Sukesh has developed and released on codeplex, a mobile application that lets your manage an IIS 7 server from your cell phone!

This is very cool application that shows off some of the great technology that is built into IIS 7 and .NET. This app uses the hostable web core, and LINQ plus the new management API, ,microsoft.web.adminsitration.

You can find his blog at http://www.awesomeideas.net/page/IIS7-Mobile-Admin.aspx which links into codeplex where you can download the source code!

Very  nice Sukesh! Keep em comin.

Thanks,

Brett

Looking over the logs for search queries that wind up here, there's a need to post some FAQs now that IIS 7 is out.

Q: Can I install IIS 7 on XP or Windows Server 2003?
A: No.

Q: Where do I download IIS 7?
A: It's on the Vista or Windows Server 2008 DVD. Don't look for IIS7 on microsoft.com, it's not there.

Q: I have Vista, but don't see IIS 7.
A: Not all versions have IIS7.  See http://learn.iis.net/page.aspx/28/installing-iis7-on-vista/

Q: What happend to IIS_WPG?
A: See http://www.brettblog.com/2007/10/13/IISGroupsAndUsers.aspx

Q: What happened to the IUSR anonymous user?
A: See http://www.brettblog.com/2007/10/13/IISGroupsAndUsers.aspx

Q: Where is the mother lode of IIS7 info?
A: http://iis.net

Q: How do I disable IPv6?
A: Network properties for NIC

Q: How do I enable WebDAV (DAV) on IIS 7?
A: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1579 Note that you will need to adust the URLFiltering section to allow DAV (see http://learn.iis.net/page.aspx/354/how-to-configure-webdav-with-request-filtering/ )

Q: Where do I get the updated IIS 7 FTP Server?
A: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1619

If you have more questions you'd like see on this list, let me know!

-brett

As we near release for Windows Server 2008, the IIS team has released a beta of a very important tool called the Microsoft Web Deployment Tool.

How to replicate content and setting for web servers continually arises and is one of the most frequently asked questions I receive. Perhaps the second, and closely related question is how to migrate from IIS 6 to IIS 7. This tool has been in development for months but has not been widely discussed publicly so I personally and delighted that it is finally public.

Those of you who need something like this to replicate 6-6, 6-7 and 7-7 scenarios - please download and test this tool.  You can provide feedback to me or via the forums at iis.net. I'd be happy to connect your feedback to the managing PM on the IIS team.

Below is an email that circulated internally annoucing the tool with links.

Enjoy!

-brett

-----------

IIS is thrilled to announce the Technical Preview 1 release of the Microsoft Web Deployment Tool! The tool provides deployment and migration support for IIS 6.0 and 7.0. It incorporates many features that enable web server administrators to deploy, sync and migrate sites, including configuration, content, SSL certificates and other types of content associated with a Web server.

This tool can be used on Windows Server 2008 and IIS 7.0 as well as Windows Server 2003 and IIS 6.0. Please note that this is a Technical Preview release of the tool and should not be used on production servers. For a Tech Preview, only forum level support is available.  

How to Get Started

Download and read the walkthroughs: http://go.microsoft.com/?linkid=8100895

Download the x86 version: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1602

Download the x64 version: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1603

Web Deployment Tool forum: http://forums.iis.net/1144.aspx

Web Deployment Team blog: http://blogs.iis.net/msdeploy/

Features

The following list contains several of the features in this version:

·         Synchronization and Snapshot of IIS 6.0/IIS 7.0:

The sync operation provides administrators with a way to quickly synchronize a site or server and deploy changes to existing sites and servers. A synchronization allows you to synchronize one source with one destination. For example, you can synchronize two directory paths or two web servers. The sync can be performed with local or remote objects.

The snapshot, or archive, functionality allows administrators or developers to quickly take an archive of their web site or server for rollback, restore or backup purposes.

