6427 A Lab Manual

O F F I C I A L
M I C R O S O F T
L E A R N I N G
P R O D U C T
6427A
Lab Instructions and Lab Answer Keys:
Configuring and Troubleshooting Internet
Information Services in Windows Server
2008
Information in this document, including URL and other Internet Web site references, is subject to change without notice.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people,
places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain
name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright
laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be
reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft
Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject
matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this
document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no
representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the
products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of
Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of
Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any
changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from
any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply
endorsement of Microsoft of the site or the products contained therein.
2008Microsoft Corporation. All rights reserved.
Microsoft, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries.
All other trademarks are property of their respective owners.
Product Number: 6427A

Part Number: X14-69082
Released: 12/2007
Lab Instructions: Configuring an Internet Information Services 7.0 Web Server
Module 1
Lab Instructions: Configuring an Internet Information
Services 7.0 Web Server
Contents:
Exercise 1: Installing IIS Using Role Manager
Exercise 2: Installing IIS Using Unattended Setup
Exercise 3: Installing IIS on Server Core from Command Line
Exercise 4: Configuring IIS and Validating Functionality
Lab Instructions: Configuuring an Internet Infoormation Services 7.00 Web Server
Lab: Con
nfigurin
ng an IIS
S 7.0 Web
W Serv
ver
Exercise 1: Installing IIS Using Role

R
Mana
ager
Sccenario
Yo
ou receive a se
ervice request from the Ente
erprise Design Team to prepa
are three Web
b servers to host Web
sittes and Web applications.
a
O of the com
One
mpanies acquirred by Woodgrove Bank has a classic ASP
ap
pplication thatt needs to be hosted
h
in IIS7.
Ex
xercise Ove
erview
In
n this exercise, you will learn how to install IIS 7.0 using Role Manager..
Th
his exercises main
m
tasks are:
1..
2..
3..
Start the 64
427A-NYC-SVR
R1 virtual machine and log on as LocalAdm
min.
Turn on Ne
etwork Discove
ery.
Install the Web
W server role.
f Task 1: Start the

t 6427A-N
NYC-SVR1 virtual
v
machine and log on as LocalA
Admin
Start 6427A
A-NYC-SVR1, and log on ass LocalAdmin with the passw
word of Pa$$w
w0rd.
f Task 2: Turn on
o Network
k Discovery
Open Netw
work and Sharing Center and turn on Ne
etwork Discov
very and File Sharing for alll public
networks.
f Task 3: Install the Web seerver role
Use Serverr Manager to add

a the Web Server (IIS) ro
ole and ASP ass a required se
ervice.
Test functio
onality by load
ding http://loccalhost in the browser.
Results: After this exercise, you should have successfully verified that the Web Server (IIS) role is
installed and loaded the IIS Welcome page in Internet Explorer.

Scenario
Now you will set up the second IIS Web server to host the new ASP.NET application. You will install IIS by
creating an Unattend.XML file based on the example given on the student CD by modifying it to only
install the features needed. This will be an ASP.NET application server and will need to have all security,
compression and caching features installed so that development can experiment with configuration.
Exercise Overview
In this exercise, you will learn how to install IIS using unattended setup.
This exercises main tasks are:
1.
2.
3.
4.
Start the 6427A-NYC-SVR3 virtual machine and log on as LocalAdmin.

Turn on Network Discovery.
Create the Unattend.XML file by copying the default XML file provided and removing unnecessary
features.
Install IIS using Pkgmgr with the Unattend.XML file and verify once completed.
f Task 1: Start the 6427A-NYC-SVR3 virtual machine and log on as LocalAdmin
Start 6427A-NYC-SVR3, and log on as LocalAdmin with the password of Pa$$w0rd.
f Task 2: Turn on Network Discovery
Open Network and Sharing Center and turn on Network Discovery and File Sharing for all public
networks.
f Task 3: Create the Unattend.XML file by copying the default XML file provided and
removing unnecessary features
1.
Open E:\mod01\labfiles\unattend.xml in Notepad and delete the following lines:

<selection
<selection
<selection
<selection
<selection
<selection
<selection
<selection
<selection
<selection
2.
name="IIS-HttpRedirect" state="true"/>
name="IIS-ASP" state="true"/>
name="IIS-CGI" state="true"/>
name="IIS-ISAPIExtensions" state="true"/>
name="IIS-ISAPIFilter" state="true"/>
name="IIS-IIS6ManagementCompatibility" state="true"/>
name="IIS-Metabase" state="true"/>
name="IIS-WMICompatibility" state="true"/>
name="IIS-LegacyScripts" state="true"/>
name="IIS-LegacySnapIn" state="true"/>
Save the modified file to c:\unattend.xml.
f Task 4: Install IIS using Pkgmgr with the Unattend.XML file and verify once completed
1.
2.
3.
Start /w pkgmgr /n:unattend.xml to install IIS.

Verify installation by using the command echo %errorlevel%.
Use Server Manager to verify that the Web server role is installed, and open http://localhost in the
browser.
Results: After this exercise, you should have successfully installed IIS using an unattend file and
verified the IIS Welcome page.

Scenario
The final server you will install is a Server Core Web server that will act primarily as a redirection server to
the ASP server.
Exercise Overview
In this exercise, you will learn how to install IIS via the command line in a Server Core environment.
1.
2.
3.
Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator.

Disable the firewall.
Install IIS from the command line.
f Task 1: Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator
Start 6427A-NYC-SVR2, and log on as Administrator with the password of Pa$$w0rd.
f Task 2: Disable the firewall
On NYC-SVR2, in the command prompt window, type netsh firewall set opmode disable and press
Enter.
f Task 3: Install IIS from the command line

1.
Type the following and then press Enter. Note that the feature names are case-sensitive:
Start /w pkgmgr /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IISStaticContent;IIS-DefaultDocument;IIS-HttpErrors;IIS-HttpRedirect;WASWindowsActivationService;WAS-ProcessModel
2.
When the process completes, type echo %errorlevel%, and then press Enter.
On NYC-SVR1, in Internet Explorer, browse to http://nyc-svr2 to verify functionality.
Results: After this exercise, you should have successfully installed IIS on Microsoft Server 2008 Server
Core from the command line and verified by loading the IIS Welcome page from another machine
running Internet Explorer.

Scenario
With the three Web servers installed, configure each as necessary to perform its function.
Exercise Overview
In this exercise, you will configure common IIS features and validate functionality.
1.
2.
3.
Configure NYC-SVR1 for ASP debugging, detailed error messages, HTTP compression and SMTP
Service.
Configure NYC-SVR3 to trace server errors, enable directory browsing, enable windows authentication
and impersonation, configure UDDI, and enable dynamic output compression.
Configure NYC-SVR2 to have no default documents, and redirect requests to NYC-SVR1.
f Task 1: Configure NYC-SVR1 for ASP debugging, detailed error messages, and HTTP
compression
1.
2.
On NYC-SVR1, in Internet Information Services (IIS) Manager, under ASP Compilation settings,
enable Client-side and Server-side debugging. Enable Send Errors to Browser.
Under HTTP Response Headers, set Expire Web Content.
Under Compression, enable Static Content Compression.
Under Error Pages, enable Detailed error messages.
On NYC-SVR3, in Internet Explorer, browse to a page on NYC-SVR1 that does not exist, such as
http://nyc-svr1/default.asp to check error functionality.
f Task 2: Configure NYC-SVR3 to trace server errors, enable directory browsing, enable
windows authentication and impersonation, configure UDDI, and enable dynamic
output compression and SMTP
1.
On NYC-SVR3, in Internet Information Services (IIS) Manager, under Failed Request Tracing,
enable Failed Request Tracing.
2.
3.
4.
Enable Directory Browsing, Windows Authentication, and ASP.NET Impersonation.

In Server Manager, add the UDDI Services role and configure it to not require SSL.
In IIS Manager, under Output Caching, add a cache rule for the aspx extension to enable Usermode caching.
5.
Add a rule to trace status code 500 for critical errors.
Under ASP.NET, configure SMTP email for email address NYC-SVR3@WoodGroveBank.com,

server name SMTP.WoodgroveBank.com.
Test the configuration by browsing to http://localhost/uddi.
Browse to http://localhost/aspnet_client and investigate the failed request log.
f Task 3: Configure NYC-SVR2 to have no default documents, and redirect requests to

NYC-SVR1
1.
On NYC-SVR2, in the command prompt window, type

cd \windows\system32\inetsrv\config and then press Enter.
Type edit applicationHost.config and then press Enter.
Scroll down to <defaultDocument enabled="true"> (approximately line 169), and change

"true" to "false".
Scroll down to <httpRedirect enabled="false" /> (approximately line 246), and modify this line
to read:
<httpRedirect enabled="true" exactDestination="false" childOnly="false"
destination="http://10.10.0.24/" />
2.
On NYC-SVR3, in Internet Explorer, browse to http://nyc-svr2 to test the redirection.
Results: After this exercise, you should have successfully configured and verified the configuration of
the three web servers.
Lab instructions: Configuring IIS 7.0 Web Sites and Application Pools
Module 2
Lab instructions: Configuring IIS 7.0 Web Sites and
Application Pools
Contents:
Exercise 1: Configuring Authentication Types
Exercise 2: Creating a Web Site and Web Application
Exercise 3: Creating an Application Pool
Exercise 4: Configuring an Existing Application Pool
Lab instructions: Configuuring IIS 7.0 Web Sitees and Application Poools
LLab: Con
nfigurin
ng IIS 7..0 Web Sites an
nd Application
n
P
Pools
Exercise 1: Configurin
ng Authen
ntication Types
T
Sccenario
Yo
ou receive a se
erprise Design Team to organize the existin
ng NYC-WEB-A
A server
in
nto virtual directories by acce
ess level. There
e will be two access
a
levels: public
p
and restricted. Anyone
e on the
ne
etwork should be able to access the publicc content. Only authenticate
ed users should
d be able to acccess
re
estricted.
Ex
xercise Ove
erview
In
n this exercise, you will learn how to create
e virtual directo
ories and conffigure anonym
mous authenticcation.
Th
his exercises main
m
tasks are:
1..
2..
3..
4..
5..
Start the 64
427A-NYC-DC1 virtual mach
hine.
Start the 64
427A-NYC-WE
EB-A virtual ma
achine and log
g on as Woodg
grovebank\Administrator.
Add Basic, Windows
W
Integ
grated and Dig
gest Security features
f
to the
e IIS Role.
Create a virrtual directory named Publicc.
Configure the
t public virtu
ual directory fo
or anonymouss authenticatio
on.
f Task 1: Start the

t 6427A-N
NYC-DC1 virtual
Start 6427A
A-NYC-DC1.
f Task 2: Start the

t 6427A-N
NYC-WEB-A
A virtual macchine and lo
og on as
W
Woodgroveb
bank\Administrator
Start 6427A
A-NYC-WEB-A
A, and log on as LocalAdmiin with the password of Pa$
$$w0rd.
f Task 3: Add Basic, Windows Integrated and Digest Security features to the IIS Role
Use Server Manager to add the Basic Authentication, Windows Authentication, and Digest
Authentication role services to the Web server role.
f Task 4: Create a virtual directory named public
Use Internet Information Services Manager to create a virtual directory named public pointing to
the physical directory c:\inetpub\public.
Copy the contents of c:\inetpub\wwwroot to c:\inetpub\public.
f Task 5: Configure the public virtual directory for anonymous authentication

1.
2.
3.
4.
5.
Use Internet Information Services Manager to make sure that Anonymous Authentication is
enabled for Public.
In Server Manager, enable the local Guest account, and allow Guest to log on locally.
Use Switch User to logon as NYC-WEB-A\Guest with no password.
Open http://localhost/public in the browser to verify that the local guest can browse to the public
directory.
Use Switch user to login as local administrator with password of Pa$$w0rd before continuing with
next exercise.
Results: After this exercise, you should have successfully verified that the Public directory is created. and
loaded the IIS Welcome page in Internet Explorer with the Guest account.

