The IIS team has released another preview of even more additions to IIS 7.

This time its the IIS 7 admin pack which adds some UI features that enhance the administration experience beyond what you get out of the box. This is possible due to the overhaul of the IIS  configuriation system which allows UI extensibility as well control over the request processing pipeline.

The admin pack adds (quote from Carlos' blog)

Request Filtering UI - This UI exposes the configuration of the IIS runtime feature called Request Filtering.

• Configuration Editor UI - This UI provides an advanced generic configuration editor entirely driven by our configuration schema. It includes things like Script Generation, Search functionality, advanced information such as locking and much more.
• Database Manager UI - This UI allows you to manage SQL Server databases from within IIS Manager, including the ability to create tables, execute queries, add indexes, primary keys, query data, insert rows, delete rows, and much more.
• IIS Reports UI - This extensible platform exposes a set of reports including some log parser based reports, displaying things like Top URL's, Hits per User, Page Performance, and many more.
• FastCGI UI - This UI exposes the configuration for the FastCGI runtime feature.
• ASP.NET Authorization UI - This UI allows you to configure the ASP.NET authorization settings.
• ASP.NET Custom Errors UI - This UI allows you to configure the Custom errors functionality of ASP.NET

Pay particularly close attention to the Database Manager UI. Carlos' had this idea a while back and did some very cool demos with it while IIS 7 was in beta. You can manage your SQL database right in the IIS 7 UI! Sweet.

Check it out http://blogs.msdn.com/carlosag/archive/2008/03/21/IISAdminPackTP1Released.aspx

-brett

As we near release for Windows Server 2008, the IIS team has released a beta of a very important tool called the Microsoft Web Deployment Tool.

How to replicate content and setting for web servers continually arises and is one of the most frequently asked questions I receive. Perhaps the second, and closely related question is how to migrate from IIS 6 to IIS 7. This tool has been in development for months but has not been widely discussed publicly so I personally and delighted that it is finally public.

Those of you who need something like this to replicate 6-6, 6-7 and 7-7 scenarios - please download and test this tool.  You can provide feedback to me or via the forums at iis.net. I'd be happy to connect your feedback to the managing PM on the IIS team.

Below is an email that circulated internally annoucing the tool with links.

Enjoy!

-brett

-----------

IIS is thrilled to announce the Technical Preview 1 release of the Microsoft Web Deployment Tool! The tool provides deployment and migration support for IIS 6.0 and 7.0. It incorporates many features that enable web server administrators to deploy, sync and migrate sites, including configuration, content, SSL certificates and other types of content associated with a Web server.

This tool can be used on Windows Server 2008 and IIS 7.0 as well as Windows Server 2003 and IIS 6.0. Please note that this is a Technical Preview release of the tool and should not be used on production servers. For a Tech Preview, only forum level support is available.  

How to Get Started

Download and read the walkthroughs: http://go.microsoft.com/?linkid=8100895

Download the x86 version: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1602

Download the x64 version: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1603

Web Deployment Tool forum: http://forums.iis.net/1144.aspx

Web Deployment Team blog: http://blogs.iis.net/msdeploy/

Features

The following list contains several of the features in this version:

·         Synchronization and Snapshot of IIS 6.0/IIS 7.0:

The sync operation provides administrators with a way to quickly synchronize a site or server and deploy changes to existing sites and servers. A synchronization allows you to synchronize one source with one destination. For example, you can synchronize two directory paths or two web servers. The sync can be performed with local or remote objects.

The snapshot, or archive, functionality allows administrators or developers to quickly take an archive of their web site or server for rollback, restore or backup purposes.

·         Migration from IIS 6.0:

The migrate operation provides administrators with a way to migrate sites or entire servers from IIS 6.0 to IIS 7.0, including their settings and content. A migration is essentially a way of synchronizing, filtered by migration rules. For example, when migrating from IIS 6.0 to IIS 7.0, MS Deploy will check the value of some properties and see if it is the IIS 6.0 default. If it is the default, such as the log files directory, it will instead use the value set on the IIS 7.0 server. This enables a server admin to maintain new settings on IIS 7.0 while moving sites or applications from IIS 6.0.