·         Migration from IIS 6.0:

The migrate operation provides administrators with a way to migrate sites or entire servers from IIS 6.0 to IIS 7.0, including their settings and content. A migration is essentially a way of synchronizing, filtered by migration rules. For example, when migrating from IIS 6.0 to IIS 7.0, MS Deploy will check the value of some properties and see if it is the IIS 6.0 default. If it is the default, such as the log files directory, it will instead use the value set on the IIS 7.0 server. This enables a server admin to maintain new settings on IIS 7.0 while moving sites or applications from IIS 6.0.

·         Analysis of IIS 6.0 Installed Features:

The analyze operation allows administrators to check what components are installed on the source server. In this way, they can determine if features are present that they will need in IIS 7.0 or that require more advanced setup than simply copying files. For example, ASP.NET requires more than a file copy and will need to be installed on the destination server.

·         Troubleshooting and Validation Features:

For validating an operation, the -whatif flag allows administrators to see what actions would happen when they perform an operation. This is especially useful for performing sync or migration, when they want to validate what changes will be made before performing them. For troubleshooting, the -verboseLevel flag allows administrators to get rich detail about what operations are being performed, and upon failure, the ability to diagnose the problem.

Hiya,

Coming out of the Windows Server 2008 Hosting Roadshow, the same technical labs are available through MS Virtual Labs. The links to these labs are below.

Let me know what you think. Thanks!

Let me know what you think or if you have questions.

-brett

A big shout out to IIS Pm Kanwaljeet Singla

File this under must have details for IIS 7. Very practical info on IIS 7 registry keys.

http://blogs.iis.net/ksingla/archive/2007/12/30/list-of-registry-keys-affecting-iis7-behavior.aspx

-brett

WebDAV is a way to publish files to your server. I've been a fan since I first saw it and have been teaching people about it for years. When you have everything setup correctly, you can open a web folder in Network Places (or neighborhood or whatever), or on your desktop, and when you drag and drop files into the folder, it publishes over the network using http to the server. Unfortunately, the story about DAV from Microsoft's end has been rather mottled. The specifics of what is possible using DAV, how it appears and behaves depends on the precise combination of which server you're using (DAV was supported on IIS 5 as well), the client (XP, 2000, Vista), and what application you use to do the DAV connection (Explorer, IE, Office, FrontPage).

However, in IIS 7, there is some very good news. Robert McMurray on the IIS team is the same guy that manages the FTP 7 project. He has improved, the DAV story for IIS 7 in many ways. I've had the chance to chat with him on numerous occasions about his vision and hopes for DAV and other publishing protocols and can tell you that he's the right guy for the job.

One of the biggest improvements is that DAV can be enabled per URL. In IIS 6, and 5, DAV was either functional for all sites or not. Now, you can use it just where you need it. The IIS 7 DAV provider integrates with the IIS 7 UI and leverages IIS 7 URL Authorization. URL Auth lets you allow or deny access to content using web.config files instead of ACLS.

This version of DAV is the SERVER side component. The client side will use one of the various providers mentioned earlier - but should work by simply creating a network connection to a dav enabled URL. One way to do this is in IE, using File, Open and selecting the checkbox "open as a web folder".

Once you setup DAV and get used to using it, you'll wonder how you managed without it.

http://blogs.iis.net/robert_mcmurray/archive/2007/12/22/webdav-module-for-windows-server-2008-golive-beta-is-released.aspx

-brett

New IIS 7 Virtual Labs online! 

You can get hands on with IIS 7's new features and capabilties with these free online labs. These are IT Pro focused labs that came from the hosting roadshow and have been re-factored for online use. Enjoy!

• Installation and the Modular Architecture
• Installing ASP, ASP.NET and PHP/FastCGI Applications on IIS 7
• Using the new IIS 7 Configuration System featuring Delegated and Remote Administration 
• Troubleshooting with IIS 7 Failed Request Tracing 
• Using APPCMD with IIS 7

-Brett

BTW, RC1 of Windows Server 2008 is released. AFAIK, this is the last release before RTM.  Expect to see the official launch Feb 28th.

