Académique Documents
Professionnel Documents
Culture Documents
Introduction
IIS is Microsofts web server that has been tailored specifically to business users and provides
many features that make it easy for a business to use ecommerce, provide interactive websites
and host web browser based applications.
In todays lab you will perform the following tasks:
Task 1: Install IIS 7
Task 2: Creating Web Content
Task 3: Creating Virtual Directories
Task 4: Configuring IP Address Restrictions
Task 5: Install Active Directory Certificate Services
Task 6: Using the Certification Authority Tool
Task 7: Configuring a Certificate Template for Autoenrollment
Task 8: Configuring a Group Policy for Autoenrollment
Task 9: Configuring Credential Roaming
Page 1
2. In the Server Manager window, scroll down to Roles Summary, and then click Add
Roles. The Add Roles Wizard will start with a Before You Begin page. Click Next
3. Check the web server (IIS) role, if any roles or features are missing the screen below
will appear
Page 2
Make sure IIS Client Certificate Mapping Authentication and read its description on the right
side of the window. This selection enables you to use digital IDs for security.
1. Click Next
2. Check to make sure all of the features are installed and then click Install
3. When the installation results page appears, IIS is now installed so click Close to
complete the process.
4. Open internet explorer to confirm that the Web server works by typing http://localhost in
the address bar. The following page should open
Page 3
Page 4
6. In the File Name text box, type Default.htm, and click Save.
7. Create another folder in your Documents folder called Sales
8. Create a file inside it called Default.htm, containing the following text:
<html><body>
<h1><center>Mydomainname Sales</center></h1>
<h2><center>sales.mydomainname.com</center></h2>
</html></body>
9. Close the Notepad window
10. Click Start-> Administrative Tools -> DNS. Click Continue in the User Account Control
message box
11. Expand server name and the Forward Lookup Zones folder
12. Right-click the mydomainname.com zone and, from the context menu, select New Alias
(CNAME). The New Resource Record dialog box appears, as shown below
Page 5
Page 6
Page 7
11. In the actions pane, click Edit Feature Settings. The Edit IP And Domain Restrictions
Settings dialog box appears.
12. From the Access For Unspecified Clients drop-down list, select Deny, and click OK.
16. Leave the Specific IPv4 Address option selected. In the text box, type 127.0.0.1, and click
OK. The new rule you created appears in the IPv4 Address And Domain Restrictions
list.
17. Switch to Internet Explorer, and click the Refresh button
Created 2/22/2012 by Donna P. Warren
Page 8
18. On your partner server, switch to Internet Explorer, and try again to connect to the
http://server.mydomainname.com URL
19. On your second server, click Start. Then click All Programs > Accessories > Command
Prompt. A command-prompt window appears
20. In the command-prompt window, type ipconfig, and press Enter
21. Back on your own server, create a new Allow entry for your second servers IP address
22. Retest your access to the Web site from your server and your second server, just as you did
in steps 17 to 18.
23. In the Internet Information Services (IIS) Manager window, in the actions pane, click Add
Allow Entry. The Add Allow Restriction Rule dialog box appears
24. Select the IPv4 Address Range option and, in the text box, type 10.10.10.0.
25. In the Mask text box, type 255.255.255.0, and click OK. The new rule you created appears
in the IPv4 Address And Domain Restrictions list.
26. Press Ctrl+Prt Scr to take a screen shot of the Internet Information Services (IIS) Manager
window showing the three rules you created. Press Ctrl+V to paste the image in your lab 6
word file
27. Click Edit Feature Settings again, and select Allow from the Access For Unspecified
Clients drop-down list. Then, click OK
28. Log off
Page 9
Page 10
Page 11
5. Double-click Default Domain Policy in the Browse for Group Policy Object dialog box
6. Click Finish in the Select Group Policy Object window
7. Click OK in the Add or Remove Snap-ins window
8. Maximize the windows, if necessary
9. In the left-pane tree, click Default Domain Policy [server and domain name].
10. In the left pane, expand User Confi guration, if necessary
11. In the left pane, expand Policies, if necessary
12. In the left pane, expand Windows Settings
13. In the left pane, expand Security Settings
14. In the left pane, double-click Public Key Policies
15. In the middle pane, double-click Certificate Services Client Auto-Enrollment
16. In the Certificate Services Client Auto-Enrollment Properties dialog box, click the
down arrow for Configuration Model and select Enabled
17. In the Certificate Services Client Auto-Enrollment Properties dialog box, check the
boxes for Renew expired certificates, update pending certificates, and remove
revoked certificates and for Update certificates that use certificate templatesif
these boxes are not already checked
18. Press Ctrl+Prt Scr to take a screen shot of the window and press Ctrl+V to paste the
image into your lab 6 word
19. Click OK in the Certificate Services Client Auto-Enrollment Properties dialog box
20. Leave the Default Domain Policy console open
Page 12
6. Press Ctrl+Prt Scr to take a screen shot of the window and press Ctrl+V to paste the
image into your lab 6 word
7. Click OK in the Certificate Services Client Credential Roaming dialog box
8. Click OK in the Changing RUP Exclusion List information box
9. Close the Default Domain Policy console
10. Click No when asked whether to save changes to the console
Page 13