test.aspxhttp://localhost/salessupport/test.aspxhttp://localhost/http://localhost/http://localhost/salessupport2/test.aspxhttp://localhost/salessupport/test.aspxhttp://localhost/salessupport/test.aspx
-
8/9/2019 6427 a Lab Manual
58/170
Lab Instructions: Tuning IIS 7.0 for Improved Performance 5
9.
In Internet Explorer, browse to http://localhost/salessupport/test.aspx and click refresh several
times rapidly.
10. In Reliability and Performance Monitor examine the throughput and compare results.
Task 4: Configure connection limit throttling
1.
Open Internet Explorer and browse to http://localhost. Open two more tabs and browse to
http://localhost so that you have three tabs open to http://localhost. Right-click a tab and choose
Refresh All. Notice that all of the tabs refresh successfully. Close Internet Explorer.
2. In IIS Manager, set a Web Site Limit for the default web site so that the number of connections is
limited to 1.
3.
In Internet Explorer, open three tabs to http://localhost. Right-click a tab and choose Refresh All.
Notice that one of the tabs now reports an error.
4.
Close Internet Explorer before continuing.
Results: After this exercise, you should have configured performance options and verified functionality.
http://localhost/salessupport/test.aspxhttp://localhost/http://localhost/http://localhost/http://localhost/http://localhost/http://localhost/http://localhost/http://localhost/http://localhost/salessupport/test.aspx
-
8/9/2019 6427 a Lab Manual
59/170
6 Lab Instructions: Tuning IIS 7.0 for Improved Performance
Exercise 3: Managing Application Pools to Improve Performance
Scenario
You will now modify the application pools to improve resource usage.
Exercise OverviewIn this exercise, students will learn how to manage application pools to improve performance.
This exercise’s main tasks are:
1.
Use Reliability and Performance Monitor to measure resource usage.
2.
Recycle an application pool.
3.
Assign SalesSupport and SalesSupport2 to the same application pool.
Task 1: Use Reliability and Performance Monitor to measure resource usage
1. On NYC-WEB-A, open Internet Explorer and browse to http://localhost/salessupport. Open a
second tab, and browse to http://localhost/salessupport2.
2. Open Reliability and Performance Monitor. Examine the memory usage of w3wp.exe and the
number of instances.
Task 2: Recycle an application pool
1. In IIS Manager, recycle the SalesSupport2 application pool.
2. In Reliability and Performance Monitor, examine the memory and number of instances of
w3wp.exe and compare results.
3.
Close Internet Explorer before continuing.
Task 3: Assign SalesSupport and SalesSupport2 to the same application pool
1.
In IIS Manager, modify the SalesSupport2 application to use the default application pool, and then
remove the SalesSupport2 application pool.
2.
Open Internet Explorer and browse to http://localhost/salessupport. Open a second tab andbrowse to http://localhost/salessupport2.
3.
In Reliability and Performance Monitor, examine the memory and number of instances of
w3wp.exe.
Results: After this exercise, you should have recycled and consolidated application pools, and verifiedresource usage with Reliability and Performance Monitor.
4.
es?
http://localhost/salessupporthttp://localhost/salessupport2http://localhost/salessupporthttp://localhost/salessupport2http://localhost/salessupport2http://localhost/salessupporthttp://localhost/salessupport2http://localhost/salessupport
-
8/9/2019 6427 a Lab Manual
60/170
Lab Instructions: Ensuring Web Site Availability with Web Farms 1
Module 9
Lab Instructions: Ensuring Web Site Availability with WebFarms
Contents:Exercise 1: Backing Up an IIS Web Site 2
Exercise 2: Restoring an IIS Web Site 4
Exercise 3: Enabling Shared Configurations 5
Exercise 4: Configuring Network Load Balancing 6
-
8/9/2019 6427 a Lab Manual
61/170
2 Lab Instructions: Ensuring Web Site Availability with Web Farms
ab: En uring eb Sit
E
S
T
y
T
1.2.
3.
4.