You can upgrade from RC1 to RTM! So if you've been avoiding Beta releases out of concern for stability, RC1 is is solid. (Actually, the server was really solid around beta 3).

Lots of new things to be excited about including an improved TCP/IP stack that should dramatically increase file transfers between Vista/Server and Server/Server. 

http://www.microsoft.com/windowsserver2008/audsel.mspx

BTW, the bits for SP1 of Vista share a lot in common with server as they are same the code base. As a result, Vista benefits from a lot of work done on Server and visa vera.  In the case of IIS 7, you will also get some new features.

=brett 

It's great to see this list of changes and updates to Vista coming up in SP1. Keep in mind that all of this is baked in to Windows Server 2008 as well. 

http://www.istartedsomething.com/20071208/vista-sp1-changelog/

Microsoft publishes detailed Vista SP1 “changelog” - istartedsomething

https://windowsbeta.microsoft.com/server/intro.aspx  is page that is open to the general public asking for feedback about Windows Server 2008.

I really want to encourage Microsoft to do more of this kind of thing and customer to take advantage of it!

Take a moment to respond if you can.

Thanks,

Brett

Good news!

Some of the labs we are using in the web hosting roadshow are now online. No muss no fuss, and free. The labs use the virtual labs technology that involves Virtual Server services hosted at Technet so you can explore IIS 7 on a real, bona fide, Windows Server 2008 server, over the internet right in your browser. If you haven't checked out the virtual labs, it's very cool. Check it out!

By special request, here's an outline of the users and groups used by IIS and what they do.

IIS 5 and 6

- IUSR_<servermame> - this is the default anon user for IIS 4, 5, and 6. It is a local account with a large, random password. The account does not exist until IIS is installed. IIS is installed by default on Windows 2000 but not 2003. If you disable this account, anon authentication will fail unless you create assign a new one. This user is a member of Everyone, Users, Authenicated Users, Guests, and the Network built in account (by default).

- IWAM_<servername> - this guy is found on IIS 5 and on IIS 6. I don't recall if it's in IIS 4 as I haven't laid eyes in an IIS 4 server in about 5 years. In IIS 6, it is only used when you run your server in IIS 5 mode, called IIS 5 worker process isolation mode or some such overly long phrase. In this case, sites  and application that are set to run in medium or high isolation run in dllhost.exe as the IWAM_<servername> user.

- ASPNET - this is a local account used to launch the aspnet_wp.exe on IIS 5 and in IIS 6 when it runs in IIS 5 mode.See http://msdn2.microsoft.com/en-us/library/bakfs900(VS.80).aspx for details on how to control the identity of asp_net.exe. It is not typically used in IIS 6 and is not supported on IIS 7.

- IIS_WPG - This is a local group on Windows Server 2003 that is used for one purpose. The IIS _WPG has rights to register application pools with http.sys. What this means is that that if you assign an application pool a unique idenity, you must also add them to this group. By default, this group has the System, Local Service and Network Service accounts in it. By default, application pools on IIS 6 use the Network Service account. If you don't assign custom application pool idenities, you don't need to mess with the membership of this group. Do not delete this group, espcially on a domain controller.

IIS 7

Doesn't have any of the above accounts. Instead you'll find:

- IUSR - built in account for Windows Server 2008 and Vista. Created when IIS 7 is instaled. The IUSR account has the same SID on all Windows Server 2008 systems and Vista. A built in account is different than a local account. Built in accounts cannot be used to log in locally to the server so they don't have a password.

- IUSRS - This is the updated version of the IIS_WPG for IIS 7. The new coolness is that has autmatically maintained membership.

-------

What runs as who when?

For anonymous access, the request will be the run as the assinged anonymous user (preusming that anon authentication is enabled and the anon user has the required access rights). If the request is for ASP.net, subsequent page requests and background operations will access the file system as the process identity (this is the default behavior). Most of the time this is the Network Service account on IIS 6 or the ASPNET user on IIS 5. If not using ASP.net, file access for will be as the anonymous user unless the application your a running reverts to the process identity to do something on the server that the user does not have rights to do. There are quite a few more complications of course, but this typically how things go.