Scenario
Next you will create two web sites, and two web applications, in the employee and restricted virtual
directories, named Woodgrove and Exec respectively. Exec will be a .NET 3.0 application. You will also
delegate administrative access to ITAdmins_WoodgroveGG.
Exercise Overview
In this exercise, you will learn how to create web sites and applications.
1.
2.
3.
4.
Create a site named Woodgrove.

Copy the Woodgrove application to the appropriate directory.
Add the .NET 3.0 Feature to the server.
Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG.
f Task 1: Create a site named Woodgrove
On NYC-WEB-A, in IIS Manager, add a Web site named Woodgrove and set its physical path to
c:\inetpub\woodgrove, and its http port to 88.
f Task 2: Copy the Woodgrove Application to the Appropriate Directory
Copy the Woodgrove application from e:\Mod02\Labfiles\Woodgrove to c:\inetpub\woodgrove.
f Task 3: Add the .NET 3.0 Feature and ASP.NET to the server
In Server Manager, add .NET 3.0 Framework and ASP.NET.
f Task 4: Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG
In IIS Manager, under Permissions, give Full Control to the security group
ITAdmins_WoodgroveGG.
Results: After this exercise, you should have successfully installed .NET 3.0 Framework, ASP.NET, and
created the Woodgrove site and copied its content.

Scenario
You will now create a new application pool for temporary applications..
Exercise Overview
In this exercise, you will learn how to create an application pool.
This exercises main task is:
1.
Create an application pool named TempPool.
f Task 1: Create an application pool named TempPool
On NYC-WEB-A, in IIS Manager, add an application pool named TempPool.

Results: After this exercise, you should have successfully added an application pool named TempPool.

Scenario
Next, you will configure the new application pools according to the needs for the new applications. You
will also practice starting, stopping, and recycling the application pools and configuring health settings.
You will also rename the Exec and Woodgrove pools to ExecPool and WoodgrovePool.
Exercise Overview
In this exercise, you will configure the application pools and validate functionality.
1.
2.
3.
4.
5.
6.
7.
Rename Woodgrove to WoodgrovePool.

Configure WoodgrovePool and the Woodgrove site for Windows Integrated authentication to allow
all authenticated users.
Configure TempPool to use LocalSystem as worker process identity.
Stop, start and recycle WoodgrovePool.
Configure TempPool for Classic Pipeline Mode.
Remove TempPool.
Configure Health and Recycling settings for WoodgrovePool.
f Task 1: Rename Woodgrove to WoodgrovePool
On NYC-WEB-A, in IIS Manager, rename the Woodgrove application pool to WoodgrovePool.
f Task 2: Configure WoodgrovePool and the Woodgrove site for Windows Integrated
authentication to allow all authenticated users
1.
2.
3.
In IIS Manager, disable Anonymous authentication for the Woodgrove site.

On NYC-SVR1, logon as LocalAdmin with password Pa$$w0rd.
Note that this machine is not joined to the domain. Browse to
http://nyc-web-a.woodgrovebank.com, then browse to
http://nyc-web-a-woodgrovebank.com:88 and compare results.
On NYC-WEB-A, browse to http://localhost:88 and compare results.
f Task 3: Configure TempPool to use LocalSystem as worker process identity
In IIS Manager, configure the TempPool application pool to use LocalSystem as its worker process
identity.
f Task 4: Stop, start and recycle WoodgrovePool

1.
2.
3.
In IIS Manager, stop the WoodgrovePool application pool and note the status.
Start the WoodgrovePool application pool and note the status.
Recycle WoodgrovePool and note the status.
f Task 5: Configure TempPool for Classic Pipeline Mode
In IIS Manager, configure the TempPool application pool to use the classic pipeline.
f Task 6: Remove TempPool
In IIS Manager, remove the application pool TempPool.
f Task 7: Configure Health and Recycling settings for WoodgrovePool
In IIS Manager, configure the WoodgrovePool application pool to recycle after every 1000
requests, to log the number of requests, and set the Rapid Fail Failure Interval to 10 minutes.
the application pools.
Lab Instructions: Configuring IIS 7.0 Application Settings
Module 3
Contents:
Exercise 1: Configuring ASP.NET
Exercise 2: Configuring ASP.NET Application Development Settings
Exercise 3: Configuring a Web Server to Host Multiple Applications with

Separate Application Pools
Exercise 4: Configuring ASP.NET Security
Lab Instructions: Configuuring IIS 7.0 Application Settings
Lab: Con
nfigurin
ng IIS 7..0 Appliication Setting
gs
ng ASP.NE
ET
Sccenario
Yo
ou receive a se
erprise Design Team to deplo
oy an application server. You
u need
to
o add and configure the ASP
P.NET role servvice, and Application Server role, on the Web
W Server. The
e server
w be available
will
e from the Inte
ernet and Saless Associates will
w need to log in with the usser name sale
es and
pa
assword supp
port from theiir clients sites to get contactt information for
f support. Th
his requires a medium
m
le
evel of securityy. If there is an error, the erro
or message retturned to the client
c
browser should direct the
usser to contact their district sales manager for login inforrmation.
Ex
xercise Ove
erview
In
n this exercise, you will learn how to add th
he ASP.NET ro
ole service and configure ASP
P.NET. You will
ch
hoose and con
nfigure the app
propriate auth
hentication mo
odel, and set up custom error pages to han
ndle
HTTP errors.
Th
his exercises main
m
tasks are:
1..
2..
3..
4..
5..
6..
Start the 64
hine.
Start the 64
427A-NYC-WE
EB-A virtual ma
achine and log
g on as Woodg
Add ASP.NET and Basic Security
S
feature
es to the IIS Ro
ole.
Create the SalesSupport application
a
an
nd copy the ASSP.NET application files.
Configure Basic
B
Security to
t allow access to authentica
ated Woodgro
ovebank doma
ain users.
Configure custom
c
error pages
p
for 401.a
aspx for 401 errors, and Other_Errors.aspx for all other errors.
f Task 1: Start the

t 6427A-N
NYC-DC1 virtual machin
ne and log on
o as LocalA
Admin
Start 6427A
A-NYC-DC1, and
a log on as LocalAdmin
L
w the passw
with
word of Pa$$w
w0rd.
f Task 2: Start the 6427A-NYC-WEB-A virtual machine and log on as

Woodgrovebank\Administrator
Start 6427A-NYC-WEB-A, and log on as Administrator with the password of Pa$$w0rd.
f Task 3: Add ASP.NET and Basic Security features to the IIS Role
On NYC-WEB-A, use Server Manager to add the ASP.NET and Basic Authentication role services.
f Task 4: Create the SalesSupport application and copy the ASP.NET application files
1.
2.
On NYC-WEB-A, use IIS Manager to add the SalesSupport application with a physical path of
c:\inetpub\wwwroot\SalesSupport.
Copy the application files from E:\Mod03\Labfiles\SalesSupport to
f Task 5: Configure Basic Security to allow access to authenticated Woodgrovebank

domain users
1.
2.
3.
4.
On NYC-WEB-A, use IIS Manager to disable Anonymous Authentication and enable Basic
Authentication for the domain and realm woodgrovebank.
Browse to http://localhost/salessupport. Notice that you are prompted for credentials. Enter user
name yvonne with password Pa$$w0rd.
Close and reopen the browser, and then browse again to http://localhost/salessupport. Try logging
in with credentials that do not have a domain account, such as user name Bob with no password.
Close the browser before continuing to the next task.
f Task 6: Configure custom error pages for 401.aspx for 401 errors, and Other_Errors.aspx
for all other errors
1.
2.
3.
4.
Copy the contents of E:\Mod03\Labfiles\WBErrors to c:\inetpub\custerr

\en-US.
In IIS Manager, edit the custom error for error 401 so that it redirects to 401.aspx. Edit the custom
error code for error 404 so that it redirects to Other_Erros.aspx. Note that you would repeat this for
the rest of the error codes if you were doing this in a real world situation.
Open Internet Explorer and browse again to http://localhost/salessupport. Try logging in with
credentials that do not have a domain account, such as user name Bob with no password.
If prompted, assign the site to the allowed list, and then note the custom 404 error.
Results: After this exercise, you should have successfully verified that the ASP.NET role service is
installed, configured Basic authentication, and verified custom error pages in Internet Explorer.

Scenario
Next you will configure some test settings for the SalesSupport application. The Enterprise Design team is
planning on implementing a database to store the support resource data. You will need to enter the
provided connection string. You will also rename the cookie that the page uses to SalesSupport. Next you
will create a custom control for testing the new configuration. Finally, you will set some application
settings and then verify that the application can read them by loading the custom test page.
Exercise Overview
In this exercise, you will learn how to configure ASP.NET application development settings.
1.
2.
3.
4.
Configure ASP.NET Connection Strings to connect to Resources.MDF.

Configure ASP.NET Session State settings to rename the cookie to SalesSupport.
Add a custom control: Woodgrovebank.TestControls Version=1.0.0.0.
Add application settings at Site and Application levels.
f Task 1: Configure ASP.NET Connection Strings to connect to Resources.MDF
On NYC-WEB-A, in IIS Manager, modify the Connection Strings for the SalesSupport application
to use the following connection string as LocalResources:
data
source=.\SQLEXPRESS;AttachDbFileName=e:\mod03\labfiles\resources.mdf;IntegratedSecurit
y=True
f Task 2: Configure ASP.NET Session State settings to rename the cookie to SalesSupport
Rename the Session State cookie name to SalesSupport_SessionID.
f Task 3: Add a custom control: Woodgrovebank.TestControls Version=1.0.0.0
In IIS Manager, register a new custom control with the tag preface of Woodgrovebank. Set the
Namespace to TestControls and the Assembly to Version=1.0.0.0.
f Task 4: Add application settings at site and application levels

1.
2.
3.
4.
5.
Open Internet Explorer and browse to http://localhost/salessupport

/test.aspx. Enter username yvonne and password Pa$$w0rd. Notice that the test application reports
that no application settings are defined.
In IIS Manager, add an Application setting named DefaultLocation with the value "New York" to
the Default Web Site.
In Internet Explorer, refresh the page and compare the results.
In IIS Manager, note the inheritance setting for the Application Settings, Add another Application
setting named debug_mode with value "true".
In Internet Explorer, refresh the page and compare results. Close Internet Explorer before
continuing.
Results: After this exercise, you should have configured ASP.NET development settings and verified test
page functionality.

Scenario
You will now deploy the SalesSupport application to two new instances. Once instance will be a test
deployment with additional testing configuration. Another instance will be for the German division of
Woodgrove and will need to be set for German globalization settings. Additionally, you will disable the
debug mode for the production version of SalesSupport.
Exercise Overview
1.
2.
3.
4.
5.
6.
7.
8.
Create three application pools named SalesSupport, SalesSupport_De, and SalesSupport_Test.

