IIS 6 Administration
|
|
For your second installation, you’ll create a shared network distribution point containing the source files for Windows Server 2003 Web Edition. Then you’ll perform a clean install of Web Edition onto a machine that has no preinstalled operating system on it. You’ll do this by creating a network boot disk that will enable you to boot your target machine from a floppy, connect to the distribution point, and run Winnt32.exe to perform your install. Creating and configuring a network boot disk is an exercise in walking down memory lane—specifically, DOS Avenue (and NT Boulevard as well)— but it’s fun, and it’s a useful skill to know.
Creating a Distribution Point
Begin by creating a shared distribution point for installing Windows Server 2003 Web Edition over the network. The simplest way to do this is to insert the product CD for this edition in the CD-ROM of a file server, copy the \I386 folder and its contents to the server’s hard drive, and share the folder using the default share name I386. For this walkthrough, I’m using a Windows 2000 Professional test machine called SNOOPY as my file server, a stand-alone machine belonging to a workgroup called WORKGROUP. The UNC path that my network boot disk will need to connect to in order to access the installation source files will be \\SNOOPY\I386. The machine name and network path you are using will probably be different, so adjust the UNC path accordingly.
Creating a Network Boot Disk
Now it’s time to create your network boot disk so you can boot your target machine with it, connect to \\SNOOPY\I386 (or whatever), download the Setup files, and perform the installation. Network boot disks are tricky—setting them up requires some knowledge of MS-DOS. However, most sysadmins have some working knowledge of this old workhorse operating system. Network boot disks are often used for performing unattended installations, and most third-party disk imaging applications include a network boot disk. If you don’t have such software, don’t despair—you can use the Windows NT Server 4 operating system to create a network boot disk. If you have a Windows NT 4 server on your network, you simply use Administrative Tools | Network Client Administrator | Make Network Installation Startup Disk and specify the necessary information to create the disk, as you’ll see in a moment.
But what if you don’t have an NT server handy on your network? Unfortunately, Windows 2000 Server does not include a utility for creating a network boot disk. But if you have a Windows NT Server 4 product CD handy, you can extract the necessary files from the CD and use them on a Windows 2000 system to create your boot disk. Let’s try this approach. First, you’ll need a bootable MS-DOS system disk for your network boot disk. To create such a disk, insert an MS-DOS boot disk (every sysadmin has a few dozen of these kicking around) into your Windows 2000 workstation, reboot, and type FORMAT A: /S at the MS-DOS prompt (make sure your boot disk is write- protected first). You’ll be prompted to insert the disk you want to make bootable, so insert a blank floppy and press ENTER. Remove the formatted system disk and label it Network Boot Disk or something similar. Now reboot your workstation to Windows 2000 and do the following:
-
Use Windows Explorer to create the folder C:\Ncadmin.
-
Create a subfolder called \Clients within your \Ncadmin folder.
-
Insert the Windows NT 4 Server product CD into your CD-ROM drive (the R: drive in my example).
-
Copy the files Ncadmin.cn_, Ncadmin.ex_, and Ncadmin.hl_ from the \I386 folder of your NT Server product CD to your C:\Ncadmin folder.
-
Open a command prompt and switch to your C:\Ncadmin folder.
-
Type expand -r ncadmin.* at the command prompt to extract the files needed.
-
Leave the NT product CD in the R: drive.
Now type ncadmin at the command prompt to run Ncadmin.exe and start Network Client Administrator on your Windows 2000 machine (see Figure 4-8).
Select the Make Network Installation Startup Disk option and click Continue. The path should be R:\Clients; if it isn’t, change it. Select the Share Files option and click OK (see Figure 4-9). You can remove this share after you have finished running Network Client Administrator on your machine.
Select the Network Client v3 For MS-DOS And Windows option and specify the network card installed on your target machine (the machine on which you plan to install Windows Server 2003). This is the only tricky part, because what if your network card is new and not supported by Windows NT 4? In this case, the workaround is usually to install the closest card you can and then modify the .ini files on your network boot disk accordingly. My own target machine in this example has a 3Com905C-TX network card in it. Luckily, I found a helpful document on 3Com’s support website detailing how to create network startup disks for machines with 3c90x network cards (Doc# 06296 on www.support.3com.com). Following these instructions, I specified 3Com EtherLink III as my network card in the Target Workstation Configuration screen (see Figure 4-10) and clicked OK.
Tip | If your target machine has a network card from a different manufacturer, you should be able to modify the procedure used here once you’ve determined the name of the DOS driver on your card’s driver CD. |
The Network Startup Disk Configuration screen appears next (see Figure 4-11). Here you need to specify a computer name for your target machine (anything will do, as long as it’s unique to the network and will only be used temporarily), the domain to which the file server with your distribution point belongs (I left this blank because SNOOPY is a stand-alone machine), a username for connecting to the distribution files (Administrator, in the example), and an IP address setting for your boot disk (again, anything will do as long as its unique to the network). Leave the destination path as the A: drive, where the boot disk will be created, insert your bootable floppy in your A: drive, and click OK twice. Close the Network Client Administrator program when finished.
