Creating and Configuring Web Sites in Windows Server 2003

Internet Information Services 6 (IIS 6) is a powerful platform for hosting web sites on both the public Internet and on private intranets. Creating and configuring web sites and virtual directories are bread-and-butter tasks for IIS Administrators and in this article we!ll walk through the process of doing this using both the "#I (IIS $anager) and using various scripts included with %indows Server &''(. )he seven specific tasks we!ll walk through will include*

Creating a %eb Site Creating a +ocal ,irtual -irector. Creating a /emote ,irtual -irector. Controlling Access to a %eb Site Configuring %eb Site +ogging Configuring %eb Site /edirection Stopping and Starting %eb Sites

0or sake of interest we!ll e1plain these tasks in the conte1t of a fictitious compan. called )estCorp as it deplo.s IIS for its corporate intranet.

Preliminary Steps
#nlike earlier versions of $icrosoft %indows IIS is not installed b. default on %indows Server &''(. )o install IIS open $anage 2our Server from the Start menu and add the Application Server role*

3ote that for simple securit. reasons IIS should onl. be installed on member servers not domain controllers. )he reason is that if .ou install IIS on a domain controller and .our web server becomes compromised the attacker could gain access to .our accounts database and wreak havoc with .our network.

Creating a Web Site

)he simplest approach is to use a separate I4 address to identif. each web site on .our machine. +et!s sa. our server has five I4 addresses assigned to it from the range 56&.56.55.&&' through 56&.56.55.&&7. 8efore we create a new 9uman /esources web site let!s first e1amine the identif. of the -efault %eb Site. :pen IIS $anager in Administrative )ools select %eb Sites in the console tree and right-click on -efault %eb Site and open it!s properties*

)he I4 address for the -efault %eb Site is All #nassigned. )his means an. I4 address not specificall. assigned to another web site on the machine opens the -efault %eb Site instead. A t.pical use for the -efault %eb Site is to edit it!s default document to displa. general information like a compan. logo and how to contact the Support -esk. +et!s use I4 address 56&.56.55.&&5 for the 9uman /esources site and make -*;9/ the folder where the home page for this site is stored. )o create the 9/ site right-click on the %eb Sites node and select 3ew --< %eb Site. )his starts the %eb Site Creation %i=ard. Click 3e1t and t.pe a description for the site*

Click 3e1t again and specif. 56&.56.55.&&5 as the I4 address for the site*

Click 3e1t and specif. -*;9/ as the home folder for the site. %e!ve cleared the checkbo1 to den. anon.mous access to the site because this is an internal intranet so onl. authenticated users should be able to access it (public web sites generall. allow anon.mous access)*

Click 3e1t and leave onl. /ead access enabled since the 9uman /esources site will initiall. onl. be used to inform emplo.ees of compan. policies*

Click 3e1t and then 0inish to create the new web site*

3ow let!s create another intranet site this time for 9elp -esk which will use I4 address 56&.56.55.&&& and home folder -*;9elp. %e!ll create this one using a script instead of the "#I*

And here!s the result*

)he script we used here is Iisweb.vbs one of several IIS administration scripts available when .ou install IIS on %indows Server &''(. )he basic s.nta1 of this script is eas. to figure out from the previous screenshot and a full s.nta1 can be found here. 3ote that unlike the %eb Site Creation %i=ard used previousl.. .ou can!t use this script create a web site with anon.mous access disabled. So if .ou want to disable anon.mous access .ou should do it b. opening the properties sheet for the 9elp -esk site selecting the -irector. Securit. tab and clicking the >dit button under Authentication and Access Control. )his opens the Authentication $ethods bo1 where .ou can clear the checkbo1 to disable Anon.mous Access and leave %indows Integrated Authentication as the onl. authentication method available for clients on .our network*

Creating a Local Virtual Directory

+et!s sa. 9uman /esources keeps their policies in a folder called -*;9/ 4olicies on .our web server and .ou would like users to be able to use the #/+ http*??56&.56.55.&&5?policies when the. need to access these policies. )o do this we need to create a virtual director. that associates the ?policies portion of the #/+ called the alias for the virtual director. with the ph.sical director. -*;9/ 4olicies where these documents are actuall. located. +et!s do this now. /ight-click on the 9uman /esources site and select 3ew --< ,irtual -irector. to start the ,irtual -irector. Creation %i=ard. Click 3e1t and t.pe the alias for the virtual director.*

