Install and configure a secure IIS server secret

Before reading this article, we recommend that you read one of the IIS user guide: the new features of IIS 6, which can be used better only when you understand the new features of IIS 6. Unless otherwise stated, all IIS involved in this Article refer to IIS6 provided in Windows Server2003.

Install IIS

Before installing IIS, you need to consider how to enhance the security of the IIS server. The first point is to reduce the attack surface of the IIS server. On the IIS server, you should first configure the Windows Server safely; Use the NTFS file format; install as few network services as possible; stop irrelevant services; and only install required IIS components.

Install IIS

The process is very simple. Click Start, point to control panel, select add or delete programs, and then click Add/delete Windows components. In the displayed Windows component wizard dialog box, select Internet Information Service (IIS) under the application server. In terms of security, When IIS is installed in WindowsServer2003, only some of the IIS components, rather than all, are installed by default. The installed components are shown in the following table:

Description of IIS components installed by default

Recommended settings for default component name settings

Disabling FrontPage 2002ServerExtensions provides support for publishing Web sites in FrontPage. You can decide whether to enable the website based on your own needs. We recommend that you do not enable the website.

Disable the Internet Printing Service component for Internet Printing. Please decide whether to enable the Service Based on your own needs.

Internet Information Service Manager enables MMC units for local IIS management.

The NNTP Service disables the network news transmission Service component. Please decide whether to enable it based on your own needs.

SMTPService disables the SMTP service component. Determine whether to enable the Service Based on your own needs. For example, to install the SMTP service component, you must install this component.

Public files are program files required to enable IIS.

The backend smart Transfer Service (BITS) Server Extension disables BITS. It is a background file transfer mechanism used for Windows updates or automatic updates. It is enabled only when your application needs this function, for example, to install the WSUS server, you must install this component.

Enable Web service components in the World Wide Web Service, which is the most common component in IIS. It contains multiple child components. See the following table.

The file transfer protocol (FTP) Service disables the FTP service component and determines whether to enable it based on your needs.

Description of web service components installed by default

Recommended settings for default component name settings

Active ServerPages is used to install this component, but ASP scripts are not allowed to support the components. For security reasons, although this component is installed by default, it is not allowed to be used. You can select it here, and it will be enabled by default; or you can keep the default settings here and enable them manually later.

The Internet data connector is used to install this component. the Dynamic Content support provided by idc files. For security considerations, although it is installed by default, it is not allowed to be used. You can select it here, and it will be enabled by default; or you can keep the default settings here and enable them manually later.

WebDav releases and installs this component, but does not allow the use of WebDAV to extend the HTTP1.1 protocol to support Web content publishing and management. In terms of security, although installed by default, it is not allowed to be used, you can select it here, and it will be enabled by default; or you can keep the default settings here, and then manually enable it later.

Core Components of IIS Web services enabled for the World Wide Web Service

Remote Management (HTML) disables remote management of IIS from the HTML interface. you can install IIS as needed.

Remote Desktop Web connection disabling supports connecting to Terminal Service Components from Web pages. you can install the components as needed.

The package containing files on the server end can only be used to install this group. the support of the stm file. For security considerations, although it is installed by default, it is not allowed to be used. You can check it here and it will be enabled by default; or you can keep the default settings here, enable it manually later.

If you only want to provide Web services, the default components installed by IIS have completely met your needs. Here, I only install Web service components, so check Internet Information Service (IIS), click OK, and then click Next in the Windows component wizard dialog box. At this time, the Windows server starts the installation of IIS components, during installation, you may be prompted to insert the installation disc. After installation, IIS is installed.