Create the applications SalesSupport_De and SalesSupport_Test.
Use XCopy to deploy the files from the SalesSupport directory to the SalesSupport_DE and
SalesSupport_Test directories.
Assign the applications to the appropriate application pools.
Configure application pool recycling for unlimited requests.
Configure the SalesSupport_Test application pool to record recycled events.
Configure the SalesSupport .NET compilation debug setting to False.
Configure the SalesSupport_De application globalization settings for Germany.
f Task 1: Create three application pools named SalesSupport, SalesSupport_De, and

SalesSupport_Test
On NYC-WEB-A, in IIS Manager, add three application pools named SalesSupport,

SalesSupport_De, and SalesSupport_Test.
f Task 2: Create the applications SalesSupport_De and SalesSupport_Test

1.
2.
In IIS Manager, create an application named SalesSupport_De with a physical path of

c:\inetpub\wwwroot\SalesSupport_De.
Create an application named SalesSupport_Test with a physical path of
c:\inetpub\wwwroot\SalesSupport_Test.
f Task 3: Use XCopy to deploy the files from the SalesSupport directory to the
SalesSupport_DE and SalesSupport_Test directories
At the command prompt, change to the c:\inetpub\wwwroot directory and then use XCopy to copy
the files and directory structure from SalesSupport to SalesSupport_De and SalesSupport_Test.
f Task 4: Assign the applications to the appropriate application pools

1.
2.
In IIS Manager, modify the SalesSupport, SalesSupport_De and SalesSuppot_Test to use their
correspondingly named application pools.
Disable anonymous authentication and enable basic authentication with the domain and realm of
woodgrovebank for both SalesSupport_De and SalesSupport_Test applications.
f Task 5: Configure production application pool recycling for unlimited requests
In IIS Manager, modify the SalesSupport and SalesSupport_De application pool recycling so that
they do not recycle on regular intervals.
f Task 6: Configure the SalesSupport_Test application pool to record recycled events
In IIS Manager, modify the SalesSupport_Test application pool recycling to recycle every 1024
requests, and modify the Recycling Events to Log to log number of requests, On-Demand, and
Configuration Changes.
f Task 7: Configure the SalesSupport .NET compilation debug setting to False
In IIS Manager, modify the SalesSupport .NET Compilation behavior settings so that Debug is
False.
f Task 8: Configure the SalesSupport_De application globalization settings for Germany

1.
2.
3.
4.
5.
In IIS Manager, modify the SalesSupport_De .NET Globalization settings so that culture and UI
Culture are set to German (Germany) (de-DE).
Start Internet Explorer and browse to http://localhost/salessupport and enter user name yvonne
and password Pa$$w0rd. On a second and third tab, browse to http://localhost/salessupport_de
and http://localhost
/salesupport_test with yvonne's credentials so that all three applications are loaded in the browser.
Open Task Manager and note the instances of w3wp.exe.
In Internet Explorer, browse to http://localhost/salessupport_de/test.aspx and notice the date
format in the page.
Close Internet Explorer before continuing.
Results: After this exercise, you should have successfully deployed multiple applications with separate
application pools, configured recycling and debug settings, and configured and verified .Net
globalization settings.

Scenario
Next, you will configure the machine key, .NET trust level, and File and Folder security.
Exercise Overview
In this exercise, you will configure ASP.NET security settings.
1.
2.
3.
4.
5.
Set the machine key of SalesSupport_de.

Configure the SalesSupport_Test site for medium trust level.
Configure File and Folder security so that only ITAdmins_WoodgroveGG can access the Test.aspx
page on SalesSupport.
Enable Tracing and Logging for the SalesSupport_Test site.
Configure Request Filtering so that only ASPX requests are processed.
f Task 1: Set the machine key of SalesSupport_de
On NYC-WEB-A, in IIS Manager, generate a new Machine Key for SalesSupport_De.
f Task 2: Configure the SalesSupport_Test site for medium trust level
In IIS Manager, set the .NET Trust Level to Medium for the application SalesSupport_Test.
f Task 3: Configure File and Folder security so that only ITAdmins_WoodgroveGG can
access the Test.aspx page in SalesSupport
1.
2.
3.
4.
In IIS Manager, modify the permissions of SalesSupport\test.aspx so that permissions are not
inherited and only ITAdmins_WoodgroveGG is allowed.
In Internet Explorer, browse to http://localhost/salessupport/test.aspx and try to use the
credentials of yvonne as user name and password Pa$$w0rd.
Refresh the page and log in with a user account that is a member of ITAdmins_WoodgroveGG, such
as user name Betsy and password Pa$$w0rd.
f Task 4: Enable Tracing and Logging for the SalesSupport_Test site

1.
2.
In IIS Manager, add all of the role services for Health and Diagnostics to the Web Server role.
In Notepad, open c:\inetpub\wwwroot\SalesSupport_Test\test.aspx.
a.
Modify the first line to read:

<@ Page Language="C#" trace="true" %>
b. Modify the fifth line to read:

Response.Write("This message should appear");
c.
Save the file and close Notepad.
3. In Internet Explorer, browse to http://localhost/salessupport_test

/test.aspx and use credentials of user name Betsy and password Pa$$w0rd if prompted.
4. Examine the page for trace messages and information. Close Internet Explorer.
5. In IIS Manager, enable Web Site Failed Request Tracing for the Default Web Site, and then add a
Failed Request Tracing Rule to trace ASP.NET for Status code 200 with verbose results.
6. Open Internet Explorer, and browse to http://localhost/salessupport_test
/test.aspx and use credentials of user name Betsy and password Pa$$w0rd if prompted.
7. In Internet Explorer, open the most recent fr######.xml file from
c:\inetpub\logs\failedreqlogfiles\w3svc. Examine the Errors and Warning section.
f Task 5: Configure Request Filtering so that only ASPX requests are processed
1.
2.
3.
In Internet Explorer, browse to http://localhost/welcome.png, and then browse to

http://localhost/iisstart.htm. Notice that this page contains the graphic.
Close Internet Explorer.
In Notepad, open c:\inetpub\wwwroot\web.config. After the sixth line, add the following security
section:
<security>
<requestFiltering>
<fileExtensions allowUnlisted="false" >
<add fileExtension=".aspx" allowed="true"/>
</fileExtensions>
</requestFiltering>
</security>
4.
5.
6.
7.
Save the file and close Notepad.
Open Internet Explorer, and browse to http://localhost/welcome.png. Notice the error.

Browse to http://localhost/iisstart.htm. Notice the error.
At the command prompt, change to the c:\inetpub\wwwroot directory and then copy iisstart.htm
to iisstart,aspx.
In Internet Explorer, browse to http://localhost/iisstart.aspx. Notice that the page loads without
error, but the graphic does not display.
the advanced security settings for ASP.NET.
Lab Instructions: Configuring IIS 7.0 Modules
Module 4
Contents:
Exercise 1: Configuring and Editing Native Modules
Exercise 2: Configuring and Editing Managed Modules
Lab Instructions: Configuuring IIS 7.0 Moduless
Lab: Con
nfigurin
ng and Editing
E
Modules
ng and Editing Nativ
ve Module
es
Sccenario
Yo
ou received a service requesst from the app
plication development team
m specifying the
e modules tha
at are
re
equired to install, test, and ru
un an application on the spe
ecified Web se
erver. To reducce the server fo
ootprint
an
nd vulnerabilitty, you must re
emove the unn
necessary mod
dules.
Ex
xercise Ove
erview
In
n this exercise, students will learn how to re
emove native modules from
m a Web serverr to improve se
ecurity
an
nd reduce the server footprint.
Th
he main tasks for this exercisse are as follow
ws:
1..
2..
3..
4..
5..
6..
7..
Start the 64
427A-NYC-WE
EB-B virtual ma
achine and log
g on as Administrator.
Backup the
e current Web server configu
uration.
Examine the modules currrently installed on the Web server.
Remove the
e Default Docu
ument Module
e and the Directory Listing Module.
M
Validate tha
at the module
es have been re
emoved and te
est the new se
erver configura
ation.
Restore the
e modules to the Web serverr configuration
n.
Validate tha
at the module
es have been re
estored and te
est the server configuration.
f Task 1: Start the

t 6427A-N
NYC-WEB-B
B virtual macchine and log on as Adm
ministrator
Start 6427A
A-NYC-WEB-B
B, and log on as Administra
ator with the password of Pa$$w0rd.
f Task 2: Backu
up the current Web serv
ver configurration
Open comm
mand prompt and use appcm
md to backup the server con
nfiguration.
f Task 3: Examine the modules currently installed on the Web server
Use the IIS Manager to examine the modules.
f Task 4: Remove the Default Document Module and the Directory Listing Module
1.
2.
3.
4.
5.
Browse the default Web site.

Use Notepad to edit the applicationHost.config.
Delete the DefaultDocumentModule and the DirectoryListingModule entries from within the
<globalModules> tag.
Delete the references to the DefaultDocumentModule and the DirectoryListingModule from
within the <handlers accessPolicy="Read, Script"> tag.
<modules> tag.
f Task 5: Validate that the modules have been removed and test the new server
configuration
1.
2.
3.
Use IIS Manager to validate that the removed modules entries are missing.
Use Internet Explorer to check the default Web site.
Use Internet Explorer to retrieve the default Web page.
Default Web pageURL: http://localhost/default.aspx
f Task 6: Restore the modules to the Web server configuration
Open command prompt and use appcmd to restore the server configuration.
f Task 7: Validate that the modules have been restored and test the server configuration
Open command prompt and use appcmd to backup the server configuration.
Results: After this exercise, you should have successfully removed native modules from a Web server, and
then confirmed that the server operates as expected

Scenario
To increase throughput, it has been determined that output caching would be beneficial on some of the
applications on the Web server. You need to make sure that the Output Cache module is installed and
configured as specified in the service request. The development team also requested the installation of a
new Managed Module that provides an additional level of logging for their application.
Exercise Overview
In this exercise, students will learn how to add new managed modules to a Web server.
The main tasks for this exercise are as follows:
1.
2.
3.
4.
5.
6.
Install the logging managed module.

Confirm the installation of the logging managed module.
Test the Web sites forms authentication page.
Examine the modules currently running on the Web server.
Remove the forms authentication managed module.
Test the new configuration.
f Task 1: Install the logging managed module

1.
Create a new folder:
2.
3.
4.
C:\inetpub\ logging_module\
Copy files for logging_module Web site.
Source: E:\Mod04\Labfiles\logging_module
Destination: C:\inetpub\ logging_module\
Change the security for C:\inetpub\logging_module\logs to allow Users (NYC-WEB-B\Users).

Use IIS Manager to add a new Web site:
Site name: logging_module
Physical path: C:\inetpub\logging_module
Port: 8181
f Task 2: Confirm the installation of the logging managed module

1.
2.
3.
4.
Use Internet Explorer to view the logging_module Web site.