Click 3e1t and specif. the ph.sical folder on the local server to map to this alias*

Click 3e1t and specif. permissions (again we!ll @ust leave /ead enabled) and finish the wi=ard. 9ere!s the result*

+et!s do something similar using another IIS script named Iisvdir.vbs onl. we!ll create a ?procedures virtual director. instead*

:pen IIS $anager to displa. the new virtual director.*

3ote the difference in the icons for the two virtual directories. )hat!s because when the script creates a virtual director. it also creates an application starting point for that director. while the wi=ard does not. )his doesn!t matter though since for now we!re onl. hosting static content in these directories. 0or the full s.nta1 of Iisvdir.vbs see here.

Creating a emote Virtual Directory

9elp -esk likes to do things differentl. than 9uman /esources does and their user manual is stored in 9)$+ form in the share ;;srv&(';helpdesk on a network file server. +et!s create a remote virtual director. within the 9elp -esk site that associates the alias ?usermanual with this share. /ight-click on the 9elp -esk site and select 3ew --< ,irtual -irector. to start the ,irtual -irector. Creation %i=ard again specif. usermanual as the alias for the director. and t.pe ;;srv&(';helpdesk as the #3C path to the share*

Click 3e1t and a new screen appears prompting .ou to either specif. credentials for accessing the share or use the authenticated user!s credentials for this purpose (we!ll use the latter)*

Click 3e1t and finish the wi=ard. +et!s look at the result*

)he Iisvdir.vbs script can similarl. be used for creating remote virtual directories.

Controlling !ccess to a Web Site

3ow that we have a couple of web sites and virtual directories created let!s look at a few administration tasks. )his will be onl. a brief overview--.ou can find a much more detailed treatment of the sub@ect in m. book IIS 6 Administration (:sborne?$c"raw-9ill). 0irst let!s look at how we can control access to our web sites. )here are basicall. four wa.s .ou can do this* 3)0S 4ermissions web permissions I4 address restrictions and authentication method. 3)0S permissions is .our front line of defense but it!s a general sub@ect that we can!t cover in detail here. %eb permissions are specified on the 9ome -irector. tab of .our web site!s properties*

8. default onl. /ead permission is enabled but .ou can also allow %rite access so users can upload or modif. files on .our site. Script source access so users can view the code in .our scripts (generall. not a good idea) or -irector. browsing so users can view a list of files in .our site (also not a good idea). %eb permissions appl. eAuall. to all users tr.ing to access .our site and the. are applied before 3)0S permissions are applied. So if /ead web permission is denied but 3)0S /ead permission is allowed users are denied access to the site. I4 address restrictions can be used to allow or den. access to .our site b. clients that have a specific I4 address have an I4 address within a range of addresses or have a specific -3S domain name. )o configure this select the -irector. Securit. tab and click the >dit button under I4 Address and -omain 3ame /estrictions. )his opens the following dialog which b. default does not restrict access to .our site*

)he main thing to watch for here is that den.ing access based on domain name involves reverse -3S lookups each time clients tr. to connect to .our web site and this can significantl. impact the performance of .our site.

)he final wa. of controlling access to .our sites is to use the Authentication $ethods dialog bo1 we looked at previousl.*

In summar. the five authentication options displa.ed here are*

!nonymous access. #sed mainl. for web sites on public (Internet) web servers. "ntegrated Windows aut#entication. #sed mainl. for web sites on a private intranet. Digest aut#entication. Challenge?response authentication scheme that onl. works with clients running Internet >1plorer B.' or later. $asic aut#entication. :lder authentication scheme that transmits passwords over the network in clear te1t so use this onl. in con@unction with SS+. .%&' Passport aut#entication. Allows users to use their .3>) 4assport for authentication.

