Tài liệu Module 3: Administering Web and FTP Sites pdf

Perform remote administration by using the Microsoft® Internet Information Services IIS 5.0 snap-in and Internet Services Manager HTML.. Demonstrate how to connect to Internet Services M

Contents

Overview 1

Performing Remote Administration 6

Lab A: Managing Web Sites Remotely 9

Lab B: Backing Up and Restoring

Administering Sites Using Built-In Scripts 26

Lab C: Creating a Web Site Using Built-In

Scripts and Adding Content Using WebDAV 35

Review 40

Module 3: Administering Web and FTP Sites

to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2001 Microsoft Corporation All rights reserved

Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, MS-DOS, Outlook, PowerPoint, SQL Server, Visual Basic, Visual InterDev, Visual SourceSafe, Visual Studio, Windows, Win32, Windows Media, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

Other product and company names mentioned herein may be the trademarks of their respective owners

Instructor Notes

This module provides students with the knowledge and skills to administer Web

sites

After completing this module, students will be able to:

Manage File Transfer Protocol (FTP) and Web Distributed Authoring and Versioning (WebDAV) content

Perform remote administration by using the Microsoft® Internet Information Services (IIS) 5.0 snap-in and Internet Services Manager (HTML)

Manage the IIS metabase

Administer sites by using built-in scripts

Restart Internet services by using the IIS snap-in and the iisreset command

Materials and Preparation

This section provides the materials and preparation tasks that you need to teach this module

Required Materials

To teach this module, you need Microsoft PowerPoint® file 2295A_03.ppt

Preparation Tasks

To prepare for this module, you should:

Read all of the materials for this module

Complete the labs

Module Strategy

Use the following strategy to present this module:

Managing Content Explain how to use FTP to upload content to a Web site Define WebDAV Publishing and discuss ways that it can be used in an intranet Explain how

to configure WebDAV

Performing Remote Administration Discuss the benefits of administering Web sites from computers other than the IIS server Explain how to enable remote administration over the Internet, but caution students about the possible security risks of doing so Demonstrate how to connect to Internet Services Manager (HTML) and then how to connect to a remote computer by using the IIS snap-in Perform Lab A: Managing Web Sites Remotely

Presentation:

60 Minutes

Lab:

45 Minutes

Managing the Metabase Students need to understand the IIS metabase structure to work with scripts Explain the hierarchical structure of the metabase and how properties are inherited Caution students that they should use the Metabase Editor to make changes to properties only when they cannot do so with the IIS snap-

in, Internet Services Manager (HTML), or a script Explain how each instance of a Web site is identified in the metabase Describe how to install and use the Metabase Editor Discuss the methods for backing up and restoring the metabase; neither backup nor restore are new procedures for the students, so you do not need to explain these procedures in detail Perform Lab B: Backing Up and Restoring Web Sites

Administering Sites Using Built-In Scripts Discuss the benefits of administering multiple Web sites by using the built-

in administrative scripts Present the most commonly used scripts and describe the syntax for each Perform Lab C: Creating a Web Site Using Built-In Scripts and Adding Content Through WebDAV

Restarting Internet Services Explain how to stop and start Internet services by using the IIS snap-in, and

then explain how to accomplish the same tasks by using the iisreset

command

Customization Information

This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware

The labs in this module are also dependent on the classroom configuration that is specified in the Customization Information section at the

end of the Classroom Setup Guide for Course 2295A, Implementing and

Supporting Microsoft Internet Information Services 5.0

Lab Setup

The labs in this module require IIS be installed on drive D To prepare student computers to meet this requirement, perform one of the following actions:

Complete Module 1, “Installing Internet Information Services 5.0,” in

Course 2295A, Implementing and Supporting Microsoft Internet

Information Services 5.0

– Or –

Using Add/Remove Programs in Control Panel, remove IIS, and then

reinstall IIS services (FTP, Hypertext Transfer Protocol [HTTP] and Simple Mail Transfer Protocol [SMTP]) on drive D