T
T
•
T
•
xercise 1:
cenario
e Enterprise
u begin, you
e main tasks
Start the 6 Start the 6
Start the 6
Backup the
ask 1: Start
ask 2: Start
oodgrove
Log on to
• User:
•
Passw
ask 3: Start
oodgrove
Log on to
• User:
• Passw
Backing
esign Team
will back up a
for this exerci
27A-NYC-DC27A-NYC-WE
27A-NYC-WE
Web site, We
the 6427A-
the 6427A-
ank\Admin
YC-WEB-D.
oodgroveb
rd: Pa$$w0r
the 6427A-
ank\Admin
YC-WEB2.
oodgroveb
rd: Pa$$w0r
Avail bility ith W b Far
p an IIS
as asked you
n existing site
e are as follo
1 virtual macB-D virtual m
B2 virtual ma
b application,
YC-DC1 vi
YC-WEB-
istrator
nk\Administ
YC-WEB2
istrator
nk\Administ
eb Site
to explore op
and verify th
s:
ine.achine and lo
hine and log
and config fil
rtual machi
virtual ma
rator
irtual mac
rator
tions for incre
t it can be res
on as Wood
on as Woodg
es to the E: dr
e
hine and l
ine and lo
asing Web sit
tored properl
grovebank\Ad
rovebank\Ad
ive.
g on as
on as
s
availability.
.
efore
ministrator.
inistrator.
-
8/9/2019 6427 a Lab Manual
62/170
Lab Instructions: Ensuring Web Site Availability with Web Farms 3
Task 4: Backup the Web site, Web application, and config files to the E: drive
1. Create a new folder:
• E:\Web Site Backup
2. Copy the files:
•
Source: C:\inetpub\wwwroot
• Destination: \\NYC-WEB-D\E\Web Site Backup
Results: After this exercise, you should have successfully backed up a Web site. Provide the results ofthe exercise so students will know when and if they have completed the lab exercise successfully.
-
8/9/2019 6427 a Lab Manual
63/170
4 Lab Instructions: Ensuring Web Site Availability with Web Farms
Exercise 2: Restoring an IIS Web Site
Scenario
The Enterprise Design Team has asked you to verify that the backups can be restored properly. Do this by
restoring the Web files to a second server and confirm that the second server functions properly.
The main task for this exercise is:
1.
Restore the Web site, Web application, and config files from the shared drive.
Task 1: Restore the Web site, Web application, and config files from the shared drive
1. Open the default Web site in Internet Explorer on NYC-WEB2.
2. Copy the files:
•
Source: \\NYC-WEB-D\E\Web Site Backup
• Destination C:\inetpub\wwwroot
3.
Refresh the default Web site in Internet Explorer on NYC-WEB2.
Results: After this exercise, you should have successfully restored a Web site to a second server. Providethe results of the exercise so students will know when and if they have completed the lab exercisesuccessfully.
-
8/9/2019 6427 a Lab Manual
64/170
Lab Instructions: Ensuring Web Site Availability with Web Farms 5
Exercise 3: Enabling Shared Configurations
Scenario
The next step is for increasing Web site availability. Now that you have two identically configured Web
servers, implement shared configurations for them.
The main tasks for this exercise are as follows:
1.
Export and Enable Shared Configuration.
2. Add the second Web server to use the Shared Configuration.
3. Test the Shared Configuration.
Task 1: Export and Enable Shared Configuration
1. Export configuration using IIS Manager.
• Server: NYC-WEB-D
• Physical Path: \\NYC-WEB-D\E
• Encryption keys password: Pa$$w0rd
2.
Using IIS Manager, enable shared configuration.
• Physical Path: \\NYC-WEB-D\E
• User name: Woodgrovebank\Administrator
•
Password: Pa$$w0rd
• Encryption key password: Pa$$w0rd
3.
Using IIS Manager, start Management Service.
Task 2: Add the second Web server to use the Shared Configuration.
1.
Using IIS Manager, enable shared configuration.
• Server: NYC-WEB2
• Physical Path: \\NYC-WEB-D\E
• User name: Woodgrovebank\Administrator
• Password: Pa$$w0rd
• Encryption key password: Pa$$w0rd
2.
Using IIS Manager, start Management Service.
Task 3: Test the Shared Configuration.
1. Using IIS Manager, add the default document for NYC-WEB-D.
•
Server: NYC-WEB-D
• Name: test.html
2.
Using IIS Manager, check the default document for NYC-WEB2.
Results: After this exercise, you should have successfully configured a two-server network with anunderlying foundation of shared configurations.
-
8/9/2019 6427 a Lab Manual
65/170
6 Lab Instructions: Ensuring Web Site Availability with Web Farms
Exercise 4: Configuring Network Load Balancing
Scenario
With the two Web servers set up with Shared Configurations, configure Network Load Balancing to
increase Web site availability.