Configuring Web Site Logging

Since web sites are prime targets for attackers .ou probabl. want to log hits to .our site to see who!s visiting it. 8. default IIS 6 logs traffic to all content as can be seen on the bottom of the "eneral tab of the properties for a web site or virtual director.*

)he default logging format is the %(C >1tended +og 0ile 0ormat and clicking 4roperties indicates new log files are created dail. in the indicated director.. It!s a good idea to specif. that local time be used for logging traffic as this makes it easier to interpret the logs*

)he ke. of course is to review log files regularl. to look for suspicious activit.. IIS doesn!t include an.thing for this purpose but the IIS 6.' /esource Cit )ools does include version &.5 of $icrosoft +og 4arser which can be used for anal.=ing IIS logs. 2ou can download these tools here.

Configuring Web Site edirection

Sometimes .ou need to take .our web site down for maintenance and in such cases it!s a good idea to redirect all client traffic directed to .our site to an alternate site or page informing users what!s going on. IIS lets .ou redirect a web site to a different file or folder on the same or another web site or even to an #/+ on the Internet. )o configure redirection .ou use the 9ome -irector. tab and choose the redirection option .ou want to use*

Stopping and Starting Web Sites

0inall. if sites become available .ou ma. need to restart IIS to get them working again. /estarting IIS is a last resort as an. users currentl. connected will be disconnected and an. data stored in memor. b. IIS applications will be lost. 2ou can restart IIS using IIS $anager b. right-clicking on the server node*

2ou can also do the same from the command-line using the Iisreset command*

).pe iisreset () for the full s.nta1 of this command. 2ou can also start and stop individual web sites using IIS $anager or the Iisweb.vbs script. And .ou can stop or start individual IIS services using the net commands for e1ample net stop w3svc will stop the %%% services onl..

Summary
In this article I!ve e1plained how to create and configure web sites and virtual directories on IIS 6. $ost of what we!ve covered also applies to IIS B on %indows &''' as well. In the ne1t article I!ll delve into creating and configuring 0)4 sites and implementing 0)4 #ser Isolation a new feature of %indows Server &''(. 0or a deeper look at IIS 6 see m. book IIS 6 Administration (:sborne?$c"raw-9ill).

Creating and Configuring *'P Sites in Windows Server 2003

In this article we!ll walk .ou through the steps of creating 0)4 sites in %indows Server &''( using both Internet Services $anager and scripts. )he tutorial will also will e1plain how to perform common administration tasks involving 0)4 sites and also how to implement 0)4 #ser Isolation a new feature of %indows Server &''( enables users to have their own separate 0)4 home directories.

In a previous article we saw that Internet Information Services 6 (IIS 6) is a powerful platform for building and hosting web sites for both the Internet and corporate intranets. IIS 6 is also eAuall. useful for setting up 0)4 sites for either public or corporate use and in this article we!!ll walk through the process of creating and configuring 0)4 sites using both the "#I (IIS $anager) and scripts included in %indows Server &''(. )he specific tasks we!!ll walk through in this article are*

Creating an 0)4 Site Controlling Access to an 0)4 Site Configuring 0)4 Site +ogging Stopping and Starting 0)4 Sites Implementing 0)4 #ser Isolation

0or sake of interest we!!ll again e1plain these tasks in the conte1t of a fictitious compan. called )estCorp as it deplo.s 0)4 sites for both its corporate intranet and for anon.mous users on the Internet.

Preliminary Steps
As mentioned in the previous article IIS is not installed b. default during a standard installation of %indows Server &''( and if .ou installed IIS using $anage 2our Server as described in the previous article this installs the %%% service but not the 0)4 service. So before we can create 0)4 sites we first have to install the 0)4 service on our IIS machine. )o do this we need to add an additional component to the Application Server role we assigned our machine when we used $anage 2our Server to install IIS. 8egin b. opening Add or /emove 4rograms in Control 4anel and selecting Add?/emove %indows Components. )hen select the checkbo1 for Application Server*

Click -etails and select the checkbo1 for Internet Information Services (IIS)*

Click -etails and select the checkbo1 for 0ile )ransfer 4rotocol (0)4) Services.

Click :C twice and then 3e1t to install the 0)4 service. -uring installation .ou!!ll need to insert .our %indows Server &''( product C- or browse to a network distribution point where the %indows Server &''( setup files are located. Click 0inish when the wi=ard is done.