Lab Results

Performing the labs in this module introduces the following configuration changes:

Web site server_nameC is installed

WebDAV virtual directory is created

D:\Inetpub\WebDAV folder is created

Important

Overview

Managing Content

Performing Remote Administration

Managing the Metabase

Administering Sites Using Built-in Scripts

Restarting Internet Services

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

After completing this module, you will be able to:

Manage File Transfer Protocol (FTP) and Web Distributed Authoring and Versioning (WebDAV) content

Perform remote administration by using the Microsoft® Internet Information Services (IIS) 5.0 snap-in and by using Internet Services Manager (HTML)

Manage the IIS metabase

Administer sites by using built-in scripts

Restart Internet services by using the IIS snap-in and by using the iisreset

In this module, you will learn

how to administer Web and

FTP sites

Managing Content

Uploading Content Using FTP

Configuring WebDAV Publishing

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

Whether your site is on an intranet or the Internet, the principles of providing content are the same You place files in directories on your server so that users can establish a Hypertext Transfer Protocol (HTTP) or FTP connection and view those files with a Web browser You can also upload content to your sites

Web and FTP sites provide

content to users How do

you manage the content on

those sites?

Uploading Content Using FTP

C:\Inetpub\FtprootFile1.doc

File2.zip

FTP directory

File1.docFile2.zip

Web Site

Upload File

Upload File

FTP Site

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

You can use FTP to publish content to either a Web or FTP site If you have large files that users download, you may want to store them on an FTP site Because FTP is a faster protocol than HTTP, download times will be reduced

To publish content on your FTP site, copy or move your files into the FTP directory The default directory provided by Setup is C:\Inetpub\Ftproot

To publish content to a Web site by using FTP, you must first specify that the home directory of the FTP server is the same as the home directory for the Web site Then, for each FTP server that you map to a Web site, make sure it has a separate Internet Protocol (IP) address Finally, you can log on to the FTP server and upload content to the Web site using FTP

If your Web site is on the Internet, using FTP to publish content can create a security risk because passwords are sent in an unencrypted form If the FTP site is used only for downloads, enable anonymous access Also remember

to set NTFS permissions to limit visitor access

Large files that users will

download can be stored on

an FTP site so that the

download time is reduced

Caution

Configuring WebDAV Publishing

WebDAV Directory

WebDAV Directory

Read Write Directory browsing

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

Web Distributed Authoring and Versioning (WebDAV) is enabled for all of the Web sites that you create on your IIS 5.0 server When the correct permissions are set on a directory, users can:

Manipulate resources in a WebDAV directory on your server For example, users can copy and move files in a WebDAV directory

Modify properties associated with certain resources For example, a user can write to and retrieve a file's property information

Lock and unlock resources so that multiple users can read a file concurrently, but only one person at a time can modify the file

Search the content and properties of files in a WebDAV directory

Gaining Access to a WebDAV Directory

Users can gain access to your WebDAV directory by using any client that supports the industry standard WebDAV protocol, including the following Microsoft products:

Microsoft Windows® 2000 connects to a WebDAV directory through the Add Network Place Wizard and displays the contents of a WebDAV directory as if it were part of the file system on the local computer When you connect to the WebDAV directory, you can move files, retrieve and modify file properties, and perform other file-system tasks

Microsoft Internet Explorer 5 connects to a WebDAV

directory when you select Open as Web Folder and lets you perform the same

file-system tasks that you can do through Windows 2000

Microsoft Office 2000 creates, publishes, edits, and saves documents directly into a WebDAV directory through any application in Office

2000

Topic Objective

To explain how to configure

a Web site for WebDAV

publishing

Lead-in

Web Distributed Authoring

and Versioning, or

WebDAV, is enabled for all

of the Web sites that you

create on your IIS 5.0

server

Windows 2000

Internet Explorer 5

Office 2000

Creating a WebDAV Directory

WebDAV is always enabled in IIS 5.0, so to create a WebDAV directory on the server, you modify the default permissions for an existing directory or create a new directory and modify the default permissions After you create the directory, users with the correct permissions can publish documents to the server and manipulate files in the directory