To do research about this, your best friend is Filemon.exe. I learned most of the limited knowledge I have about this by messing around with Filemon and permissions. When you set Deny Full Control, Everyone on a file and then access the file in the web application while Filemon is running, the Access Denied in Filemon will also show you the user that was denied access. Another fun tool to play with is w3ho.dll, a resource kit utility.

Hopefully this is useful.

Let me know

-brett

This new FTP service incorporates many new features that enable web authors to publish content better than before, and offers web administrators more security and deployment options.

·         Integration with IIS 7.0: IIS 7.0 has a brand-new administration interface and configuration store, and the new FTP service is tightly integrated with this new design. The old IIS 6 metabase is gone, and a new configuration store that is based on the .NET XML-based *.config format has taken its place. In addition, IIS 7.0 has a new administration tool, and the new FTP server plugs seamlessly into that paradigm.

·         Support for new Internet standards: One of the most significant features in the new FTP server is support for FTP over SSL. The new FTP server also supports other Internet improvements such as UTF8 and IPv6.

·         Shared hosting improvements: By fully integrating into IIS 7.0, the new FTP server makes it possible to host FTP and Web content from the same site by simply adding an FTP binding to an existing Web site. In addition, the FTP server now has virtual host name support, making it possible to host multiple FTP sites on the same IP address. The new FTP server also has improved user isolation, now making it possible to isolate users through per-user virtual directories.

·         Extensibility and custom authentication: The new FTP server supports developer extensibility, making it possible for software vendors to write custom providers for FTP authentication. Microsoft is using this extensibility feature to implement two new methods for using non-Windows accounts for FTP authentication for IIS Managers and .NET Membership.

·         Improved logging support: FTP logging has been enhanced to include all FTP-related traffic, unique tracking for FTP sessions, FTP sub-statuses, additional detail fields in FTP logs, and much more.

·         New supportability features: IIS 7.0 has a new option to display detailed error messages for local users, and the FTP server supports this by providing detailed error responses when logging on locally to an FTP server. The FTP server also logs detailed information using Event Tracing for Windows (ETW), which provides additional detailed information for troubleshooting.

Additional information about new features in FTP7 is available in the "What's New for Microsoft and FTP?" topic on Microsoft's www.iis.net web site.

The following prerequisites are required to install this new version:

1. You must be using Windows Server 2008 (code name "Longhorn") Release Candidate 0 (RC0) or later.
2. Internet Information Services 7.0 must be installed.
3. If you are going to manage the new FTP server using the IIS 7.0 user interface, the administration tool will need to be installed.
4. You must install the new FTP server as an administrator.
5. IIS 7.0 supports a new shared configuration environment, which must be disabled on each server in a web farm before installing the new FTP server for each node. Note: Shared configuration can be re-enabled after the FTP server had been installed.
6. The FTP server that is shipped on the Windows Server 2008 DVD must be uninstalled before installing the new FTP server.

To help you get started using the new FTP server, the following walkthroughs have been published on the www.iis.net web site:

• Installing FTP7:
• Installing and Troubleshooting FTP7
• Working with FTP Sites:
• Creating a New FTP Site
• Add FTP publishing to an existing Web site
• Configuring Security Features:
• Configure FTP over SSL
• Configure FTP User Isolation
• Configure FTP virtual host names
• Configuring FTP Firewall Settings
• Advanced Administrative Features:
• Using FSRM Folder Quotas with FTP
• Configure IIS Manager Authentication
• Administering the New FTP Service using the IIS 7 Configuration Files

Just in case anyone is reading this, you might have seen the posts from my EMEA web summit tour. Well, for some reason in Poland they decided to record the entire day.

Here are the links to the lectures and slide decks.