Creating an *'P Site

As with web sites the simplest approach to identif.ing each 0)4 site on .our machine is to assign each of them a separate I4 address so let!!s sa. that our server has three I4 addresses (56&.56.55.&5' 56&.56.55.&55 and 56&.56.55.&5&) assigned to it. :ur first task will be to create a new 0)4 site for the 9uman /esources department but before we do that let!!s first e1amine the -efault 0)4 Site that was created when we installed the 0)4 service on our machine. :pen IIS $anager in Administrative )ools select 0)4 Sites in the console tree and right-click on -efault 0)4 Site and select 4roperties*

Dust like the -efault %eb Site the I4 address for the -efault 0)4 Site is set to All #nassigned. )his means an. I4 address not specificall. assigned to another 0)4 site on the machine opens the -efault 0)4 Site instead so right now opening either ftp*??56&.56.55.&5' ftp*??56&.56.55.&55 or ftp*??56&.56.55.&5& in Internet >1plorer will displa. the contents of the -efault 0)4 Site. +et!!s assign the I4 address 56&.56.55.&5' for the 9uman /esources 0)4 site and make -*;9/ the folder where its content is located. )o create the new 0)4 site right-click on the 0)4 Sites node and select 3ew --< 0)4 Site. )his starts the 0)4 Site Creation %i=ard. Click 3e1t and t.pe a description for the site*

Click 3e1t and specif. 56&.56.55.&5' as the I4 address for the new site*

Click 3e1t and select -o not isolate users since this will be a site that an.one (including guest users) will be free to access*

Click 3e1t and specif. C*;9/ as the location of the root director. for the site*

Click 3e1t and leave the access permissions set at /ead onl. as this site will onl. be used for downloading forms for present and prospective emplo.ees*

Click 3e1t and then 0inish to complete the wi=ard. )he new 9uman /esources 0)4 site can now be seen in IIS $anager under the 0)4 Sites node*

)o view the contents of this site go to a %indows E4 desktop on the same network and open the #/+ ftp*??56&.56.55.&5' using Internet >1plorer*

3ote in the status bar at the bottom of the I> window that .ou are connected as an anon.mous user. )o view all users currentl. connected to the 9uman /esources 0)4 site right-click on the site in Internet Service $anager and select 4roperties then on the 0)4 Site tab click the Current Sessions button to open the 0)4 #ser Sessions dialog*

3ote that anon.mous users using I> are displa.ed as I>#serF under Connected #sers. 3ow let!!s create another 0)4 site using a script instead of the "#I. %e!!ll create a site called 9elp and Support with root director. C*;Support and I4 address 56&.56.55.&55*

9ere!s the result of running the script*

)he script we used here is "isftp+vbs which like "isweb+vbs and "isvdir+vbs which we discussed in the previous article is one of several IIS administration scripts available when .ou install IIS on %indows Server &''(. A full s.nta1 for this script can be found here. :nce .ou create a new 0)4 site using this script .ou can further configure the site using IIS $anager in the usual wa.. %ote* At this point .ou could add structure to .our 0)4 site b. creating virtual directories and this is done in the same wa. as was described in the previous article for working with web sites.

Controlling !ccess to an *'P Site

Dust like for web sites there are four wa.s .ou can control access to 0)4 sites on IIS* 3)0S 4ermissions IIS permissions I4 address restrictions and authentication method. 3)0S permissions are alwa.s .our first line of defense but we can!t cover them in detail here. IIS permissions are specified on the 9ome -irector. tab of .our 0)4 site!s properties sheet*

3ote that access permissions for 0)4 sites are much simpler (/ead and %rite onl.) than the. are for web sites and b. default onl. /ead permission is enabled which allows users to download files from .our 0)4 site. If .ou allow %rite access users will be able to upload files to the site as well. And of course access permissions and 3)0S permissions combine the same wa. the. do for web sites. +ike web sites I4 address restrictions can be used to allow or den. access to .our site b. clients that have a specific I4 address an I4 address in a range of addresses or a specific -3S name. )hese restrictions are configured on the -irector. Securit. tab @ust as the. are for web sites and this was covered in the previous article so we won!t discuss them further here. 0)4 sites also have fewer authentication options than web sites as can be seen b. selecting the Securit. Accounts tab*