Load the Web site's second page.
Use IIS Manager to examine the modules for the logging_module Web site.
Examine the logs created by the logging_module Web site.
Location: C:\inetpub\logging_module\logs
f Task 3: Test the Web sites forms authentication page
Use Internet Explorer to log into the default Web site and retrieve a confidential memo.
Destination: Shared Documents
Email: lmartin@woodgrovebank.com
Password: Pa$$w0rd
Memo: Woodgrove Confidential Memo
f Task 4: Examine the modules currently running on the Web server
Use IIS Manager to examine the OutputCache module.
f Task 5: Remove the forms authentication managed module
Use IIS Manager to remove the FormsAuthentication module.
f Task 6: Test the new configuration
Attempt to view the Shared Documents folder again using Internet Explorer.
Results: After this exercise, you should have successfully added a managed module to the Web server.
Lab Instructions: Securing the IIS 7.0 Web Server and Web Sites
Module 5
Lab Instructions: Securing the IIS 7.0 Web Server and Web
Sites
Contents:
Exercise 1: Configure a Secure Web Server
Exercise 2: Configure Authorization, Authentication, and Access
Exercise 3: Configure Logging
Lab Instructions: Securinng the IIS 7.0 Web Server and Web Sites
Lab: Seccuring IIIS 7.0 Web

W Serrver and
d Web Sites
Exercise 1: Configure
e a Secure Web Serve
er
Sccenario
Additional security measures need to be pu
ut in place to protect
p
the We
eb server. Thesse measures will
prrotect the Web
b server against unauthorize
ed access by sp
pecific IP addresses and dom
mains.
Additional ISAP
PI and CGI restrictions need to
t be put into place. Then yo
ou are given a list of accoun
nts
au
uthorized for a specific site. You must give
e separate acce
ess to the IT Admin group and the developer,
Herbert Dorner.
Th
ws:
1..
2..
3..
4..
5..
6..
7..
8..
9..
Start the 64
hine and log on as Administrrator.
Start the 64
427A-NYC-WE
EB-B virtual ma
achine and log
g on as Administrator.
Create a self-signed serve
er certificate fo
or the Web serrver.
Block IP addresses as spe
ecified in the se
ervice request..
Examine the current ISAP
PI and CGI Resttrictions.
Install the .NET Framework 1.1.
Set ISAPI an
nd CGI restricttions to use ASSP.NET version
n 1.1.
Set the righ
hts and permisssions for Activve Directory ussers.
Test and va
alidate the new
w configuration
n.
f Task 1: Start the

t 6427A-N
ne and log on as Admin
nistrator
Start 6427A
A-NYC-DC1.
f Task 2: Start the

t 6427A-N
NYC-WEB-B
ministrator
Start 6427A
A-NYC-WEB-B
B, and log on as Administra
ator with the password of Pa$$w0rd.
f Task 3: Create a self-signed server certificate for the Web server

1.
2.
3.
On NYC-WEB-B, open the IIS Manager.

Open Server Certificates.
Create a Self-Signed Certificate:
Friendly name: woodgrovebank
f Task 4: Block IP addresses as specified in the Service Request

1.
2.
Using the IIS Manager, set IPv4 Address and Domain Restrictions.
Add a deny rule entry:
3.
Specific IPv4 address: 10.10.20.1
Add a deny rule entry:
IPv4 address: 10.10.10.0
Mask: 255.255.255.0
f Task 5: Examine the current ISAPI and CGI Restrictions
Using the IIS Manager, examine the ISAPI and CGI Restrictions.
f Task 6: Install the .NET Framework 1.1

1.
2.
File location: E:\ Mod05\Labfiles
Installer: dotnetfix.exe
Install the .NET Framework 1.1 Service Pack 1.
File location: E:\ Mod05\Labfiles
Installer: NDP1.1sp1-KB867460-X86.exe
f Task 7: Set ISAPI and CGI restrictions to use ASP.NET version 1.1
1.
2.
Using the IIS Manager, set the ISAPI and CGI Restrictions.
Allow ASP.NET v1.1.4322.
f Task 8: Set the rights and permissions for Active Directory users
Set the rights and permissions for Active Directory users.
Folder: C:\inetpub\wwwroot\
Location: WoodgroveBank.com
Object names to select: ITAdmins_WoodgroveGG
Object names to select: Herbert
Allow: Full control
f Task 9: Test and validate the new configuration
Validate the new configuration.
Group or user names: ITAdmins_WoodgroveGG
Group or user names: Herbert Dorner
Results: After this exercise, you should have successfully set IP restrictions, ISAPI and CGI restrictions,
and Active Directory permissions, as specified in a service request document
Exercise 2: Configure Authorization, Authentication, and Access

Scenario
Additional security measures need to be put in place to protect the Web server. An application is
protected with forms authentication, but it is discovered that some of the content can bypass forms
authentication and still be accessed, such as a jpg, by entering the direct URL path and file name. You
must configure the protected content to use the managed forms authentication module.
1.
2.
3.
4.
5.
6.
Turn off the Web site cache for the shared documents folder.
Sign into the Woodgrove Bank Web site and retrieve the confidential memo.
Bypass the Web site forms authentication.
Modify the applicationHost.config file to handle forms authentication.
Reconfigure the authorization and authentication so that the protected content uses forms
authentication.
Test and validate the Web sites new configuration
f Task 1: Turn off the Web site cache for the shared documents folder
Using the IIS Manager, add Custom HTTP Response Header.
Name: Cache-Control
Value: no-cache
f Task 2: Sign into the Woodgrove Bank Web site and retrieve the confidential memo
1.
2.
Use Internet Explorer to log into the default Web site and retrieve a confidential memo.
Password: Pa$$w0rd
Sign-out of the Web site.
f Task 3: Bypass the Web site forms authentication
Use Internet Explorer to retrieve the Confidential Memo.
Confidential Memo URL: http://localhost/docs/shared/Woodgrove_memo.jpg
f Task 4: Modify the applicationHost.config to unlock the URL Authorization

<configSections> section by changing the override mode default to allow
Unlock URL Authorization in the applicationHost.config file:
File location: C:\windows\system32\inetsrv\config
File name: applicationHost.config
Section: <configSections>
Original code:
<section name="authorization" overrideModeDefault="Allow" />
Replacement code:
<section name="authorization"
type="System.WebServer.Configuration.UrlAuthorizationSection,
System.ApplicationHost, Version=7.0.0.0, culture=neutral,
PublicKeyToken=31bf3856ad364e35" overrideModeDefault="Allow" />
f Task 5: Modify the applicationHost.config <applicationPools> section to change the

Classic .NET application pool to Integrated mode
Change the Classic .NET application pool to Integrated mode in the applicationHost.config file:
Section: <applicationPools>
Original code:
<add name="Classic .NET AppPool" managedPipelineMode="Classic" />
Replacement code:
<add name="Classic .NET AppPool" managedPipelineMode="Integrated" />
f Task 6: Modify the applicationHost.config file to disable all other authentication types
except for anonymous
Disable all other authentication types except for anonymous in the applicationHost.config file:
Section: <authentication>
Append enabled="false" to:
clientCertificateMappingAuthentication
digestAuthentication
iisClientCertificateMappingAuthentication
windowsAuthentication
f Task 7: Modify the applicationHost.config file to protect all content by removing the
managedHandler precondition from the <system.webServer> section
Protect all content by removing the managedHandler precondition in the applicationHost.config file:
Section: <system.webServer>
Original code:
<add name="FormsAuthentication"
type="System.Web.Security.FormsAuthenticationModule" preCondition="managedHandler"
/>
Replacement code:
<add name="FormsAuthentication"
type="System.Web.Security.FormsAuthenticationModule" />
Original code:
<add name="DefaultAuthentication"
type="System.Web.Security.DefaultAuthenticationModule"
preCondition="managedHandler" />
Replacement code:
type="System.Web.Security.DefaultAuthenticationModule" />
f Task 8: Reconfigure the authorization and authentication so that the protected content
uses forms authentication
1.
Reconfigure authorization so that the protected content uses forms authentication in the Web.Config
file:
File location: C:\inetpub\wwwroot
File name: Web.Config
Section: <authorization>
Add the line <allow users=lmartin@woodgrovebank.com />, above the line 
Original code:
<
Replacement code:
<deny users="?" />
2.
Using the IIS Manager, reconfigure authentication so that the protected content uses forms
authentication.
Launch Authentication
Disable Anonymous Authentication
f Task 9: Test and validate the Web sites new configuration

1.
2.
3.
Use Internet Explorer to log into the default Web site and retrieve the confidential memo.
Password: Pa$$w0rd
Sign-out of the Web site.

Use Internet Explorer and attempt to retrieve the Confidential Memo.
Confidential Memo URL: http://localhost/docs/shared/Woodgrove_memo.jpg
Results: After reconfigure the Web sites authorization and authentication, so that all content uses
forms authentication and thereby protecting the confidential memo, the only way to obtain the memo
is by having the correct credentials.

Scenario
Additional security measures need to be put in place to protect the Web server. You received a service
request to keep a log of all visitors to the Web server for the past 24 hours. You must enable and
configure logging and then test and verify the log.
1.
2.
Examine and configure logging options.

Test the logging operations.
f Task 1: Examine and configure logging options
Using the IIS Manager, set the logging options.
Select: Use local time for file naming and rollover
f Task 2: Test the logging operations

1.
2.
Using Internet Explorer, refresh the Web site.

View the log file:
Log file location: C:\ inetpub\logs\LogFiles\W3SVC1
Results: After examining the configuration of the Web servers logging settings, the current log file was
examined and proven to successfully track the Web servers activity.
Lab Instructions: Configuring Delegation and Remote Administration
Module 6
Lab Instructions: Configuring Delegation and Remote
Administration
Contents:
Exercise 1: Configuring Remote Administration
Exercise 2: Configuring Delegated Administration
Exercise 3: Configuring Feature Delegation
Lab Instructions: Configuuring Delegation andd Remote Administration
LLab: Con
nfigurin
ng Delegation and Rem
mote
A
Adminis
stration
ng Remote
e Administration
Sccenario
Yo
ou need to be able to config
gure the server remotely. Yo
ou must enable
e remote admiinistration and
d then
te
est it by accesssing the admin
nistration featu
ures from a rem
mote compute
er.
A new site has been
b
set up an
nd you have be
een asked to delegate
d
the administration of the site to the
t
bu
usiness owner. You will need
d to give the business
b
ownerr permission to
o administer th
heir site only, but
b not
th
he other sites hosted
h
on the server.
Yo
ou have been assigned a serrvice request to allow all site
e owners to administer the error messages for
th
heir site. You must
m
unlock the error page feature
f
so that it can be dele
egated.
In
n this exercise you
y will practice configuring
g a Web serverr for remote ad
dministration.
Th
his exercises main
m
tasks are:
1..
2..
Configure NYC-WEB-B
N
fo
or remote adm
ministration.
Test NYC-W
WEB-B remote administration.
f Task 1: Configure NYC-W

WEB-B for re
emote admin
nistration
1..
2..
3..
Add the IIS Managementt role service to

o NYC-WEB-B
B.
Configure the
t IIS Manage
ement service to accept both
h Windows Credentials and IIS Manager
Credentialss.
Start the IIS
S Management service.
f Task 2: Test NYC-WEB-B

N
remote adm
ministration
1..
On NYC-DC
C1, add the IISS Managemen
nt Console.
2.
On NYC-DC1, use the IIS Management Console to connect to NYC-WEB-B.
On the NYC-WEB-B Default Web Site, set index.htm at the first default document.
Results: After completing this exercise, you should have configured the IIS Management Service to
accept remote connections and you should have tested a remote connection from NYC-DC1.

Scenario
You need to be able to configure the server remotely. You must enable remote administration and then
test it by accessing the administration features from a remote computer.
A new site has been set up and you have been asked to delegate the administration of the site to the
business owner. You will need to give the business owner permission to administer their site only, but not
the other sites hosted on the server.
You have been assigned a service request to allow all site owners to administer the error messages for
their site. You must unlock the error page feature so that it can be delegated.
In this exercise you will practice delegating administration of two Web sites to the appropriate business
owners.
1.
2.
3.
4.
Configure delegated administration for the Human Resources site.