The main tasks for this exercise are as follows:
1.
Create a new Network Load Balancing cluster.
2.
Add the second host to the Network Load Balancing cluster.
3. Add the second server to the Network Load Balancing cluster.
4. Verify Network Load Balancing using NLB commands.
Task 1: Create a new Network Load Balancing cluster
•
Using Network Load Balancing Manager, add a new cluster.
• Server: NYC-WEB-D
• Host: NYC-WEB-D
•
Interface IP address: 10.10.0.21 • Cluster IP Addresses, IPv4 address: 10.10.0.27
• Cluster IP Addresses, Subnet mask: 255.255.0.0
•
Full Internet name: cluster.woodgrovebank.com
Task 2: Add the second host to the Network Load Balancing cluster
• Using Network Load Balancing Manager, add the second host to the cluster.
• Host: NYC-WEB2
• Local Area Connection interface IP address: 10.10.0.26
• Priority (unique host identifier): 2
Task 3: Add the second server to the Network Load Balancing cluster
• Using Network Load Balancing Manager, add the second server to the cluster.
• Server: NYC-WEB2
Task 4: Verify Network Load Balancing using NLB commands
1.
Using the Command Prompt, verify Network Load Balancing.
• Server: NYC-WEB2
•
Command: NLB query 10.10.0.27
2.
Using the Command Prompt, verify Network Load Balancing.
• Server: NYC-WEB-D
• Command: NLB query 10.10.0.27
3. Using the Command Prompt, verify Network Load Balancing.
• Server: NYC-WEB-D
•
Command: NLB display
-
8/9/2019 6427 a Lab Manual
66/170
Lab Instructions: Ensuring Web Site Availability with Web Farms 7
Results: After this exercise, you should have successfully restored a Web site to a second server. Providethe results of the exercise so students will know when and if they have completed the lab exercisesuccessfully.
-
8/9/2019 6427 a Lab Manual
67/170
Lab Instructions: Troubleshooting IIS 7.0 Web Servers 1
Module 10
Lab Instructions: Troubleshooting IIS 7.0 Web Servers
Contents:Exercise 1: Troubleshooting Authentication 2
Exercise 2: Troubleshooting Authorization 4
Exercise 3: Troubleshooting Communication 5
Exercise 4: Troubleshooting Configuration 6
-
8/9/2019 6427 a Lab Manual
68/170
2 Lab Instructions: Troubleshooting IIS 7.0 Web Servers
ab: Tr ublesh oting IIS 7.0
E
S
Y
a
d
EIn
T
1.
2.
3.
4.
5.
6.
7.
T
•
T
•
xercise 1:
cenario
u receive a s
cessed by do
etailed error
ercise Ove this exercise,
is exercise’s
Start the 6
Start the 6
Browse to
Examine th
Enable Det
Reproduce
Resolve th
ask 1: Startoodgrove
Start 6427
ask 2: Start
oodgrove
Start 6427
Troublesh
rvice request
main users wit
essages, you
rviewyou will trou
ain tasks are:
27A-NYC-DC
27A-NYC-WE
ttp://localhos
e log file.
ailed Error Me
the issue and
issue and tes
the 6427A-ank\Admin
-NYC-DC1 a
the 6427A-
ank\Admin
-NYC-WEB-
ooting A
asking to res
hin the comp
must resolve t
leshoot an au
1 virtual mac
B-E virtual m
t/salessuppor
ssages.
examine the
t functionality
YC-DC1 viistrator
nd log on as
YC-WEB-E
istrator
and log on
eb Servers
thenticat on
lve a user issu
any, but is not
he problem.
e. The passw
allowing acc
rd-protected
ss to anyone.
intranet site is
Using logs an
d
thentication i
ine and log o
chine and log
.
etailed error.
.
rtual machi
oodgroveb
virtual mac
s Woodgrov
sue using IIS logs and detailed error mes ages.
n as Woodgrovebank\Administrator.
on as Wood rovebank\Administrator.
e and log n as
nk\Adminis rator, password Pa$$w0rd.
hine and log on as
bank\Admi istrator, password Pa$$w rd.
-
8/9/2019 6427 a Lab Manual
69/170
-
8/9/2019 6427 a Lab Manual
70/170
4 Lab Instructions: Troubleshooting IIS 7.0 Web Servers
Exercise 2: Troubleshooting Authorization
Scenario
You receive another service request to secure another Web site where all users are able to view the
content. You must reproduce the issue, determine the cause, and resolve the issue.