8. default Allow anon.mous connections is selected and this is fine for public 0)4 sites on the Internet but for private 0)4 sites on a corporate intranet .ou ma. want to clear this checkbo1 to prevent anon.mous access to .our site. Clearing this bo1 has the result that .our 0)4 site uses 8asic Authentication instead and users who tr. to access the site are presented with an authentication dialog bo1*

3ote that 8asic Authentication passes user credentials over the network in clear te1t so this means 0)4 sites are inherentl. insecure (the. don!t support %indows integrated authentication). So if .ou!re going to deplo. a private 0)4 site on .our internal network make sure .ou close ports &' and &5 on .our firewall to block incoming 0)4 traffic from e1ternal users on the Internet.

Configuring *'P Site Logging

As with web sites the default logging format for 0)4 sites is the %(C >1tended +og 0ile 0ormat and 0)4 site logs are stored in folders named GS.stem/ootG;s.stem(&;+og0iles;$S0)4S,Cnnnnnnnnnn where nnnnnnnnnn is the I- number of the 0)4 site. And @ust as with web sites .ou can use the $icrosoft +og 4arser part of the IIS 6.' /esource Cit )ools to anal.=e these 0)4 site logs.

Stopping and Starting *'P Sites

If an 0)4 site becomes unavailable .ou ma. need to restart it to get it working again which .ou can do using IIS $anager b. right-clicking on the 0)4 site and selecting Stop and then Start. 0rom the command-line .ou can t.pe net stop msftpsvc followed b. net start msftpsvc or use iisreset to restart all IIS services. /emember that restarting an 0)4 site is a last resort as an. users currentl. connected to the site will be disconnected.

"mplementing *'P ,ser "solation

0inall. let!s conclude b. looking at how to implement the new 0)4 #ser Isolation feature of IIS in %indows Server &''(. %hen an 0)4 site uses this feature each user accessing the site has an 0)4 home director. that is a subdirector. under the root director. for the 0)4 site and from the perspective of the user their 0)4 home director. appears to be the top-level folder of the site. )his means users are prevented from viewing the files in other users! 0)4 home directories which has the advantage of providing securit. for each user!s files. +et!s create a new 0)4 site called Staff that makes use of this new feature using C*;Staff 0olders as the root director. for the site and 56&.56.55.&5& for the site!s I4 address. Start the 0)4 Site Creation %i=ard as we did previousl. and step through it until .ou reach the 0)4 #ser Isolation page and select the Isolate users option on this page*

Continue with the wi=ard and be sure to give users both /ead and %rite permission so the. can upload and download files.

3ow let!s sa. .ou have two users 8ob Smith (bsmith) and $ar. Dones (m@ones) who have accounts in a domain whose pre-%indows &''' name is )>S))%:. )o give these users 0)4 home directories on .our server first create a subfolder named ;)>S))%: beneath ;Staff 0olders (.our 0)4 root director.). )hen create subfolders ;bsmith and ;m@ones beneath the ;Accounts folder. 2our folder structure should now look like this* C*;Staff 0olders ;)>S))%: ;bsmith ;m@ones )o test 0)4 #ser Isolation let!s put a file name 8ob!s -ocument.doc in the ;bsmith subfolder and $ar.!s -ocument.doc in the ;m@ones subfolder. 3ow go to a %indows E4 desktop and open Internet >1plorer and tr. to open ftp*??56&.56.55.&5& which is the #/+ for the Staff 0)4 site we @ust created. %hen .ou do this an authentication dialog bo1 appears and if .ou!re 8ob then .ou can enter .our username (using the -:$AI3;username form) and password like this*

%hen 8ob clicks the +og :n button the contents of his 0)4 home director. are displa.ed*

3ote that when .ou create a new 0)4 site using 0)4 #ser Isolation .ou can!t convert it to an ordinar. 0)4 site (one that doesn!t have 0)4 #ser Isolation enabled). Similarl. an ordinar. 0)4 site can!t be converted to one using 0)4 #ser Isolation. %e still need to e1plore one more option and that!s the third option on the 0)4 #ser Isolation page of the 0)4 Site Creation %i=ard namel. Isolate users using Active -irector.. Since we!ve run out of I4 addresses let!s first delete the 9elp and Support 0)4 site to free up 56&.56.55.&55. :ne wa. we can do this is b. opening a command prompt and t.ping iisftp (delete -.elp and Support- using the iisftp+vbs command script. )hen start the 0)4 Site Creation %i=ard again and select the third option mentioned above (we!ll name this new site $anagement)*