·         Analysis of IIS 6.0 Installed Features:

The analyze operation allows administrators to check what components are installed on the source server. In this way, they can determine if features are present that they will need in IIS 7.0 or that require more advanced setup than simply copying files. For example, ASP.NET requires more than a file copy and will need to be installed on the destination server.

·         Troubleshooting and Validation Features:

For validating an operation, the -whatif flag allows administrators to see what actions would happen when they perform an operation. This is especially useful for performing sync or migration, when they want to validate what changes will be made before performing them. For troubleshooting, the -verboseLevel flag allows administrators to get rich detail about what operations are being performed, and upon failure, the ability to diagnose the problem.

Hiya,

Coming out of the Windows Server 2008 Hosting Roadshow, the same technical labs are available through MS Virtual Labs. The links to these labs are below.

Let me know what you think. Thanks!

Let me know what you think or if you have questions.

-brett

A big shout out to IIS Pm Kanwaljeet Singla

File this under must have details for IIS 7. Very practical info on IIS 7 registry keys.

http://blogs.iis.net/ksingla/archive/2007/12/30/list-of-registry-keys-affecting-iis7-behavior.aspx

-brett

WebDAV is a way to publish files to your server. I've been a fan since I first saw it and have been teaching people about it for years. When you have everything setup correctly, you can open a web folder in Network Places (or neighborhood or whatever), or on your desktop, and when you drag and drop files into the folder, it publishes over the network using http to the server. Unfortunately, the story about DAV from Microsoft's end has been rather mottled. The specifics of what is possible using DAV, how it appears and behaves depends on the precise combination of which server you're using (DAV was supported on IIS 5 as well), the client (XP, 2000, Vista), and what application you use to do the DAV connection (Explorer, IE, Office, FrontPage).

However, in IIS 7, there is some very good news. Robert McMurray on the IIS team is the same guy that manages the FTP 7 project. He has improved, the DAV story for IIS 7 in many ways. I've had the chance to chat with him on numerous occasions about his vision and hopes for DAV and other publishing protocols and can tell you that he's the right guy for the job.

One of the biggest improvements is that DAV can be enabled per URL. In IIS 6, and 5, DAV was either functional for all sites or not. Now, you can use it just where you need it. The IIS 7 DAV provider integrates with the IIS 7 UI and leverages IIS 7 URL Authorization. URL Auth lets you allow or deny access to content using web.config files instead of ACLS.

This version of DAV is the SERVER side component. The client side will use one of the various providers mentioned earlier - but should work by simply creating a network connection to a dav enabled URL. One way to do this is in IE, using File, Open and selecting the checkbox "open as a web folder".

Once you setup DAV and get used to using it, you'll wonder how you managed without it.

http://blogs.iis.net/robert_mcmurray/archive/2007/12/22/webdav-module-for-windows-server-2008-golive-beta-is-released.aspx

-brett

New IIS 7 Virtual Labs online! 

You can get hands on with IIS 7's new features and capabilties with these free online labs. These are IT Pro focused labs that came from the hosting roadshow and have been re-factored for online use. Enjoy!

• Installation and the Modular Architecture
• Installing ASP, ASP.NET and PHP/FastCGI Applications on IIS 7
• Using the new IIS 7 Configuration System featuring Delegated and Remote Administration 
• Troubleshooting with IIS 7 Failed Request Tracing 
• Using APPCMD with IIS 7

-Brett

By special request, here's an outline of the users and groups used by IIS and what they do.

IIS 5 and 6

- IUSR_<servermame> - this is the default anon user for IIS 4, 5, and 6. It is a local account with a large, random password. The account does not exist until IIS is installed. IIS is installed by default on Windows 2000 but not 2003. If you disable this account, anon authentication will fail unless you create assign a new one. This user is a member of Everyone, Users, Authenicated Users, Guests, and the Network built in account (by default).

- IWAM_<servername> - this guy is found on IIS 5 and on IIS 6. I don't recall if it's in IIS 4 as I haven't laid eyes in an IIS 4 server in about 5 years. In IIS 6, it is only used when you run your server in IIS 5 mode, called IIS 5 worker process isolation mode or some such overly long phrase. In this case, sites  and application that are set to run in medium or high isolation run in dllhost.exe as the IWAM_<servername> user.