Security Alert! | Actually, using your Administrator account to connect from your target machine to your distribution point isn’t such a good idea because the network boot disk sends the account credentials across your network in plain text. If anyone is sniffing your network, your security could be badly compromised. I just used this account here out of laziness! |
Now you have to customize your network boot disk to use the correct network card driver (you’ll need the driver CD handy for your network card). First, open the SYSTEM.INI file in the \NET folder on the boot disk using Notepad. Since I’m using a 3Com905C TX network card on my machine, I need to change the line
netcard=elnk3.dos
so that it reads
netcard=el90x.dos
and save the changes. Then I need to open the PROTOCOL.INI file in the same folder and change the line
DRIVERNAME=ELNK3$
to read
DRIVERNAME=el90x$
and save the changes. Of course, your own system probably has a different network card, so change the preceding steps according to your own hardware configuration. Returning to my own system, I now insert the driver CD for my network card into my CD-ROM and use Windows Explorer to copy the file EL90X.DO_ to the \NET folder on my floppy. Next, I’ll open a command prompt, switch to A:\NET as my current directory, and type expand EL90X.DO_ EL90X.DOS to expand the DOS driver for my card onto my network boot disk (adjust the steps in the preceding procedure according to the name of the DOS driver for your own network card).
You’re almost finished. You still need to modify the autoexec.bat file on the network boot disk so it will connect to the shared distribution I386 point on SNOOPY (or whatever your distribution server is named) and run Winnt.exe, the 16-bit Setup program for installing Windows Server 2003. In autoexec.bat, change
net use z: \\SNOOPY\Clients
to
net use z: \\SNOOPY\I386
and change
z:\msclient\netsetup setup.exe /$
to
z:\winnt.exe /s:\\SNOOPY\I386
Note | If you can’t see the autoexec.bat file in the root directory when the network boot floppy is in the A: drive, start Windows Explorer and select Tools | Folder Options | View, and disable the option Hide Protected Operating System Files. This will make autoexec.bat visible. Right-click it and select Edit to open it in Notepad. |
Next, you need to add the MS-DOS disk caching utility SmartDrive to your network boot disk; otherwise, Setup will take forever to copy files to your target machine (it’s too bad that Windows NT’s Network Client Administrator program doesn’t automatically add SmartDrive to the boot disk it creates). If you have a machine with MS-DOS 6.22 installed on it, you could simply copy the file SMARTDRV.EXE from the machine to my network boot disk, but let’s assume you don’t. Not to worry, just dig out the three MS-DOS 6.22 installation floppies gathering dust in the bottom drawer of your filing cabinet (System Administrator’s Rule #1: Never throw out anything!!). Copy the file SMARTDRV.EX_ from Disk 2 your my MS-DOS boot disk, boot your workstation using the boot disk, type EXPAND SMARTERV.EX_ SMARTDRV.EXE at the DOS prompt, and then use the COPY command to copy the expanded file SMARTDRV.EXE from your MS-DOS boot disk to the root of my network boot disk. Then you need to add the line
smartdrive.exe
to the beginning of the autoexec.bat file on your network boot disk so that SmartDrive will run and disk caching will be enabled when you boot the target machine using your network boot disk.
One final step—when Setup runs on your target machine, it needs to be able to copy the temporary Setup files to the machine’s hard drive. To make this possible, you need to ensure that there is a formatted partition on the machine’s hard drive. To do this, boot the target machine using your MS-DOS boot disk, use the FDISK command to create a primary partition of maximum size (2047KB) and mark it active, and then type FORMAT C: to format the new partition using the FAT file system.
Installing Web Edition
You’re now prepared to install Windows Server 2003 Web Edition over the network. Insert your network boot disk into the target machine, turn it on, and when prompted supply the password for the Administrator account on the file server where the shared distribution point is located. Once the network boot disk connects to this distribution point, the blue screen Text Mode portion of Setup for Windows Server 2003 will begin. Installation files will be copied to the target machine’s hard drive, and you’re on your way. Don’t forget to remove the network boot disk from A: drive when prompted to restart the system!
Once restarted, you can specify that the C: partition should be converted to NTFS (fortunately, the 2047 size of this partition is sufficient to allow this maneuver, since it’s essential for security reasons that Windows Server 2003 be installed on an NTFS partition). After two more reboots, the GUI mode portion of Setup begins. All you need to do from here is respond to the Setup prompts as in the preceding section of this chapter (the GUI mode portion of Setup for Web Edition is identical to that for Standard Edition described earlier).
Postinstallation Notes
When you first log on to Web Edition, Internet Explorer starts up and presents you with a logon screen for the Web Interface For Server Administration tool (see Figure 4-12). This tool is a secure website for administering IIS using a web browser, and there is a shortcut in the Startup folder that causes this tool to open whenever you log on to Web Edition. The shortcut invokes the VBScript file SecureLaunch.vbs located in \System32\ ServerAppliance, which constructs a URL of the form https://machine_name:port, where
-
https:// indicates that the connection between the browser and Administration website is secure because it is encrypted using SSL.