Click 3e1t and enter an administrator account in the domain the password for this account and the full name of the domain*

Click 3e1t and confirm the password and complete the wi=ard in the usual wa.. 2ou!ll notice that .ou weren!t prompted to specif. a root director. for the new 0)4 site. )his is because when .ou use this approach each user!s 0)4 home director. is defined b. two environment variables* GftprootG which defines the root director. and can be an.where including a #3C path to a network share on another machine such as ;;test&&';docs and GftpdirG which can be set to GusernameG so that for e1ample 8ob Smith!s 0)4 home director. would be ;;test&&';docs;bsmith and this folder would have to be created beforehand for him. 2ou could set these environment variables using a logon script and assign the script using "roup 4olic. but that!s be.ond the scope of this present article.

,sing WebD!V wit# ""S

)his article walks .ou through the process of using %eb-based -istributed Authoring and ,ersioning (%eb-A,) to publish content to an Internet Information Services (IIS) web server. )he article also e1plains wh. %eb-A, is a more secure and better solution to publishing content than the traditional 0)4 approach. )he traditional method for uploading content to a web server is 0ile )ransfer 4rotocol (0)4) but using this approach has its disadvantages*

#sing 0)4 reAuires that .ou open additional ports on .our perimeter firewall and this can increase the attack surface of .our network and make it more susceptible to penetration b. attackers. )his is obviousl. undesirable from the perspective of keeping .our network secure. 0)4 has no file locking mechanism so itHs possible for two users to upload different versions of the same file simultaneousl. causing one to be overwritten. )his can mean lost time troubleshooting wh. an uploaded file is different from what .ou e1pect. )he 0)4 approach means .ou have to edit .our content locall. on the client. In other words to edit a page alread. on the web server .ou would have to download it to the client edit it there and then upload it again to the web server. )his is a time-consuming and inefficient approach to managing content.

)he solution to these problems is %eb-A, a protocol used for publishing and managing content to web servers. %eb-A, is an e1tension of the 9))4?5.5 protocol described in /0Cs &B5I and (&B(. %eb-A, overcomes the three issues described above as follows*

%eb-A, uses port I' the same port used b. 9))4 for web access. So using %eb-A, means .ou donHt have to open an. e1tra ports on .our firewall. %eb-A, lets onl. one user modif. a file at a time while allowing multiple users to read it. )his allows files to be locked while the. are being edited preventing une1pected changes from occurring. %eb-A, lets .ou edit files on the server instead of needing to download them first to the client. >diting files remotel. using %eb-A, is as eas. as if the. were locall. present and the whole process is transparent to the content producer.

+etHs walk through the steps necessar. to have %eb-A, enabled on an IIS machine and then show how to publish and remotel. modif. content using %eb-A,. 0or m. web server IHm using a %indows Server &''( machine with IIS 6 installed and for simplicit. weHll publish content to the -efault %eb Site.

"nstall and &nable WebD!V on t#e Server

0irst we need to install %eb-A, on the server. 3ote that when .ou promote a %indows Server &''( machine to the role of Application Server it installs various IIS 6 components but %eb-A, isnHt one of these components installed. )his is different from the earlier %indows &''' Server platform where installing IIS B automaticall. installed %eb-A, as well. )o install %eb-A, on the IIS 6 machine use Add or /emove 4rograms in Control 4anel and run the %indows Components %i=ard. 2ou can find %eb-A, under Application Server J Internet Information Services J %orld %ide %eb Service J %eb-A, 4ublishing*

:nce .ouHve installed %eb-A, .ou need to ensure it is enabled. )o verif. this check the %eb-A, option under the %eb Service >1tensions node in IIS $anager*

3ote that when .ou allow the %eb-A, e1tension (httpe1t.dll) .ou are allowing it for all websites on .our server. IIS unfortunatel. does not let .ou enable %eb-A, on a per-website basis.

