So I loaded a screencast on Channel 9 today at http://channel9.msdn.com/Showpost.aspx?postid=206237. It's about installing IIS7 on Vista. Haven't done one of these screencasts before so forgive the resolution. A link to a better one is here: InstallingIIS7onVista.wmv (70.97 MB).

Short story is IIS 7 modular so the IIS team had an interesting situation to consider. Since we claim all over the place to be "secure by default", the question arises - now that we can opt to not load certain features in IIS 7 that are loaded all the time in IIS 6 (CGI processing, ADSI compatibility, Digest authentication for example): should we load things that customer expect since that they way IIS 6 works, or not load things they don't ask for making it more secure. The current trend in that discussion is the "not" side of the discussion. As as result, IIS 7 doesn't do some thing you might expect if you just install the default configuration. Here's a video that explains shows you some of the details.

-brett