Exercise Overview
In this exercise, you will troubleshoot authorization using Failed Request Tracing.
This exercise’s main tasks are:
1.
Browse to http://localhost/salessupport2.
2.
Enable Failed Request Tracing and add a rule to trace successful requests.
3.
Reproduce the issue and examine the Failed Request Tracing log.
4.
Resolve the issue and verify functionality.
Task 1: Browse to http://localhost /salessupport2
• On NYC-WEB-E, in Internet Explorer, browse to http://localhost/salessupport2.
Task 2: Enable Failed Request Tracing and add a rule to trace successful requests
•
In IIS Manager, add a Failed Request Tracing rule to trace successful requests.
Task 3: Reproduce the issue and examine the Failed Request Tracing log
1. In Internet Explorer, browse to http://localhost/salessupport2.
2. Examine the latest failed request tracing log in c:\inetpub\logs
\FailedReqLogFiles\W3SVC1. Examine the authorization information in the log.
Task 4: Resolve the issue and verify functionality
• Based on the log, modify the configuration in IIS Manager to correct the issue.
•
In Internet Explorer, browse to http://localhost/salessupport2 to verify that the issue hasbeen corrected
Results: After this exercise, you should have successfully enabled failed request tracing, and resolvedthe authorization issue.
http://localhost/salessupport2http://localhost/salessupport2http://localhost/salessupporthttp://localhost/salessupporthttp://localhost/salessupport2http://localhost/salessupport2
-
8/9/2019 6427 a Lab Manual
71/170
Lab Instructions: Troubleshooting IIS 7.0 Web Servers 5
Exercise 3: Troubleshooting Communication
Scenario
Users are reporting that a Web application is returning an error when they try to browse to it. You must
troubleshoot why the Web application cannot open the content.
Exercise Overview
In this exercise, you will troubleshoot communication using tools.
This exercise’s main tasks are:
1.
Reproduce the issue.
2.
Use Ping to verify communication with the Web server.
3.
Enable detailed errors and examine the detailed error.
4.
Correct the problem and verify functionality.
Task 1: Reproduce the issue
• On NYC-DC1, in Internet Explorer, browse to http://nyc-web-e/netapp/content.
Task 2: Use Ping to verify communication with the Web server
•
At the command prompt, type ping NYC-WEB-E, and then press ENTER.
Task 3: Enable detailed errors and examine the detailed error
1.
On NYC-WEB-E, in IIS Manager, enable detailed errors.
2. In Internet Explorer, browse to http://localhost/netapp/content.
•
Examine the detailed error information.
Task 4: Correct the problem and verify functionality
1.
On NYC-WEB-E, in IIS Manager, correct the configuration based on the information from the
detailed error.2. In Internet Explorer, browse to http://localhost/netapp/content to verify that the error has been
corrected.
Results: After this exercise, you should used ping to verify communication, enabled detailed errormessages, and resolved the error.
http://nyc-web-e/netapp/content.http://nyc-web-e/netapp/content.http://localhost/netapp/contenthttp://localhost/netapp/contenthttp://localhost/netapp/contenthttp://localhost/netapp/contenthttp://nyc-web-e/netapp/content.
-
8/9/2019 6427 a Lab Manual
72/170
-
8/9/2019 6427 a Lab Manual
73/170
Lab Answer Key: Configuring an Internet Information Services 7.0 Web Server 1
Module 1
Lab Answer Key: Configuring an Internet InformationServices 7.0 Web Server
Contents:
Exercise 1: Installing IIS Using Role Manager 2
Exercise 2: Installing IIS Using Unattended Setup 4
Exercise 3: Installing IIS on Server Core from Command Line 6Exercise 4: Configuring IIS and Validating Functionality 7
-
8/9/2019 6427 a Lab Manual
74/170
2 Lab Answer Key: Configuring an Internet Information Services 7.0 Web Server
Lab: Configuring an IIS 7.0 Web ServerLogon Information:
• Virtual Machine: NYC-SVR1, NYC-SVR2, NYC-SVR3
• User Name: LocalAdmin or Administrator
•
Password: Pa$$w0rd
Estimated time: 60 minutes
Exercise 1: Installing IIS using Role Manager
Scenario
You receive a service request from the Enterprise Design Team to prepare three Web servers to host Web sites and
Web applications. One of the companies acquired by Woodgrove Bank has a classic ASP application that needs to
be hosted in IIS7.