Share the Woodgrove sales Web site for Betsy Stadick.
Configure delegated administration for the Sales site.
Test delegated administration for the Human Resources and Sales sites.
f Task 1: Configure delegated administration for the Human Resources site

1.
2.
On NYC-WEB-B, share WoodgroveHRSite.
Location: E:\Mod06\Labfiles
Site: WoodgroveHRSite
Administrator: Herber Dorner
Rights: Co-owner
Using IIS Manager, grant the Windows user Herber Dorner access to the HR site.
f Task 2: Share the Woodgrove sales Web site for Betsy Stadick
On NYC-WEB-B, share the Woodgrove sales Web site for Betsy Stadick.
Location: E:\Mod06\Labfiles
Site: WoodgroveSalesSite
Administrator: Betsy Stadick
Rights: Co-owner
f Task 3: Configure delegated administration for the Sales site
Allow configuration override for the authentication section of applicationHost.config.
Use Notepad to open C:\windows\system32\intesrv\config

\applicationhost.config.
Remove the following text:

<anonymousAuthentication enabled="true" userName="IUSR" />
<basicAuthentication />
<clientCertificateMappingAuthentication />
<digestAuthentication />
<iisClientCertificateMappingAuthentication
Insert the following text on the line before </configuration>:

The text is available in the file: C:\Mod06\Labfiles\EnableAnonymousAuthentication.txt.
<location overrideMode="Allow">
<system.webServer>
<security>
<authentication>
<basicAuthentication />
<iisClientCertificateMappingAuthentication />
<windowsAuthentication />
</authentication>
</security>
</system.webServer>
</location>
Save changes to the applicationHost.config file.
f Task 4: Test delegated administration for the Human Resources and Sales sites
1.
2.
3.
On NYC-DC1, log in as woodgrovebank\herbert with a password of Pa$$w0rd.

Use IIS Manager to connect to the HR site on NYC-WEB-B.
Password: Pa$$w0rd
Server name: NYC-WEB-B
Site name: HR
User name: herbert@woodgrovebank.com
Connection Name: Human Resources Site
Use IIS Manager to connect to the Sales site on NYC-WEB-B.
Password: Pa$$w0rd
Server name: NYC-WEB-B
Site name: Sales
User name: herbert@woodgrovebank.com
Question: Why does an error occur?

Answer: This error occurs because Herbert was not granted IIS Manager permission on the Sales site.
4.
5.
Log in to NYC-DC1 as woodgrovebank\betsy with a password of Pa$$w0rd.

Disable Windows authentication and anonymous authentication in the Web.config file for the Sales
site.
Use Notepad to open \\NYC-WEB-B\WoodgroveSalesSite\Web.Config.
Insert the following text on the line before </configuration>:
The text is available in the file: C:\Mod06\Labfiles\DisableAuthentications.txt

<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled=false />

<anonymousAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
6.
Save changes to the Web.config file.
Use Internet Explorer to access http://sales.woodgrovebank.com.

Question: Why does the server report a 401 error?
Answer: The server reports a 401 error because both Anonymous Authentication and Windows
Authentication have been disabled. The web server is unable to service a request for a web page if no
means for authentication is configured.
7.
Attempt to configure \\NYC-WEB-B\WoodgroveHRSite\Web.Config.
Results: After completing this exercise, you should have successfully delegated administration
for the Human Resources Web site to Herber Dorner and delegated administration for the
Sales Web site to Betsy Stadick.

Scenario
You need to be able to configure the server remotely. You must enable remote administration and then
test it by accessing the administration features from a remote computer.
A new site has been set up and you have been asked to delegate the administration of the site to the
business owner. You will need to give the business owner permission to administer their site only, but not
the other sites hosted on the server
You have been assigned a service request to allow all site owners to administer the error messages for
their site. You must unlock the error page feature so that it can be delegated.
In this exercise you will practice configuring delegated administration so that all site owners can
administer the error messages for their site.
1.
2.
Configure feature delegation for the Human Resources and Sales sites.
Test feature delegation for the Human Resources site.
f Task 1: Configure feature delegation for the Human Resources and Sales sites
On NYC-WEB-B, use feature delegation to set Error Pages to Read/Write.
f Task 2: Test feature delegation for the Human Resources site

1.
2.
3.
4.
On NYC-DC1, log in as woodgrovebank\herbert with a password of Pa$$w0rd.

Use IIS Manager to connect to the HR site on NYC-WEB-B with the user name
herbert@woodgrovebank.com.
Set a custom error page of /ErrorPages/custom404.htm for the 404 error page.
Use Internet Explorer to open URL: http://hr.woodgrovebank.com/missingpage.htm
Results: After completing this exercise, you should have successfully configured the Human Resources
and Sales sites so that the site owners can customize error pages for each site.
Lab Instructions: Using Command-line and Scripting for IIS 7.0 Administration
Module 7
Lab Instructions: Using Command-line and Scripting for IIS
7.0 Administration
Contents:
Exercise 1: Manage IIS Web Sites with PowerShell
Exercise 2: Use Microsoft.Web.Administration
Exercise 3: Automate IIS Administration using Scripts
Exercise 4: Navigating IIS tasks using WMI and AppCmd
Lab Instructions: Using Command-line and Scripting for IIS 7.0 Addministration
LLab: Using Com

mmand--line and Scriptting forr IIS 7.0
A
Adminis
stration
Exercise 1: Manage IIIS Web Sittes with Po

owerShell
Sccenario
Th
he developme
ent team requires additional tools to mana
age their Web sites. First you
u need to make
e sure
th
hat PowerShelll will correctly manage the servers service
es and make su
ure it can succe
essfully stop and start
th
he Web service
e.
In
n this exercise, you will learn how to use Po
owerShell to manage IIS 7.0..
Th
ws:
1..
2..
3..
4..
5..
6..
Start the 64
427A-NYC-WE
EB-B virtual ma
achine and log
g on as Woodg
Use PowerS
Shell to identiffy all services.
Use PowerS
Shell to identiffy running servvices that startt with a "w".
Stop the w3
3svc service ussing PowerShe
ell.
Start the w3
3svc service ussing PowerShe
ell.
List the Pow
wershell.exe prrocess using th
he get-wmiobjject cmdlet.
f Task 1: Start the

t 6427A-N
NYC-WEB-B
ministrator
f Task 2: Use PowerShell
P
to
o identify alll services
Use the gett-service cmd

dlet.
f Task 3: Use PowerShell

P
to
o identify ru
unning services that starrt with a w
Use the gett-service -include w* | sortt-object -prop

perty status cmdlet.
f Task 4: Stop the w3svc service using PowerShell
Use the stop-service cmdlet.
Use the get-service cmdlet to confirm.
f Task 5: Start the w3svc service using PowerShell
Use the start-service cmdlet.
Use the get-service cmdlet to confirm.
f Task 6: List the Powershell.exe process using the get-wmiobject cmdlet
Use the Get-WmiObject -query "Select * From Win32_Process Where Name = 'powershell.exe'"
cmdlet.
Results: After this exercise, you should have successfully identified, stopped and started services using
PowerShell.

Scenario
You need to verify that a script will effectively stop and start using MWA. Run the script and then check to
make sure that the service is stopped. Then restart the service using the script and verify that it is started.
In this exercise, you will learn how to use MWA to execute a script.
1.
2.
3.
4.
Load Microsoft.Web.Administration.dll.
Get Web site information with MWA.
Create a function using MWA to find Web sites.
Use the findsite function to list the default Web site, the default Web site ID, and then stop and start
the default Web site.
f Task 1: Load Microsoft.Web.Administration.dll
Open PowerShell.
Use this command:

[System.Reflection.Assembly]::LoadFrom(C:\windows\system32\inetsrv\Microsoft.Web.Admi
nistration.dll")
f Task 2: Get Web site information with MWA
(New-Object Microsoft.Web.Administration.ServerManager).Sites
(New-Object Microsoft.Web.Administration.ServerManager).Sites | ForEach-Object {$_.Name}
f Task 3: Create a function using MWA to find Web sites
function findsite {$name=$args[0]; ((New-Object

Microsoft.Web.Administration.ServerManager).Sites | Where-Object {$_.Name match
$name}); }
f Task 4: Use the findsite function to list the default Web site, the default Web site ID, and
then stop and start the default Web site
Results: After this exercise, you should have successfully used Microsoft.Web.Administration to gather
Web site information and created a function to start and stop the default Web site.

Scenario
The development team provided you with a script that lists Web sites on the server. You need to test and
run the script using PowerShell.
You also need to deploy several identical Web sites using the same default content located on a share. A
PowerShell script will be used to automate this task.
In this exercise, you will learn how to use a PowerShell scripts.
1.
2.
3.
4.
5.
6.
7.
Create Microsoft.PowerShell profile script to automatically load assemblies.

Set execution policy to unrestricted.
Add a global variable to profile script.
List sites using global variable.
Use PowerShell script to find sites.
Review and run a script to create a Web site.
Use PowerShell script to verify site was created.
f Task 1: Create Microsoft.PowerShell profile script to automatically load assemblies
To open profile script: if (test-path $profile) {echo Path exists.} else {new-item path $profile
itemtype file force}; notepad $profile
Profile script:
echo Microsoft IIS 7.0 Environment Loader

echo Copyright 2006 Microsoft Corporation. All rights reserved.
echo Loading IIS 7.0 Managed Assemblies
$inetsrvDir = (join-path path $env:windir childPath \system32\inetsrv\)
Get-ChildItem Path (join-path path $inetsrvDir childPath Microsoft*.dll) | ForEachObject {[System.Reflection.Assembly]::LoadFrom( (join-path path $inetsrvDir childPath
$_.Name)) }
echo Assemblies loaded.
f Task 2: Set execution policy to unrestricted
View execution policy with get-executionpolicy cmdlet.
Set execution policy with set-executionpolicy cmdlet.
f Task 3: Add a global variable to profile script
Add this line to the profile script:

new-variable iismgr value (New-Object Microsoft.Web.Administration.ServerManager)
scope global
f Task 4: List sites using global variable

f Task 5: Use PowerShell script to find sites
1.
Save the script located in E:\Mod07\Labfiles\scripts\iis.type.ps1.xml to

c:\windows\System32\WindowsPowerShell\v1.0.
2.
Type the following at the end of the profile script:

new-variable iissites value (New-Object
Microsoft.Web.Administration.ServerManager).Sites scope global
new-variable iisapppools value (New-Object
Microsoft.Web.Administration.ServerManager).ApplicationPools scope global
update-typedata append (join-path path $PSHome childPath iis.types.ps1xml)
3.
At the PowerShell Command Prompt run $iissites.Find(^Default*).
f Task 6: Review and run a script to create a Web site

1.
2.
The script is located in E:\Mod07\Labfiles\scripts\CreateWebsite

\CreateWebsite\CreateWebsite\Bin\Debug\CreateWebsite.exe.
Copy the script to the C:\drive and run it from PowerShell.
f Task 7: Use PowerShell script to verify site was created
Use $iissites.Find to locate NewSite.

Results: After this exercise, you should have successfully created a Microsoft.PowerShell profile script.
You should have also used a saved script to list Web site. Finally, you should have successfully created a
site named NewSite.
Exercise 4: Navigating IIS tasks using WMI and AppCmd

Scenario
You need to verify which tasks are running on the server. Use WMI and AppCmd to display the list of
running tasks.
In this exercise, students will use WMI and AppCmd for IIS administration.
1.
2.
3.
4.
5.
6.
Use AppCmd to identify tasks running on the Web server.

Use AppCmd to identify all running application pools.
Use AppCmd to recycle all running application pools.
Move all applications in a site to NewAppPool apppool.
Store configuration information to file, and then restore the configuration information.
Use WMI to list the default Web site on the Web server.
f Task 1: Use AppCmd to identify tasks running on the Web server

1.
2.
Open a Command Prompt.