-
machine_name is the name of the local machine (you can also use localhost or the machine’s IP address or fully qualified domain name).
-
port is the SSL port for the Administration website (value is 8098).
In the example installation, a machine name would be randomly generated, perhaps something like ME-LDBNY9QL4Y55, in which case the URL that is opened would be https:// ME-LDBNY9QL4Y55:8098. The extra logon screen in Figure 4-12 is there because the Administration website is configured to use Basic Authentication, which works through firewalls and thus allows administrators to manage their Web Edition machines remotely from any location over the Internet. Because Basic Authentication passes user credentials across the network in clear text, however, SSL is needed to ensure that the process of administering such servers is secure.
To open Web Interface For Server Administration, enter user credentials with Administrator privileges and click OK. Internet Explorer will access the Administration website using SSL and the interface will appear (see Figure 4-13). If a Warning status message appears under the server name at the top of the screen, click the message to open the status page for the tool and view any warning or informational status messages present. For example, you may be prompted to install a new certificate on the server because the SSL certificate that is preinstalled on the server is only intended for sustaining an initial connection with it. If this happens, you should obtain your own unique SSL certificate from a certificate authority you trust and install it on your server for greater security.
While the Internet Services Manager console is the standard way of administering IIS machines, this tool is designed mainly to work across a company network. To administer IIS from a machine beyond the company network (for example, a remote user with a laptop connected to the Internet), use the Web Services For Server Administration tool instead. This tool is installed by default in Web Edition and starts each time the user logs on. On Standard and Enterprise Editions the tool is not installed by default, but you can install it afterward by using Control Panel | Add Or Remove Programs | Add/Remove Windows Components | Web Administration Server | Details | Internet Information Services (IIS) | Details | World Wide Web Service | Details | select Server Administration (HTML). The component then appears in Add/Remove Windows Components as Server Administration Tools.
Security Alert! | If you select the Remember My Password check box on the logon screen for Web Interface For Server Administration, the next time you log on to Windows your credentials will have been automatically entered into the logon screen, but you still have to click OK! |
Tip | If you accidentally close the Web Interface For Server Administration browser window, you can open it again from Administrative Tools (or you can log off and log on again to open it automatically). You don’t have to type the URL out to access it—unless you’re trying to access it from a remote machine, which is the whole intention of the tool anyway! |
Web Interface For Server Administration is more than just a browser-based version of the IIS console. In addition to being able to create and manage websites with it, you can also manage local users and groups and volumes and disk quotas and perform other tasks suitable for an all-in-one interface to a web server appliance like a machine running Windows Server 2003 Web Edition. We’ll look more at the Web Services For Server Administration tool in Chapter 6, and we will discuss SSL in more detail in Chapter 10. For now, let’s finish our postinstallation tour of Web Edition by opening the IIS console from Administrative Tools and examine the installed IIS components and their configuration (see Figure 4-14). Note that there are two websites listed in the console tree, Default Web Site and Administration. Note that Default Web Site has only static content in it—a single Under Construction page called iisstart.htm. I mentioned earlier that the dynamic sample websites of earlier versions of IIS have been removed from version 6 for increased security. Notice also the Administration site, an ASP application that runs the Web Interface For Server Administration tool. Finally, note that the SMTP Service is automatically installed with Web Edition.
Security Alert! | Recall from the previous walkthrough that the Active Server Pages (ASP) component of IIS is not installed by default when you add the Application Server role to Standard or Enterprise Edition. With Web Edition, however, this component must be installed for the Web Interface For Server Administration tool to work because the tool is implemented as an ASP application. You can verify that ASP is installed on Web Edition by selecting the Web Service Extensions node in the IIS console and verifying that Active Server Pages is marked Allowed (other installed extensions are marked Prohibited, which means they are installed but need to be enabled before they can be used). |
For a full view of which IIS components are installed by default in Web Edition, go to Add Or Remove Programs in Control Panel. You’ll see the following components are installed under Web Administration Server:
-
Enable network COM+ access
-
Internet Information Services (IIS)
-
Common Files
-
Internet Information Services Manager
-
SMTP Service
-
World Wide Web Service
-
Active Server Pages
-
Server Administration (HTML)
-
World Wide Web Service
Note that if you use Add Or Remove Programs in Control Panel to view the complete list of available components for Web Edition, you’ll see why Microsoft positions this edition for niche use in the enterprise and service provider markets. Web Edition lacks major features like Active Directory and RRAS and is envisioned primarily for either running on high-density blade servers in hosting data centers for Internet service providers (ISPs) and application service providers (ASPs) or serving as front-end IIS web servers running on repurposed PCs in enterprise or e-commerce web farms. Web Edition saves service providers and enterprises money in both of these scenarios. Because Web Edition is designed to prevent running certain types of enterprise-level applications on it (such as directory services, database, and messaging applications), it can only be used for hosting static content and dynamic applications developed with technologies like ASP and Cold Fusion whose databases are run on back-end servers.
|
|