&nable WebD!V on t#e Client

)he ne1t step is to enable %eb-A, on the client machines that will be used to create and manage content for .our website. %indows E4 has a built-in %eb-A, client that doesnHt need to be installed onl. enabled. )o enable %eb-A, on E4 open the Services console under Administrative )ools and find the %ebClient service and double-click on this service to open its 4roperties sheet*

Change the Startup ).pe to Automatic then click the Start button to get the service running. 2ouHre read. to start publishing content to .our web server. 'ip/ %eb-A, is also supported b. %indows &''' with Internet >1plorer B or higher installed and itHs also supported b. :ffice &''' or later. Some of these earlier platforms donHt full. support ever. feature of %eb-A, that %indows Server &''( and %indows E4 support however.

Preparing t#e Web Server for Publis#ing

3ow letHs do a bit more preparation of our web server to get it read. for publishing content from the client. 0irst weHll create a new virtual director. where weHll be putting our content. I created a local virtual director. named 8udgets which is an alias to the C*;0inance director. on the web server*

'ip/ )o learn how to create and configure virtual directories on an IIS web server see m. earlier article called Creating and Configuring %eb Sites in %indows Server &''( here on %indows3etworking.com. 3ow letHs configure the web permissions for this virtual director. so users can publish content. )his is done on the ,irtual -irector. tab of the 4roperties sheet for the virtual director.*

As .ou can see from the figure b. default onl. /ead permission is enabled for the virtual director.. )his wonHt do as it means users will be able to read content in the director. but not upload or edit content. )o publish content using %eb-A, .ou should enable the following web permissions on the director.*

/ead - lets users read what has been published to the server %rite - lets users upload new content to the server and edit e1isting content on the server -irector. listing - lets users view a list of published files on the server so the. can select the one the. want to view or edit.

3ote that enabling %rite permission on the virtual director. can constitute a securit. hole on .our web server as the %rite web permission allows an.one to upload content to .our server. ItHs therefore e1tremel. important that .ou complete the ne1t and final step of the procedure namel. configure 3)0S permissions on .our web server to restrict who has access to the content director.. )o do this open %indows >1plorer open the 4roperties sheet for .our content director. (C*;0inance) and select the Securit. tab*

3ote that the #sers group has /ead /ead K >1ecute and +ist 0older Contents permissions. )hese are necessar. for %eb-A, users to be able to write and modif. content on the web server. )here are also two additional special permissions that the #sers group has*

Create 0iles ? %rite -ata Create 0olders ? Append -ata

)hese permissions too are necessar. for %eb-A, publishing so donHt change them. Since the #sers group here is a local group (the web server is a member server that belongs to a domain) its membership includes the -omain #sers group so this means an. user in the domain is authori=ed to publish content to .our server using %eb-A,. If this is not what .ou want then remove the AC> for the #sers group from the AC+ for .our content director. in the figure above and add a different group whose membership contains onl. those users who are allowed to publish then give this new group the same permissions that #sers has above. 0ne more tip about permissions/ If .our web server is a public-facing one (residing on .our -$L) on the Internet .ou should add the Internet guest account (I#S/Mservername) to the AC+ for .our content director. and assign this group -en. %rite permission. )hat wa. anon.mous users on the Internet will be able to read the content in the director. but wonHt be able to modif. it.

Publis#ing Content ,sing WebD!V

+etHs tr. out our setup and see if it works. :n an E4 client machine I have a director. named C*;Stuff with four 9)$+ files in it*

)o publish these files to m. web server I select 0ile J :pen in Internet >1plorer on the client and enter the #/+ to the virtual director. which is http*??server?8udgets where NserverO can be the name I4 address or -3S name of m. web server. )he ke. here is to select the checkbo1 labeled N:pen as %eb 0olderO as this will enable me to use %eb-A, for publishing to the target folder on the server*

:nce the web folder opens on the remote server it looks like this*

3ow I simpl. select the four 9)$+ files in m. C*;Stuff window and drag them into m. open %eb 0older and %eb-A, does its magic. )o verif. that the files have been published I can open the same #/+ http*??server?8udgets again in Internet >1plorer but this time as a normal web site (i.e. do not select the N:pen as %eb 0olderO option). 9ere is the result*