Navigate to c:\windows\system32\inetsrv to run AppCmd.
f Task 2: Use AppCmd to identify all running application pools

f Task 3: Use AppCmd to recycle all running application pools
Use this command: appcmd list apppool /xml | appcmd recyle apppool /in
f Task 4: Move all applications in a site to NewAppPool apppool
Use this command: appcmd list app /site.name:"NewSite" /xml | appcmd set app /in
/applicationPool:NewAppPool
f Task 5: Store configuration information to file, and then restore the configuration
information
To store configuration information: appcmd list config Default Web Site/ /section:caching /xml
/config > config.xml
To restore configuration information: appcmd set config Default Web site/ /in < config.xml
f Task 6: Use WMI to list the default Web site on the Web server
1.
Using Notepad create a file named GetSite.vbs with the following code:
Set oIIS = GetObject("winmgmts:root\WebAdministration")
Set oSite = oIIS.Get("Site.Name='Default Web Site'")
WScript.Echo "Retrieved an instance of Site "
WScript.Echo "
Name: " & oSite.Name
WScript.Echo "
ID:
" & oSite.ID
2.
3.
4.
Open a Command Prompt and navigate to folder where GetSite.vbs is located

Type cscript //h:cscript.
Run GetSite.vbs script.
Results: After this exercise, you should have successfully used AppCmd to recycle application pools,
move application and store configuration information to a file. You should have also successfully
identified the default Web site using WMI.
Lab Instructions: Tuning IIS 7.0 for Improved Performance
Module 8
Contents:
Exercise 1: Deploying Applications
Exercise 2: Configuring IIS Performance Options
Exercise 3: Managing Application Pools to Improve Performance
Lab: Tun
ning IIS 7.0 for Improv
ved Perrforman
nce
Exercise 1: Deploying
g Applications
Sccenario
Yo
ou receive a re
equest to deploy a second co
opy of an insta
alled applicatio
on, and then deploy
d
update
es to the
ne
ew installation
n so that the En
nterprise Desig
gn QA team ca
an test the pro
oposed update
es.
Ex
xercise Ove
erview
In
n this exercise, students will learn how to deploy an appllication, as welll as applicatio
on updates, witth
Xccopy.
Th
his exercises main
m
tasks are:
1..
2..
3..
4..
5..
6..
7..
Start the 64
hine.
Start the 64
427A-NYC-WE
EB-A virtual ma
achine and log
g on as Woodg
Add ASP.NET and Dynam
mic Content Co
ompression fea
atures to the IIIS Role.
Create the SalesSupport application
a
an
nd copy the ASSP.NET application files.
Deploy a se
econd copy of the SalesSupp
port applicatio
on named SalesSupport2 usin
ng Xcopy.
Deploy the application updates to Sale
esSupport2 using Xcopy.
Create and assign an app
plication pool for SalesSuppo
ort2 and test fu
unctionality.
f Task 1: Start the

t 6427A-D
DC1 virtual machine
Start 6427A
A-NYC-DC1.
f Task 2: Start the

t 6427A-N
NYC-WEB-A
A virtual macchine and lo
og on as
W
Woodgroveb
bank\Administrator
Start 6427A
A-NYC-WEB-A
A, and log on as LocalAdmiin with the password of Pa$
$$w0rd.
f Task 3: Add ASP.NET and Dynamic Content Compression features to the IIS Role
On NYC-WEB-A, use Server Manager to add the ASP.NET and Dynamic Content Compression role
services.
1.
2.
On NYC-WEB-A, use IIS Manager to add the SalesSupport application with a physical path of
Copy the application files from E:\Mod08\Labfiles\SalesSupport to
f Task 5: Deploy a second copy of the SalesSupport application named SalesSupport2

using Xcopy
1.
2.
3.
At the command prompt, change directories to c:\inetpub\wwwroot.

Create a new directory named SalesSupport2.
Use the xcopy command to copy all of the files and the directory structure from SalesSupport to
SalesSupport2.
f Task 6: Deploy the application updates to SalesSupport2 using Xcopy

1.
2.
At the command prompt, use Xcopy to copy the updated files from
E:\mod08\labfiles\salessupport2 to c:\inetpub\wwwroot\salessupport2.
In IIS Manager, add the application SalesSupport2 with the physical path
c:\inetpub\wwwroot\salesupport2.
f Task 7: Create and assign an application pool for SalesSupport2 and test functionality
1.
2.
In IIS Manager, add an application pool named SalesSupport2 and assign it to the SalesSupport2
application.
In Internet Explorer, browse to http://localhost/salesupport, and then browse to
http://localhost/salessupport2 and compare results.
installed, deployed that SalesSupport2 application, and verified functionality.

Scenario
Next you will configure performance options for the SalesSupport application. First, you will use
Performance Monitor to look at the current machine performance. Then you will configure and test
output caching, compression, and throttling.
Exercise Overview
In this exercise, students will learn how to configure IIS Performance Options.
1.
2.
3.
4.
Use Performance Monitor to measure performance.

Configure Output Caching.
Configure Compression.
Configure connection limit throttling.
f Task 1: Use Performance Monitor to measure performance

1.
2.
3.
4.
5.
On NYC-WEB-A, open Performance Monitor.

Remove all counters, and then add the Web Service counters Bytes Sent/sec for all instances.
With Performance Monitor running, in Internet Explorer, browse to
http://localhost/salessupport/test.aspx.
After the page loads, click refresh several times rapidly. Notice that the time is dynamically updated
with each refresh. Close Internet Explorer.
Examine the throughput in Performance Monitor.
f Task 2: Configure Output Caching

1.
2.
3.
4.
In IIS Manager, add a cache rule to the SalesSupport application for the extension .aspx.
Select Kernel-mode caching.
Click At time intervals, and then delete the existing text and type 00:00:10.
In Internet Explorer, browse to http://localhost/salessupport/test.aspx and click refresh several times

rapidly for at least 30 seconds. Notice how often the time is updated.
Browse to http://localhost/salessupport2/test.aspx, and then click refresh several times rapidly.
Notice that the time updates with each refresh.
In Reliability and Performance Monitor, compare the graphs for the two pages. You may need to
zoom in to see the difference.
f Task 3: Configure Compression

1.
2.
3.
4.
5.
6.
7.
8.
In Internet Explorer, browse to http://localhost. Click refresh several times rapidly.

In Reliability and Performance Monitor examine the throughput.
In IIS Manager, enable static content compression for the default web site.
In Internet Explorer, browse to http://localhost and click refresh several times rapidly.
In Internet Explorer, browse to http://localhost/salessupport/test.aspx and click refresh several
times rapidly.
In IIS Manager, enable dynamic content compression.
9.
In Internet Explorer, browse to http://localhost/salessupport/test.aspx and click refresh several

times rapidly.
10. In Reliability and Performance Monitor examine the throughput and compare results.
f Task 4: Configure connection limit throttling

1.
2.
3.
4.
Open Internet Explorer and browse to http://localhost. Open two more tabs and browse to
http://localhost so that you have three tabs open to http://localhost. Right-click a tab and choose
Refresh All. Notice that all of the tabs refresh successfully. Close Internet Explorer.
In IIS Manager, set a Web Site Limit for the default web site so that the number of connections is
limited to 1.
In Internet Explorer, open three tabs to http://localhost. Right-click a tab and choose Refresh All.
Notice that one of the tabs now reports an error.
Results: After this exercise, you should have configured performance options and verified functionality.

Scenario
You will now modify the application pools to improve resource usage.
Exercise Overview
In this exercise, students will learn how to manage application pools to improve performance.
1.
2.
3.
Use Reliability and Performance Monitor to measure resource usage.

Recycle an application pool.
Assign SalesSupport and SalesSupport2 to the same application pool.
f Task 1: Use Reliability and Performance Monitor to measure resource usage

1. On NYC-WEB-A, open Internet Explorer and browse to http://localhost/salessupport. Open a
second tab, and browse to http://localhost/salessupport2.
2. Open Reliability and Performance Monitor. Examine the memory usage of w3wp.exe and the
number of instances.
f Task 2: Recycle an application pool

1.
2.
3.
In IIS Manager, recycle the SalesSupport2 application pool.

In Reliability and Performance Monitor, examine the memory and number of instances of
w3wp.exe and compare results.
f Task 3: Assign SalesSupport and SalesSupport2 to the same application pool

1.
2.
3.
In IIS Manager, modify the SalesSupport2 application to use the default application pool, and then
remove the SalesSupport2 application pool.
Open Internet Explorer and browse to http://localhost/salessupport. Open a second tab and
browse to http://localhost/salessupport2.
In Reliability and Performance Monitor, examine the memory and number of instances of
w3wp.exe.
Results: After this exercise, you should have recycled and consolidated application pools, and verified
resource usage with Reliability and Performance Monitor.
4.
es?
Lab Instructions: Ensuring Web Site Availability with Web Farms
Module 9
Lab Instructions: Ensuring Web Site Availability with Web
Farms
Contents:
Exercise 1: Backing Up an IIS Web Site
Exercise 2: Restoring an IIS Web Site
Exercise 3: Enabling Shared Configurations
Exercise 4: Configuring Network Load Balancing
Lab Instructions: Ensurinng Web Site Availability with Web Farms
Lab: Enssuring Web Site

e Availa
ability with We
eb Farm
ms
Exercise 1: Backing Up
U an IIS Web
W Site
Sccenario
Th
he Enterprise Design
D
Team has
h asked you to explore options for increasing Web site
e availability. Before
B
yo
ou begin, you will back up an existing site and verify tha
at it can be resstored properlyy.
Th
ws:
1..
2..
3..
4..
Start the 64
hine.
Start the 64
427A-NYC-WE
EB-D virtual ma
achine and log
g on as Woodg
grovebank\Ad
dministrator.
Start the 64
427A-NYC-WE
EB2 virtual macchine and log on as Woodgrrovebank\Adm
ministrator.
Backup the
e Web site, We
eb application, and config files to the E: drive.
f Task 1: Start the

t 6427A-N
ne
f Task 2: Start the
t 6427A-N
NYC-WEB-D
D virtual macchine and lo
og on as
W
Woodgroveb
bank\Administrator
Log on to NYC-WEB-D.
N
User: Woodgroveba
W
ank\Administtrator
Passwo
ord: Pa$$w0rd
d
f Task 3: Start the

t 6427A-N
NYC-WEB2 virtual
v
mach
hine and log
g on as
W
Woodgroveb
bank\Administrator
Log on to NYC-WEB2.
N
User: Woodgroveba
W
ank\Administtrator
Passwo
ord: Pa$$w0rd
d
f Task 4: Backup the Web site, Web application, and config files to the E: drive
1.
Create a new folder:
2.
E:\Web Site Backup
Copy the files:
Source: C:\inetpub\wwwroot
Destination: \\NYC-WEB-D\E\Web Site Backup
Results: After this exercise, you should have successfully backed up a Web site. Provide the results of
the exercise so students will know when and if they have completed the lab exercise successfully.

Scenario
The Enterprise Design Team has asked you to verify that the backups can be restored properly. Do this by
restoring the Web files to a second server and confirm that the second server functions properly.
The main task for this exercise is:
1.
Restore the Web site, Web application, and config files from the shared drive.
f Task 1: Restore the Web site, Web application, and config files from the shared drive
1.
2.
3.
Open the default Web site in Internet Explorer on NYC-WEB2.

Copy the files:
Source: \\NYC-WEB-D\E\Web Site Backup
Destination C:\inetpub\wwwroot
Refresh the default Web site in Internet Explorer on NYC-WEB2.
Results: After this exercise, you should have successfully restored a Web site to a second server. Provide
the results of the exercise so students will know when and if they have completed the lab exercise
successfully.

Scenario
The next step is for increasing Web site availability. Now that you have two identically configured Web
servers, implement shared configurations for them.
1.
2.
3.
Export and Enable Shared Configuration.

