How to solve special IIS management confusion

Many organizations have set up simple WEB Information Servers through the IIS components of the Windows server system to help employees understand their information in a timely manner and promote mutual communication between employees. To make the IIS server more close to the access needs of the organization's employees, we often need to perform some special management of IIS. However, during the special management process, we sometimes encounter some difficult puzzles. If these phenomena are not promptly and effectively excluded, they will definitely affect the efficiency of IIS server. In view of this, this article will summarize some confusions encountered in the special management process and provide them with effective countermeasures, I hope these tips will help network administrators better manage IIS servers!

Frequent pop-up confusion in the verification window

For some sensitive information in the organization, we may need to restrict access by some employees at will. To achieve this goal, many network administrators configure the IIS server, most of them will enable the IIS authentication function. In this way, when any employee needs to access sensitive information, the IIS will always pop up a verification window asking the visitor to enter valid account information, employees who do not have a valid account will naturally be unable to access sensitive information. We often encounter this confusion during the actual configuration of the IIS server, that is, we did not enable the integrated Windows verification function, however, employees still encounter frequent pop-up confusions when accessing the WEB site. In the face of such confusions, how can we eliminate them?

In fact, in addition to checking whether the IIS server has enabled the integrated Windows verification function, we should also perform the following checks in case of frequent confusions in the verification window:

First, check whether the Group Policy settings in the server system are correct. If we have enabled security policies such as "Password Must Meet Complexity Requirements" and "minimum password length is x, the enterprise staff may encounter a verification window when visiting the website in the future. If the policy parameters of the inspection group are set at that time, click Start or run. In the displayed system running dialog box, enter the string command "secpol. msc, click the Enter key to open the local security settings policy interface. In the left-side pane of the interface, double-click the Account Policy and password policy options with the mouse, in the right pane of the corresponding "password policy" option (1 ), we can clearly see that "the Password Must Meet the complexity requirements", "The minimum password length is x" and other security policies. If these policies are enabled, we might as well stop looking at them for the moment. Of course, if we enable the "account lock policy", we may also encounter frequent confusions in the verification window, therefore, double-click the "Account Policy" and "account lock policy" options to check whether the server system has enabled this policy. If yes, you can also try to temporarily stop them.

Figure 1

After the Group Policy is excluded, we need to check the IIS configuration. when checking the configuration information, we first open the IIS Console window of the server system, in the left-side area of the window, find the target website of the organization, right-click the option, and run the "properties" command from the shortcut menu to open the IIS parameter configuration window, then, select "Directory Security" and "configuration", and check whether the "Anonymous Access" project is selected in the following interface, if it is not selected, you must re-select it in time. Then, click "edit" in the "Anonymous Access" setting to view the specific configuration of anonymous access, by default, the username used by anonymous users should be "IUSR_computername" (where the name of computername is the same as the host name of the workstation), and the "password" box should be gray and unavailable, if we find that the user names and passwords used here do not meet the requirements, we must correct them in time. Otherwise, frequent confusions may occur in the verification window.

If the above efforts fail to eliminate the confusion of frequent pop-up in the verification window, we may check whether control programs such as IIS Lockdown are installed in the server system, once this type of control program is installed, the IIS server may run differently. We can try to temporarily Uninstall this type of control program, I believe that the above efforts will certainly eliminate the confusions of frequent pop-up in the verification window!

IIS process cannot be restarted

After the IIS server is running for a long time, some faults may often fail to run normally. to quickly eliminate this problem, many network administrators often restart the IIS process to quickly restart the IIS server, so that the IIS server can quickly resume normal operation. However, in many cases, IIS service processes in the server system often have a "dependency" relationship with other system processes. If we stop IIS service processes at will, some special functions of the server will be affected. If the IIS process cannot be restarted, can we find a perfect solution to quickly restart the IIS server, does it affect the normal operation of other functions of the server system? The answer is yes. We only need to follow the steps below to achieve the goal:

If the IIS server fails to run properly due to exceptions, you can press Ctrl + Alt + Del on the keyboard in the computer system where the IIS server is located, click the "Task Manager" button on the page to open the Task Manager window of the computer system where the IIS server is located;

Click the "process" tab in the window, and check whether the "user name" column identity information exists on the option settings page that appears later. If no information is found, click the "Tools" project in the Task Manager menu bar and click the "Select column" command in the drop-down menu to enter the setting window shown in figure 2; select the "user name" option in the settings window and click "OK" to return to the "process" option settings page, in this way, we can find out who calls each service process from the process tag page;

Figure 2

Select the worker process, right-click it, click the "End Process" command option from the shortcut menu that appears, and click "OK" to exit the Windows System Task Manager window, in this way, we can disable the IIS service process without affecting other functions of the server.
　　
Then, enter the IIS Console window and restart the target website of the Organization so that the IIS service process can be restarted; in addition, when an employee accesses a problematic target website again, no fault will occur!

IIS cannot add applications.

I believe that many individual users often set up personal WWW servers on computers installed with Windows XP for the purpose of publishing information. When configuring IIS servers in such environments, we sometimes encounter the confusion that the IIS server cannot add Application Extensions.

When you configure application extension in the conventional way, you only need to open the IIS Console window, right-click the target website name, and execute the "attribute" command from the shortcut menu, open the IIS parameter configuration interface of the target website. Click the "main target" tab in the interface and find "application settings" (3) on the corresponding tab page ), click the "configuration" button next to the configuration item to enter the "application" Configuration window, and then click the "add" button under the window, you can add Application Extensions. In fact, we sometimes find that when you enter the "Add/edit application extension ing" dialog box, the "OK" button in the dialog box turns to a gray tone, so that we can add the extension name of the application to be added even through the "Browse" button in the dialog box, however, because the "OK" button is unavailable, we cannot make the added application extension take effect. In the face of the confusion that IIS cannot add Application Extensions, how can we successfully configure the target application extension project?

Figure 3

In the face of this confusion, I first searched the internet for relevant information, and then found the corresponding explanation on Microsoft's official website: when you configure application extension parameters on a computer that has Windows XP installed, You can import the target application by clicking the Browse button in the "Add/edit application extension ing" dialog box, the "OK" button in the dialog box will be unavailable because after the "Browse" button is used to import the executable program, windows XP system will display a compressed path in the "Add/edit application extension ing" dialog box to enhance the readability of the file path, but the IIS system regards this compressed path as incorrect, so the "OK" button in the "Add/edit application extension ing" dialog box is dimmed.

After finding the cause of failure, we can move the cursor to the "executable file" path text box and click the left mouse button, in this way, the zipped path in the path information imported through the "Browse" button is invalid, in this way, the "OK" button in the "Add/edit application extension ing" dialog box is valid. Of course, if we know the specific path information of the target executable file, we just need to fill in its path information directly in the "executable file" path text box, in this way, the compression path can be avoided. Once the "OK" button takes effect, simply click "OK"