CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

Windows Server 2003 is the first major platform released by Microsoft to implement the secure by design, secure by default, secure in deployment paradigm. Unlike previous versions of Microsoft Windows, where a lot of options were installed by default, Windows 2003 requires the administrator to deliberately install and enable many services, including Internet Information Services (IIS). The exception to this is the new Windows 2003 Server Web Edition, which installs some IIS components by default. There are a number of ways to install the various components of IIS 6.0.
Installing IIS 6.0 Using the Configure Your Server Wizard
Installing or Modifying IIS 6.0 Using the Add/Remove Programs Control Panel
Installing IIS Using an Automated Installation (Unattended Setup)
Upgrading IIS 5.0 to IIS 6.0
Locating the Administrative Tools
By the end of this chapter, you should be aware of the components that make up IIS and what each component is used for, which components are installed as part of the Application Server and Mail Server roles, and how to modify, add, or remove components as required. Finally, you should be aware of the location of the various administrative tools used to manage IIS and its related services.
Windows Server 2003 provides a Configure Your Server wizard that can be used to quickly configure your server to perform one or more roles. Configuring your server to perform a role installs and configures the necessary components for the server to...