Add the second Web server to use the Shared Configuration.
Test the Shared Configuration.
f Task 1: Export and Enable Shared Configuration

1.
2.
3.
Export configuration using IIS Manager.
Server: NYC-WEB-D
Physical Path: \\NYC-WEB-D\E
Encryption keys password: Pa$$w0rd
Using IIS Manager, enable shared configuration.
User name: Woodgrovebank\Administrator
Password: Pa$$w0rd
Encryption key password: Pa$$w0rd
Using IIS Manager, start Management Service.
f Task 2: Add the second Web server to use the Shared Configuration.
1.
2.
Using IIS Manager, enable shared configuration.
Server: NYC-WEB2
User name: Woodgrovebank\Administrator
Password: Pa$$w0rd
Encryption key password: Pa$$w0rd
Using IIS Manager, start Management Service.
f Task 3: Test the Shared Configuration.

1.
2.
Using IIS Manager, add the default document for NYC-WEB-D.
Server: NYC-WEB-D
Name: test.html
Using IIS Manager, check the default document for NYC-WEB2.
Results: After this exercise, you should have successfully configured a two-server network with an
underlying foundation of shared configurations.

Scenario
With the two Web servers set up with Shared Configurations, configure Network Load Balancing to
increase Web site availability.
1.
2.
3.
4.
Create a new Network Load Balancing cluster.

Add the second host to the Network Load Balancing cluster.
Add the second server to the Network Load Balancing cluster.
Verify Network Load Balancing using NLB commands.
f Task 1: Create a new Network Load Balancing cluster
Using Network Load Balancing Manager, add a new cluster.
Server: NYC-WEB-D
Host: NYC-WEB-D
Interface IP address: 10.10.0.21
Cluster IP Addresses, IPv4 address: 10.10.0.27
Cluster IP Addresses, Subnet mask: 255.255.0.0
Full Internet name: cluster.woodgrovebank.com
f Task 2: Add the second host to the Network Load Balancing cluster
Using Network Load Balancing Manager, add the second host to the cluster.
Host: NYC-WEB2
Local Area Connection interface IP address: 10.10.0.26
Priority (unique host identifier): 2
f Task 3: Add the second server to the Network Load Balancing cluster
Using Network Load Balancing Manager, add the second server to the cluster.
Server: NYC-WEB2
f Task 4: Verify Network Load Balancing using NLB commands

1.
2.
3.
Using the Command Prompt, verify Network Load Balancing.
Server: NYC-WEB2
Command: NLB query 10.10.0.27
Server: NYC-WEB-D
Command: NLB query 10.10.0.27
Server: NYC-WEB-D
Command: NLB display
Results: After this exercise, you should have successfully restored a Web site to a second server. Provide
the results of the exercise so students will know when and if they have completed the lab exercise
successfully.
Lab Instructions: Troubleshooting IIS 7.0 Web Servers
Module 10
Contents:
Exercise 1: Troubleshooting Authentication
Exercise 2: Troubleshooting Authorization
Exercise 3: Troubleshooting Communication
Exercise 4: Troubleshooting Configuration
Lab Instructtions: Troubleshootinng IIS 7.0 Web Serverrs
Lab: Tro
oublesho
ooting IIS 7.0 Web
W Se
ervers
Exercise 1: Troublesh
hooting Au
uthenticatiion
Sccenario
Yo
ou receive a se
ervice request asking to reso
olve a user issu
ue. The passwo
ord-protected intranet site iss
acccessed by dom
main users witthin the compa
any, but is nott allowing acce
ess to anyone. Using logs and
de
etailed error messages,
m
you must resolve the
t problem.
Ex
xercise Ove
erview
In
n this exercise, you will troub
bleshoot an authentication isssue using IIS logs and detailed error messsages.
Th
his exercises main
m
tasks are:
1..
2..
3..
4..
5..
6..
7..
Start the 64
hine and log on as Woodgro
ovebank\Administrator.
Start the 64
427A-NYC-WE
EB-E virtual ma
achine and log
g on as Woodg
Browse to http://localhos
h
st/salessupportt.
Examine the log file.
Enable Deta
ailed Error Me
essages.
Reproduce the issue and examine the detailed
d
error.
Resolve the
e issue and test functionalityy.
f Task 1: Start the

t 6427A-N
ne and log on as
W
Woodgroveb
bank\Administrator
Start 6427A
A-NYC-DC1 and log on as Woodgroveba
W
ank\Administtrator, passwo
ord Pa$$w0rd
d.
f Task 2: Start the

t 6427A-N
NYC-WEB-E virtual macchine and log
g on as
W
Woodgroveb
bank\Administrator
Start 6427A
A-NYC-WEB-E
E and log on as
a Woodgrove
ebank\Admin
nistrator, passsword Pa$$w0
0rd.
f Task 3: Browse to http://localhost/salessupport
On NYC-WEB-E, test functionality by loading http://localhost/salessupport in the browser.
f Task 4: Examine the log file
In C:\inetpub\logs\LogFiles\W3SVC1, open the most recent log file and look for the error. Note the
substatus.
f Task 5: Enable Detailed Error Messages
In IIS Manager, enable Detailed errors for local requests and custom error pages for remote
requests.
f Task 6: Reproduce the issue and examine the detailed error
In Internet Explorer, browse to http://localhost/salessupport.
Examine the detailed error information.
f Task 7: Resolve the issue and test functionality

1.
2.
Based on the detailed error, modify the configuration in IIS Manager to correct the issue.
In Internet Explorer, browse to http://localhost/salessupport to verify that the issue has been
corrected.
Results: After this exercise, you should have successfully examined the IIS log files, enabled detailed
error messages, and resolved the authentication issue.

Scenario
You receive another service request to secure another Web site where all users are able to view the
content. You must reproduce the issue, determine the cause, and resolve the issue.
Exercise Overview
In this exercise, you will troubleshoot authorization using Failed Request Tracing.
1.
2.
3.
4.
Browse to http://localhost/salessupport2.
Enable Failed Request Tracing and add a rule to trace successful requests.
Reproduce the issue and examine the Failed Request Tracing log.
Resolve the issue and verify functionality.
f Task 1: Browse to http://localhost /salessupport2
On NYC-WEB-E, in Internet Explorer, browse to http://localhost/salessupport2.
f Task 2: Enable Failed Request Tracing and add a rule to trace successful requests
In IIS Manager, add a Failed Request Tracing rule to trace successful requests.
f Task 3: Reproduce the issue and examine the Failed Request Tracing log
1. In Internet Explorer, browse to http://localhost/salessupport2.
2. Examine the latest failed request tracing log in c:\inetpub\logs
\FailedReqLogFiles\W3SVC1. Examine the authorization information in the log.
f Task 4: Resolve the issue and verify functionality
Based on the log, modify the configuration in IIS Manager to correct the issue.
In Internet Explorer, browse to http://localhost/salessupport2 to verify that the issue has

been corrected
Results: After this exercise, you should have successfully enabled failed request tracing, and resolved
the authorization issue.

Scenario
Users are reporting that a Web application is returning an error when they try to browse to it. You must
troubleshoot why the Web application cannot open the content.
Exercise Overview
In this exercise, you will troubleshoot communication using tools.
1.
2.
3.
4.
Reproduce the issue.

Use Ping to verify communication with the Web server.
Enable detailed errors and examine the detailed error.
Correct the problem and verify functionality.
f Task 1: Reproduce the issue
On NYC-DC1, in Internet Explorer, browse to http://nyc-web-e/netapp/content.
f Task 2: Use Ping to verify communication with the Web server
At the command prompt, type ping NYC-WEB-E, and then press ENTER.
f Task 3: Enable detailed errors and examine the detailed error

1.
2.
On NYC-WEB-E, in IIS Manager, enable detailed errors.

In Internet Explorer, browse to http://localhost/netapp/content.
f Task 4: Correct the problem and verify functionality

1.
2.
On NYC-WEB-E, in IIS Manager, correct the configuration based on the information from the
detailed error.
In Internet Explorer, browse to http://localhost/netapp/content to verify that the error has been
corrected.
Results: After this exercise, you should used ping to verify communication, enabled detailed error
messages, and resolved the error.

Scenario
Users are reporting they receive multiple errors when trying to view JPG files that previously worked. You
know that multiple people have the ability to modify this site including Web.config and related files.
Exercise Overview
In this exercise, you will troubleshoot configuration using detailed error messages.
1.
2.
3.
Reproduce the issue and examine the detailed error message.

Examine and correct the web.config file.
Verify functionality.
f Task 1: Reproduce the issue and examine the detailed error message
1.
2.
On NYC-WEB-E, in Internet Explorer, browse to http://localhost/pics/logo.jpg

f Task 2: Examine and correct the web.config file
Open the web.config file located in c:\Pics.
Correct the error and save the file based on the information from the detailed error.
f Task 3: Verify functionality
In Internet Explorer, browse to http://localhost/pics/logo.jpg.

Results: After this exercise, you should have reproduced the problem, examined the detailed error
message, and resolved the error.
Lab Answer Key: Configuring an Internet Information Services 7.0 Web Server
Module 1
Lab Answer Key: Configuring an Internet Information
Services 7.0 Web Server
Contents:
Exercise 1: Installing IIS Using Role Manager
Lab: Configuring an IIS 7.0 Web Server

Logon Information:
Virtual Machine: NYC-SVR1, NYC-SVR2, NYC-SVR3
User Name: LocalAdmin or Administrator
Password: Pa$$w0rd
Estimated time: 60 minutes
Exercise 1: Installing IIS using Role Manager

Scenario
You receive a service request from the Enterprise Design Team to prepare three Web servers to host Web sites and
Web applications. One of the companies acquired by Woodgrove Bank has a classic ASP application that needs to
be hosted in IIS7.
Exercise Overview
In this exercise, you will learn how to install IIS 7.0 using Role Manager.
1.
2.
3.

Install the Web server role.
Note: If you have already logged on to a virtual machine, skip the logon task for that particular
virtual machine.

1.
On the Lab Launcher, next to 6427A-NYC-SVR1, click Launch.
2.
Log on to NYC-SVR1 as LocalAdmin with the password of Pa$$w0rd.

1.
2.
3.
4.
5.
On NYC-SVR1, click Start | Network.

Click the information bar with the text Network discovery and file sharing are turned off.
Network computers and devices are not visible. Click to change....
Click Turn on network discovery and file sharing.
Click Yes, turn on network discovery and file sharing for all public networks.
Close Network.
f Task 3: Install the Web server role

1.
2.
3.
4.
5.
6.
7.
8.
On NYC-SVR1, click Start and click Server Manager.

In the details pane, in the Roles Summary section, click Add roles.
The Add Roles Wizard dialog box appears. Click Next.
In the Roles box, select Web Server (IIS).
The Add Roles Wizard dialog box appears. Click Add Required Features.
Click Next twice.
In the Roles services box, select ASP.
The Add Roles Wizard dialog box appears. Click Add Required Role Services.
9.
10.
11.
12.
13.
14.
15.
Click Next and then click Install.

When the installation is complete, click Close.
In the console pane, expand Roles.
Notice that the Web Server (IIS) role is installed.
Click Start | All Programs | Internet Explorer.
The Microsoft Windows Internet Explorer window opens. Browse to http://localhost.
Notice that the IIS7 Welcome page loads, indicating that IIS is successfully installed and running.
Results: After this exercise you should have successfully verified that the Web Server (IIS) role is
installed and loaded the IIS Welcome page in Internet Explorer.

Scenario
Now you will set up the second IIS Web server to host the new ASP.NET application. You will install IIS by creating
an Unattend.XML file based on the example given on the student CD by modifying it to only install the features
needed. This will be an ASP.NET application server and will need to have all security, compression and caching
features installed so that development can experiment with configuration.
Exercise Overview
In this exercise, you will learn how to install IIS using unattended setup.
1.
2.
3.
4.