To set up a WebDAV directory, grant Read, Write, and Directory browsing permissions for the directory

You are granting users the right to publish documents on this virtual directory and to see a list of the files in it Even if users connect from behind a firewall, they can still publish on a WebDAV directory if the virtual directory is configured with the correct permissions and if the firewall is configured to allow publishing

Granting Write permissions does not give clients the ability to modify Microsoft Active Server Pages (ASP) or any other script-mapped files To allow these files to be modified, you must grant the Write and Script Source Access permissions after you create the virtual directory

At this point, your WebDAV directory is open to everybody on the Internet You must secure the directory by changing the NTFS permissions, removing anonymous access, and configuring authentication For more information about access and authentication, see Module 5, “Implementing Security on a Web

Server,” in Course 2295A, Implementing and Supporting Microsoft Internet

Information Services 5.0

Publishing to a WebDAV Directory

The easiest way to publish to a WebDAV directory is to use Internet Explorer 5

or later

To publish to a WebDAV directory:

1 Start Internet Explorer

2 In the File menu, click Open

3 In the Open dialog box, in the Open box, type

http://server_name/WebDAV

4 Select the Open as a Web Folder check box, and then click OK

Internet Explorer displays the contents of the WebDAV directory You can copy and paste files to and from the WebDAV directory

Performing Remote Administration

Enabling Remote Administration

Connecting to Internet Services Manager (HTML)

Connecting to Internet Information Services

http://www.nwtraders.msft:4364

Administration Web site properties

Administration Web site properties

Directory

Security-IP address and domain name restrictions

Directory

Security-IP address and domain name restrictions

Click Edit to

add computers

Click Edit to

add computers

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

If you want to administer IIS remotely, you can either use the browser-based Internet Services Manager (HTML) on the Internet or you can use the IIS snap-

in on an intranet

Enabling Remote Administration

By default, only the IP address of 127.0.0.1 has access to the Administration Web site You can permit other computers access to the Administration Web site by IP address if they use a static IP address

Because of the inherent security risk in permitting access to the Administration Web site over the Internet, you should stop services for this site except when needed, and require a secure connection when gaining access to it On a server that is critical to your business operations, you can remove the Administration Web site

or the IIS snap-in to

administer sites remotely

To enable Internet Services Manager (HTML) for remote administration over the Internet:

1 In the IIS snap-in, right-click the Administration Web site, and then click

Properties

In Administrative Tools, the IIS console is called Internet Services Manager; however, when you open the console, it is called Internet Information Services, also known as the IIS snap-in

2 On the Web site tab, note the Transfer Control Protocol (TCP) port number

You will need the port number to connect to the Administration Web site by using Internet Services Manager (HTML) You may change this port number to any number between 0 and 65,535 However, the best practice is

to use a port number above 1,024 to avoid conflicts with other processes using ports 0-1,023

3 On the Directory Security tab, under IP address and domain name

restrictions, click Edit to specify the IP addresses of the computers that

will be allowed to administer IIS remotely

To configure a single Web site for remote administration:

1 In the IIS snap-in, right-click the Web site that you want to configure, point

to New, and then click Virtual Directory

2 On the Welcome to the Virtual Directory Creation Wizard page, click

Next

3 On the Virtual Directory Alias page, in the Alias box, type iisadmin and then click Next

4 On the Web Site Content Directory page, in the Directory box, type

%Windir%\System32\Inetsrv\Iisadmin and then click Next

5 On the Access Permissions page, click Next, and then click Finish

6 Open the property sheet for the Iisadmin virtual directory, and on the

Directory Security tab, configure authentication, and then configure IP

address access restrictions

Connecting to Internet Services Manager (HTML)

Internet Services Manager (HTML) uses the Administration Web site to access IIS properties When IIS is installed, a port number between 2,000 and 9,999 is randomly selected and assigned to this Web site Only members of the