- ASPNET - this is a local account used to launch the aspnet_wp.exe on IIS 5 and in IIS 6 when it runs in IIS 5 mode.See http://msdn2.microsoft.com/en-us/library/bakfs900(VS.80).aspx for details on how to control the identity of asp_net.exe. It is not typically used in IIS 6 and is not supported on IIS 7.

- IIS_WPG - This is a local group on Windows Server 2003 that is used for one purpose. The IIS _WPG has rights to register application pools with http.sys. What this means is that that if you assign an application pool a unique idenity, you must also add them to this group. By default, this group has the System, Local Service and Network Service accounts in it. By default, application pools on IIS 6 use the Network Service account. If you don't assign custom application pool idenities, you don't need to mess with the membership of this group. Do not delete this group, espcially on a domain controller.

IIS 7

Doesn't have any of the above accounts. Instead you'll find:

- IUSR - built in account for Windows Server 2008 and Vista. Created when IIS 7 is instaled. The IUSR account has the same SID on all Windows Server 2008 systems and Vista. A built in account is different than a local account. Built in accounts cannot be used to log in locally to the server so they don't have a password.

- IUSRS - This is the updated version of the IIS_WPG for IIS 7. The new coolness is that has autmatically maintained membership.

-------

What runs as who when?

For anonymous access, the request will be the run as the assinged anonymous user (preusming that anon authentication is enabled and the anon user has the required access rights). If the request is for ASP.net, subsequent page requests and background operations will access the file system as the process identity (this is the default behavior). Most of the time this is the Network Service account on IIS 6 or the ASPNET user on IIS 5. If not using ASP.net, file access for will be as the anonymous user unless the application your a running reverts to the process identity to do something on the server that the user does not have rights to do. There are quite a few more complications of course, but this typically how things go.

To do research about this, your best friend is Filemon.exe. I learned most of the limited knowledge I have about this by messing around with Filemon and permissions. When you set Deny Full Control, Everyone on a file and then access the file in the web application while Filemon is running, the Access Denied in Filemon will also show you the user that was denied access. Another fun tool to play with is w3ho.dll, a resource kit utility.

Hopefully this is useful.

Let me know

-brett

I've got a new job here at Microsoft as Technical Product Manager for Hosting Solutions. One of the first things up is a GIGANTIC roadshow we're producing for hosters to get hands on with IIS7. Best part is, I get to design the labs and content! I'm really excited to be working on this. The event is sadly only 1 day long, but is jammed with hands on labs and lectures so that attendees can go back and deploy IIS7 in their environment. The lab topics are IT Pro oriented rather than developer focused so don't sign up expecting to learn how to write an ihttp module. Do signgup if you're in the hosting industry and want to know how to deploy, configure, migrate apps, and troubleshoot IIS7. Of course, we're focusing on the new features rather than "this is a website.. it is used to deliver http content.." blah blah blah. Also, I try to keep marketing spin to a minimum.  My philoosphy has always been to let the technology sell itself.

It's worldwide and registraitons are open now for hosing industry personnnel.

REGISTER HERE!

Brett

Robert McMurray has a new video just posted on Channel 9 on the FTP server.

He's the program manager for web publishing and does a great set of demos that illustate most all the bells and whistles in the new code (called FPT7 internally). It's pretty cool so check it out.

http://channel9.msdn.com/ShowPost.aspx?PostID=319223

What can 1 person and web server do anyway? Make a million bucks? Listen to this interview with Markus Frind from PlentyofFish.com about how he moved from a home busienss to a Web 2.0 phenom

http://channel9.msdn.com/Shows/IIS_Show

Interesting stats from his server: http://plentyoffish.wordpress.com/2007/02/09/aspnet-and-iis-2-million-pageviews-per-hour/

Finally a document on HTTP.sys!

 Just got a ping from the http.sys team alerting me to this link where you'll find a paper on http.sys on Vista and Longhorn.

http://www.microsoft.com/downloads/details.aspx?FamilyID=311f4be8-9983-4ab0-9685-f1bfec1e7d62&displaylang=en

-bret