List of all session links to Web Administration Summit 2007:

http://www.microsoft.com/emea/itsshowtime/result_search.aspx?event=69&x=13&y=2

WEB ADMINISTRATION SUMMIT

IIS 7 Web Server Platform- Windows Server “Longhorn”

Microsoft’s Next Generation Web Server: What’s New in IIS 7 for IT Pros

Isaac Roybal, Product Manager, Windows Server, Microsoft Corporation

This overview session will highlight the key points of interests for IT Pros in Internet Information Services version 7.  IIS7 modularity increases security by allowing a reduced installation footprint and creation of specialized, streamlined servers. Application Pools are now “sandboxed” by default.  You’ll see how IIS7 eases administration with a new IIS Manage UI, delegated administration, and new tools for automating administrative tasks. Applications run more reliably as they are easier to troubleshoot with built in tracing and diagnostics. Finally, multiple servers can use a single configuration file with the shared configuration feature for web farms.

IIS7 Administration: The New IIS Manager

Brett Hill, IIS Sr. Technical Evangelist, Microsoft Corporation

IIS7 Administration centers around the new task-oriented IIS Manager. This redesigned administration tool has many major new capabilities including the ability to delegate features, edit .NET configuration and has significantly improved performance when managing many sites. The IIS Manager itself is an extensible, modular application that administrators can customize and developers can extend.  In this presentation we’ll explore how use and control the IIS Manager with a special focus on Delegated Administration. In addition, we’ll explore how to use Granular Locking to fine tune your delegated settings beyond those available in the UI.

IIS7 Administration: Shared Configuration, Remote Control, and Automated Tools

Isaac Roybal, Product Manager, Windows Server, Microsoft Corporation

For web farms, IIS7 has a powerful new feature – Shared Configuration. This allows you to configure multiple servers to share a single configuration file. The benefits are clear - all web servers have identical configuration so there’s no need to do configuration replication.

In addition, IIS Manager has built in remote administration capabilities. Using https between the IIS Manager and the remote server, this feature includes the ability to define trusted users in IIS Manager and have identities securely stored in the IIS configuration, Windows SAM or AD, or a .NET provider.

Of course, many organizations need to automate administration tasks.  APPCMD is the new powerful, general purpose command line utility for controlling configuration, state for site and pools, and querying status. WMI has been improved specifically for IIS management, and there’s a new managed code API Microsoft.Web.Adminsitrationis that makes it easy for developers use .NET to write IIS management tools. PowerShell can use the managed API or WMI, giving you a superior command line and scripting environment for managing your servers.

IIS 7 Security: Less Exposure, Greater Control

Brett Hill, IIS Sr. Technical Evangelist, Microsoft Corporation

IIS7 security improvements can be found in many areas. In addition to the ability to control the server footprint, security is improved with the new URLFiltering and URLAuthorization capabilities. Also, you can now use Forms authentication with any content while leveraging .NET role and membership providers. In addition, there are key changes in the user principles and groups used by IIS7 that will make the server both easier to manage and more secure.  Finally, application pool sandboxing helps to improve the security boundary between application pools.

IIS 7 Troubleshooting: Failed Request Tracing

Isaac Roybal, Product Manager, Windows Server, Microsoft Corporation

One of the most exciting features in IIS 7 for administrators is the new built-in failed request tracing capabilities. You can configure IIS 7 to automatically create a detailed trace log of events that occurred in the request processing pipeline when specific error codes are seen and/or if a request takes more than N seconds to complete. This is configurable at the server, site, application, or file level, and can be configured in the UI or with a command line tool. The resulting trace log is ideal for identifying bottlenecks. Like everything in IIS 7, it is extensible and can be customized with new events.

Finally I can talk about this!

Beta 3 was just signed off and will be posted very soon to connect.microsoft.com.

There is so much coolness in IIS 7 in Beta 3 that's hard to know where to start.

We've had several customers beating up this build pretty hard, including Microsoft.com. This is a good build for the web server platform (can't speak about the rest of it cause I don't know, but from the looks of things, it's all good).

What to look for in IIS7 Beta 3:

Of course, you've heard all about the modular pipeline. Right? what! Snap out of it! This is a big deal.