Administrators group can use the site The Administration Web site allows administrators to administer all sites (Web, FTP, SMTP, and Network News Transfer Protocol (NNTP)) on the server

To connect to the Internet Services Manager (HTML), start a browser and then type the domain name and the assigned port number for the Administration site (for example, www.nwtraders.msft:port number)

Web site operators can only administer specific Web sites remotely The administrator configures these Web sites so that they can be administered remotely

To remotely access Internet Services Manager (HTML) as a Web site operator, start a browser and then type the domain name for the Web site followed by /iisadmin/ For example, www.nwtraders.msft/iisadmin/would allow the default Web site to be administered remotely

Connecting to Internet Information Services

You can use the IIS snap-in on your computer to connect to another computer

to administer the Web and FTP sites on that computer

To use the IIS snap-in for administering a remote site on an intranet:

1 Open the IIS snap-in on any computer running Windows 2000 on your network

2 Click the Computer icon on the toolbar

3 In the Connect To Computer box, type the path for the site that you want

to administer

You can also use Microsoft Terminal Services over a network connection

to administer IIS remotely by using the IIS snap-in on the Terminal Services server

Delivery Tip

Demonstrate this by

connecting to Internet

Services Manager (HTML)

on the instructor’s machine

Next, attempt to connect to

Internet Services Manager

(HTML) on a student

machine

Note

Lab A: Managing Web Sites Remotely

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

Objectives

After completing this lab, you will be able to:

Manage a remote Web site by using the IIS snap-in

Manage a remote Web site by using the Internet Services Manager (HTML)

Lab Setup

To complete this lab, you need the following:

A lab partner running Microsoft Windows 2000 Advanced Server

The IP address of your lab partner’s computer:

The name of your partner’s computer: _

Estimated time to complete this lab: 15 minutes

Topic Objective

To introduce the lab

Lead-in

In this lab, you will

administer a remote Web

site by using the IIS snap-in

and Internet Services

Manager (HTML)

Exercise 1

Managing a Remote Web Site Using the IIS Snap-in

In this exercise, you will manage a remote Web site by using the IIS snap-in

Scenario

You are a network administrator at the global organization of Northwind Traders You manage and administer remotely more than a thousand Web and FTP sites These sites are hosted on hundreds

of computers that are located in many cities around the world

In this scenario, you have just received a phone call from the home office in London Your manager informs you that a virus deleted all of the home pages on each of the Web servers worldwide The

virus also deleted all the backup files The home office has prepared new home pages, and you must manually install them on all of the remote servers You decide to download the files from the

London server by using FTP, and then upload the files from your computer to the Web servers

using FTP To do this, you will also need to change the permissions and path on each remote server using the IIS snap-in

Tasks Detailed steps

with a password of

password, open the IIS

snap-in, and connect to your

partner’s computer

then click Internet Services Manager

In Administrative Tools, the IIS console is called Internet Services Manager; however, when you open the console, it is called Internet Information Services, also known as the IIS snap-in

type partner_computer (where partner_computer is the name of your

partner’s computer), and then click OK

the default FTP site on your

partner’s computer, change

the local path to

verify that your partner’s

home page is missing

http://partner_computer/default.htm and then press ENTER Verify

that the home page does not appear

computer using FTP, and

then download the

default.htm and BMP file

for your partner’s computer

Notice that there are two files in the folder

Tasks Detailed steps

computer using FTP, and

then upload the default.htm

and GIF file for your

partner’s computer Copy

the files from

C:\MOC\2295A\Labs\Mod3

\LabA

and then press ENTER

C:\MOC\2295A\Labs\Mod3\LabA to the Internet Explorer window

verify that the default home

page appears on your

partner’s computer

http://partner_computer/default.htm and then press ENTER Verify

that the home page appears

Exercise 2

Managing a Remote Web Site Using the Internet Services

Manager (HTML)

In this exercise, you will manage a remote Web site by using the Internet Services Manager

(HTML) You will enable your computer to give your lab partner the capability to manage your

Web sites

Scenario

You uploaded the home pages for all of your organization’s Web sites successfully However, you

forgot to remove the Write permissions and to reset the home directory for the FTP server The

corporate local area network (LAN) is down, so you must use Internet Services Manager (HTML)

to secure the FTP server However, before you can begin, the IIS server you need to access must

have the Administration Web site permissions set properly

Typically, you would set these permissions ahead of time In this lab, however, your lab partner

will add your computer’s IP address to his or her Administration Web site and grant you access

permission to his or her server Likewise, you will add his or her computer’s IP address to your

Administration Web site and grant him or her access permission to your server

Tasks Detailed steps

the properties for the

Administration Web site,

and note the TCP port

number:

server_name is the name of your server) right-click Administration

Web Site, and then click Properties

Note: Record your lab partner’s Administration Web site TCP port number:

Web site on your partner’s

computer

(where partner_computer and TCP_port_number are the name and

TCP port number of your partner’s computer, respectively), and then press ENTER

Tasks Detailed steps

What error did you get? What is the cause of this error?

The error is HTTP 403.6 – Forbidden – IP address rejected This error is caused when the server has a list of IP addresses that are allowed to access the site, and the IP address that you are using is not in this list

address to the list of IP

address and domain name

restrictions

click Properties

restrictions, click Edit

Add

then click OK

Address list, and then click OK three times

Wait for your lab partner to reach this point before continuing with this exercise

access your partner’s

Administration Web site,

open the property sheet for

the default FTP site, change

the local path to

D:\Inetpub\Ftproot, clear the

Write permissions, and then

save your changes

http://partner_computer:TCP_port_number and then press ENTER

connection is not secure, click OK

Write check box, click Save, and click Yes

Wait for your lab partner to reach this point before continuing with this exercise

the Administration Web site

and remove your partner’s

restrictions, click Edit

your partner’s IP address, and then click Remove

Managing the Metabase

Understanding the Metabase Structure

Identifying a Web Site in the Metabase

Using the Metabase Editor

Backing Up the Metabase

Restoring Settings

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

Most configuration settings for IIS reside in a database called the metabase,

which is similar to the Windows registry By storing these settings separate from the Windows registry, IIS maintains a separate security configuration and allows inherited access rights through its hierarchical structure

The metabase is modified whenever you use administration tools, such as the IIS snap-in and the Internet Services Manager (HTML), to change IIS properties You can also modify the metabase programmatically through the use

of Active Directory Service Interfaces (ADSI) and Microsoft Visual Basic®, Scripting Edition (VBScript), including the built-in administrative scripts Before you make changes to the metabase, you must understand the physical structure of the metabase, how to identify a Web site within the metabase, how

to use the Metabase Editor, and how to back up and restore the metabase

Configuring properties in the metabase incorrectly can cause problems, including the failure of a Web site or FTP site If you make mistakes, your Web site or FTP site's configuration could be damaged Edit metabase properties only for settings that you cannot change by using either the IIS snap-

in or the Internet Services Manager (HTML), and use caution whenever you edit the metabase directly

Topic Objective

To explain the purpose of

the IIS metabase

Lead-in

IIS configuration settings are

stored in a database called

the metabase

Warning

Understanding the Metabase Structure

Computer

FTP Service FTP Info Templates Public FTP Site

Web Service Web Info Templates Public Web Site FTP Server 1

Root VDir VDir 1

Filters Filter Web Server 1 Root VDir

CertMapper Filters Filters

Web Server n

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

The metabase is organized in a hierarchical structure that mirrors the structure

of your IIS installation

IIS Metabase Keys

A metabase key is a location in the metabase analogous to a directory in the file

system The IIS metabase keys correspond to the elements of IIS, and each key contains properties that affect the configuration of its associated element

A metabase path is a sequence of keys separated by a forward slash (/) that

uniquely identifies the location of a key in the metabase Key names in the metabase are not unique unless qualified by their metabase paths: just as different files with the same name can exist in different directories, different keys with the same name can exist in the metabase For example, the key ServerSize appears in IISComputer/MSFTPSVC/1 and in