Shared configuration: You can now configure multiple IIS 7 servers to share a single application host config file. Whohoo! No more metabase replication.

Remote Administration: This is coolness in action. Use https from within IIS manager to connect to another IIS manager. Since it's https, it's firewall friendly and special ports need to be open. You authenticate to the remote IIS manager using Windows users, or you can define users in the IIS manger that are stored in Administration.config (encrypted credentials of course)

Disable Anon user: So if you disable the anon user in IIS7, anon access is still allowed, but you don't use the built in IUSR account. All anon access occurs as the process identity. If you give each process a unique identity, you also give it a unique anon users when this is enabled. Add sandoxing and shared config, and you have a nice package for web farms with secure pools. 

App Pool Sandbox: This takes a while to explain, but essentially, each pool winds up with a configuration file that contains only the settings for that pool and can only be read by that pool.  In this way, an applicaiton pool cannot revert to self and read the configuration of any other pool.

Extensible UI: The UI is not just new from IIS6, it's a platform in and of itself that can be modifed and updated. Look to Carlos' blog and the downloads page on IIS.net for new extensions that are already available. http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1328

Are you ready for this: New FTP server! released at the same time as beta 3 is a long awaited new FTP server AND yes,  it supports FTP with SSL (FTPS as I recall as opposed to SFTP). You will find this as a seperate donwload on IIS.net soon. It is not built into longhorn. When you install this puppy you will see first hand  that we aren't kidding about IIS 7 extensiblity. There will be new UI icons and configuration features. In the past, this is something that only Microsoft or a few ISVs would do (modify the UI and IIS configuration), but since the UI is a Winform app, extensiblity is built in, and the IIS 7 schema can be extended with just an XML snippet. Developers are going to be adding all kinds of newness to the IIS Manager. BTW, if you install FTP on Longhorn using the Server Manager or package manager command line, you get the old FTP server in the MMC console.

I know you asking "where can I get more info" and the answer is that papers are being uploaded to IIS.net very soon. Questions? Ask on the IIS.net forums.

I got to go, but I'm really psyched about this release. There is a lot more to talk about so stay tuned.

PS. Bill Staples just posted an annoucment to his blog. http://blogs.iis.net/bills/archive/2007/04/25/what-s-new-in-iis7-beta-3.aspx

-brett

What can 1 person and web server do anyway? Make a million bucks? Listen to this interview with Markus Frind from PlentyofFish.com about how he moved from a home busienss to a Web 2.0 phenom

http://channel9.msdn.com/Shows/IIS_Show

Interesting stats from his server: http://plentyoffish.wordpress.com/2007/02/09/aspnet-and-iis-2-million-pageviews-per-hour/

So, many people will IIS 7 in hand beginning next week with Vista being available. For those of you have not seen it but are interested,you will need to take some time to get up to speed on the new UI and features. Of course, one of the most practical beneifts of IIS 7 on Vista is that you can make more than one website and it's not limited to 10 connections. It will process 10 requests at a time making it impractical to use as a server - but works great as dev platform.

Be sure to get the version of Vista that has the features you want! THEY ARE DIFFERENT. Here's the definitive list of differences on a feature by feature basis: Notice that Windows Authentication in particular is not available on several versions: http://www.iis.net/default.aspx?tabid=2&subtabid=25&i=1100

The IIS team is working fevershily on IIS 7 on Longhorn Server. It's not quite time to discuss the key features that will be on the server version that are not on Vista, but they are going to be very, very useful for enteprises and it won't impact your ability to develop code on Vista to run on IIS 7 in any core way. If you write an applicaiton on Vista to use IIS 7 features, it will run on IIS 7. In fact, our experience has shown that in many cases, ihttp handlers and ihttp modules for ASP.net run without modification. That is not always true as there are some differences in the environment between the core pipline of IIS 7 and the ASP.net pipeline in IIS6.

Keep in mind also that when you install IIS 7, you do NOT get an IIS 6 (or IIS 5.1) equivalent. IIS