IISComputer/W3SVC/1

IISComputer Key

The top-level metabase key, named IISComputer, contains properties that affect the overall execution of IIS on your computer For example, IISComputer contains the property MaxBandWidth, which is associated with the maximum number of allowable connections

Two subkeys of the IISComputer key are the FTP Service key and the Web Service key, which contain properties that affect all FTP and Web servers hosted on that computer, respectively

FTP Service Key

The FTP Service key has subkeys that are associated with individual FTP servers and contain properties specific to each FTP server In turn, each FTP server key has a subkey that is associated with the root virtual directory for that server Other subkeys are added to the root virtual directory key as you add virtual directories to the FTP servers Each subkey contains properties that affect the operation or configuration of the associated virtual directory The Info key, directly subordinate to the FTP Service key, also contains some properties associated with the FTP service

Web Service Key

The Web Service key has subkeys that are associated with individual Web servers, their root virtual directories, subordinate virtual directories, disk directories, and files The Filters subkey of the Web Service key affects the configuration of filters used by Web Service operations The Info key, directly subordinate to the Web service key, also contains some properties associated with the Web service

Other Keys

Other keys directly subordinate to the top-level key contain properties that affect logging and Multipurpose Internet Mail Extensions (MIME) mappings The IISADMIN key is used to record Distributed Component Object Model (DCOM) extensions to IIS

Inheritance

The metabase uses inheritance, which means that if you set a value in one of the keys, that same value can be inherited by all of the subkeys for that key If you use the IIS snap-in to set an inheritable property, a dialog box will ask you if you are sure that you want to change the value for levels below that one However, if you use a script or the command line to set an inheritable property, the values will be propagated to all lower levels immediately

Identifying a Web Site in the Metabase

FTP Server Instances

Web Server Instances

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

The Active Directory Service Interfaces (ADSI) path, called the ADsPath, refers to an object associated with a metabase key The path starts with IIS:// and then uses either the term LocalHost or a specific computer name to refer to the IIsComputer object, which is associated with the highest key in the

metabase

Each Web or FTP site is an instance, and is referred to in the path by its number The path for FTP sites is MSFTPSVC The path for Web sites is W3SVC For example, IIS://LocalHost/MSFTPSVC/3 represents the third FTP

site instance on the local computer, and IIS://computer_name/W3SVC/4

represents the fourth Web site instance on a different computer

Each Web site has an associated root virtual directory All other virtual directories and directories associated with a site instance are subordinate to this root virtual directory The name of the root virtual directory is ROOT For example, IIS://LocalHost/MSFTPSVC/3/ROOT refers to the root virtual directory for the third FTP site on the local computer, and

IIS://computer_name/W3SVC/4/ROOT refers to the root virtual directory for

the fourth Web site on a different computer

You can run Disptree, an administrative script located in the Inetpub\AdminScripts folder, to display the tree of administration objects on the Web server and identify the instance of each site For example:

Disptree –a IIS://LocalHost/W3SVC –n

In the script Disptree, IIS in the ADsPath must be typed in capital letters

Topic Objective

To explain how Web sites

are identified in the

metabase

Lead-in

You use the ADsPath to

refer to an object associated

with a metabase key

Note

Using the Metabase Editor

***************************** ILLEGAL FOR NON - TRAINER USE ******************************

The Metabase Editor, or MetaEdit, is a tool that you can use to modify the properties in the IIS metabase directly MetaEdit is similar in functionality to the Registry Editor You can use it to back up, restore, import, and export the metabase and to add, modify, rename, and delete metabase keys

MetaEdit 2.0 is available in the Microsoft Windows 2000 Server Resource Kit

Later versions are available at http://www.microsoft.com/ where you can search for KnowledgeBase article Q232068, download the self-extracting file

MtaEdt21.exe, and run it to extract the files

Topic Objective

To explain the use of the

Metabase Editor

Lead-in

You can edit metabase

properties with the

Metabase Editor, also called

MetaEdit