Create the Unattend.XML file by copying the default XML file provided and removing unnecessary features.
Install IIS using Pkgmgr with the Unattend.XML file and verify once completed.

1.
2.
Log on to NYC-SVR3 as LocalAdmin with the password of Pa$$w0rd.

1.
2.
3.
4.
5.
On NYC-SVR3, click Start | Network.

Click the information bar with the text Network discovery and file sharing are turned off.
Network computers and devices are not visible. Click to change....
Click Turn on network discovery and file sharing.
Click Yes, turn on network discovery and file sharing for all public networks.
Close Network.
f Task 3: Create the Unattend.XML file by copying the default XML file provided and
removing unnecessary features
1.
2.
3.
4.
5.
6.
Click Start, type Notepad, and then press Enter.

The Notepad window opens. On the File menu, click Open.
The Open dialog box appears. In the Text Documents list, click All Files.
Browse E:\Mod01\Labfiles.
Click unattend_all.xml and then click Open.
Delete the following lines:
<selection
<selection
<selection
<selection
<selection
<selection
<selection
<selection
7.
name="IIS-HttpRedirect" state="true"/>
name="IIS-ASP" state="true"/>
name="IIS-CGI" state="true"/>
name="IIS-IIS6ManagementCompatibility" state="true"/>
name="IIS-Metabase" state="true"/>
name="IIS-WMICompatibility" state="true"/>
name="IIS-LegacyScripts" state="true"/>
name="IIS-LegacySnapIn" state="true"/>
The Unattend.Xml file needs to be modified with the correct

version number. It should read
Version="6.0.6001.18000" (this will match the HAL major and minor version numbers).
To do this,
Edit Version=6.0.6001.16659 to Version="6.0.6001.18000"
8. On the File menu, click Save As.
9. The Save As dialog box appears. Type c:\unattend.xml, and then click Save.
10. Close Notepad.
f Task 4: Install IIS using Pkgmgr with the Unattend.XML file and verify once completed
1.
2.
3.
4.
Click Start, and then click Command Prompt.

Type cd \ and then press Enter.
Type start /w pkgmgr /n:unattend.xml and then press Enter.
When the process completes, type echo %errorlevel% and then press Enter. Note that it may take
up to four minutes to complete.
5. Notice that the return code is 0 indicating a successful installation.
6. Type exit, and then press Enter.
7. In Server Manager, in the console pane, expand Roles. Note that you may need to refresh the
console.
8. Notice that Web Server (IIS) is installed.
9. Click Start | All Programs | Internet Explorer.
10. The Windows Internet Explorer window opens. Browse to http://localhost.
11. Notice that the IIS Welcome page appears.
Results: After this exercise you should have successfully installed IIS using an unattend file and verified
the IIS Welcome page.

Scenario
The final server you will install is a Server Core Web server that will act primarily as a redirection server to the ASP
server.
Exercise Overview
In this exercise, you will learn how to install IIS via the command line in a Server Core environment.
1.
2.
3.
Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator.

Disable the firewall.
Install IIS from the command line.
f Task 1: Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator

Log on to NYC-SVR2 as Administrator with the password of Pa$$w0rd.
f Task 2: Disable the firewall
On NYC-SVR2, in the command prompt window, type netsh firewall set opmode disable and press
Enter.
Note: Disabling the firewall should not be done in a real-world environment as it is bad security practice.
f Task 3: Install IIS from the command line

1.
2.
3.
4.
5.
Type the following and then press Enter. Note that the feature names are case-sensitive:
Start /w pkgmgr /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IISStaticContent;IIS-DefaultDocument;IIS-HttpErrors;IIS-HttpRedirect;WASWindowsActivationService;WAS-ProcessModel
When the process completes, type echo %errorlevel%, and then press Enter. Note that it may take
up to two minutes to complete.
Notice that the return code is 0 indicating a successful installation.
On NYC-SVR1, in Internet Explorer, browse to http://nyc-svr2.
Notice that the IIS Welcome page loads, indicating that the Web server role on NYC-SVR2 is installed
and functioning.
Results: After this exercise you should have successfully installed IIS on Microsoft Server 2008 Server
Core from the command line and verified by loading the IIS Welcome page from another machine
running Internet Explorer.

Scenario
With the three Web servers installed, configure each as necessary to perform its function.
Exercise Overview
In this exercise, you will configure common IIS features and validate functionality.
1.
2.
3.
Configure NYC-SVR1 for ASP debugging, detailed error messages, HTTP compression and SMTP Service.
Configure NYC-SVR3 to trace server errors, enable directory browsing, enable windows authentication and
impersonation, configure UDDI, and enable dynamic output compression.
Configure NYC-SVR2 to have no default documents, and redirect requests to NYC-SVR1.
f Task 1: Configure NYC-SVR1 for ASP debugging, detailed error messages, and HTTP
compression
1.
On NYC-SVR1, click Start | Administrative Tools | Internet Information Services (IIS) Manager.
2.
In the Connections pane, expand NYC-SVR1 | Sites, and then click Default Web Site.
3.
In the details pane, double-click ASP.
4.
In the Compilation section, expand Debugging Properties.
5.
In the Enable Client-side Debugging list, click True.
6.
In the Enable Server-side Debugging list, click True.
7.
In the Send Errors to Browser list, click True.
8.
In the Actions pane, click Apply.
9.
In the Connections pane, click Default Web Site.
10. In the details pane, double-click HTTP Response Headers.

11. In the Actions pane, click Set Common Headers.
12. The Set Common HTTP Response Headers dialog box appears. Select Expire Web content, and
then click OK.
13. In the Connections pane, click Default Web Site.
14. In the details pane, double-click Compression.
15. Notice that Enable static content compression is checked.
17. In the details pane, double-click Error Pages.
18. In the Actions pane, click Edit Feature Settings
19. The Edit Error Pages Settings dialog box appears. Click Detailed errors, and then click OK.
20. On NYC-SVR3, in the Internet Explorer, browse to http://nyc-svr1/default.asp.
21. Notice that you get a detailed HTTP Error 404 page, indicating that the NYC-SVR1 web server has
been configured properly.
Question: How does the Detailed Error page differ from the default Custom error page?
Answer: The Detailed Error Page lists trace events and steps for troubleshooting.
f Task 2: Configure NYC-SVR3 to trace server errors, enable directory browsing, enable
windows authentication and impersonation, configure UDDI, and enable dynamic
output compression and SMTP
1.
On NYC-SVR3, click Start | Administrative Tools | Internet Information Services (IIS) Manager.
2.
In the Connections pane, expand NYC-SVR3 | Sites, and then click Default Web Site.
3.
In the Actions pane, click Failed Request Tracing.
4.
The Edit Web Site Failed Request Tracing Settings dialog box appears. Select Enable, and then
click OK.
5.
In the details pane, in the IIS section, double-click Failed Request Tracing Rules.
6.
In the Actions pane, click Add.
7.
The Add Failed Request Tracing Rule dialog box appears. Click Next.
8.
In the Status code(s) field, type 500.
9.
Select Event severity, and then in the Event severity list, click Critical Error.
10. Click Next and then click Finish.

12. In the details pane, in the IIS section, double-click Directory Browsing.
13. In the Actions pane, click Enable.
15. In the details pane, in the IIS section, double-click Authentication.
16. In the details pane, click Windows Authentication.
18. In the details pane, click ASP.NET Impersonation.
20. In Server Manager, in the console pane, right-click Roles and then click Add Roles.
21. The Add Roles Wizard dialog box appears. Click Next.
22. Select UDDI Services, and then click Next twice.
23. Select UDDI Services Database and UDDI Services Web Application.
24. The Add Roles Wizard dialog box appears. Click Add Required Role Services, and then click Next.
25. Click Do not require SSL, and then click Next seven times. Click Install.
26. When installation completes, click Close. Note that it may take up to eight minutes to complete.
27. In Internet Information Services (IIS) Manager, in the Connections pane, click Default Web Site.
28. In the details pane, in the IIS section, double-click Output Caching.
29. In the Actions pane, click Add.
30. The Add Cache Rule dialog box appears. In the File name extension field, type .aspx.
31. Select User-mode caching and then click OK.
33. In the details pane, in the ASP.NET section, double-click SMTP E-mail.
34. In the E-mail address field, type NYC-SVR3@WoodgroveBank.com.

35. In SMTP Server field, type SMTP.WoodgroveBank.com.
36. In the Actions pane, click Apply.
37. In Internet Explorer, browse to http://localhost/uddi.
38. Notice the UDDI Services page loads.
39. Browse to http://localhost/aspnet_client.
40. Notice that there is a detailed HTTP Error 500.24.
41. Under Detailed Error Information, right-click C:\inetpub\logs\FailedReqLogFiles, and then click
Copy Shortcut.
42. Click Start | Run. Right-click the Open field and then click Paste.
43. Click OK.
44. Double-click W3SVC1.
45. Notice that there is a failed request log for the server error: fr00001.xml.
f Task 3: Configure NYC-SVR2 to have no default documents, and redirect requests to

NYC-SVR1
1.
2.
3.
4.
5.
6.
7.
8.
On NYC-SVR2, in the command prompt window, type cd \windows\system32\inetsrv\config and

then press Enter.
Type edit applicationHost.config and then press Enter.
Scroll down to <defaultDocument enabled="true"> (approximately line 169), and change "true"
to "false".
Scroll down to <httpRedirect enabled="false" /> (approximately line 246), and modify this line to
read:
<httpRedirect enabled="true" exactDestination="false" childOnly="false"
destination="http://10.10.0.24/" />
On the File menu, click Save.
On the File menu, click Exit.
On NYC-SVR3, in Internet Explorer, browse to http://nyc-svr2.
Notice that the IIS 7 Welcome page loads and the address field has changed to http://10.10.0.24.
Question: What would be displayed if redirection was not enabled?
Answer: Since there is no default document, an error message would be displayed and the address
bar would still display http://nyc-svr2.
9.
Close each of the running virtual machines. Do not save changes so they are reset to default for the
next lab.
Results: After this exercise you should have successfully configured and verified the configuration of
the three web servers.
Note: After you have completed the lab exercises closing the VMs and selecting undo disk is not required
for hosted labs. Click the Quit button to exit.
Lab Answer Key: Configuring IIS 7.0 Web Sites and Application Pools
Module 2
Lab Answer Key: Configuring IIS 7.0 Web Sites and
Application Pools
Contents:
Lab: Configuring IIS 7.0 Web Sites and

Application Pools
Logon Information:
Virtual Machine: NYC-DC1, NYC-WEB-A, NYC-SVR1
User Name: Administrator
Password: Pa$$w0rd

Scenario
You receive a service request from the Enterprise Design Team to organize the existing NYC-WEB-A server into
virtual directories by access level. There will be two access levels: public and restricted. Anyone on the network
should be able to access the public content. Only authenticated users should be able to access restricted.
Exercise Overview
In this exercise, you will learn how to create virtual directories and configure anonymous authentication.
Start the 6427A-NYC-DC1 virtual machine.
1.
Start the 6427A-NYC-WEB-A virtual machine and log on as Woodgrovebank\Administrator.
2.
Start the 6427A-NYC-WEB-A virtual machine and log on as

Woodgrovebank\Administrator.
3.
Add Basic, Windows Integrated and Digest Security features to the IIS Role.
4.
Create a virtual directory named Public.
5.
Configure the public virtual directory for anonymous authentication.
Note: If you have already logged on to a virtual machine, skip the logon task for that particular virtual machine.
f Task 1: Start the 6427A-NYC-DC1 virtual machine

On the Lab Launcher, next to 6427A-NYC-DC1 click Launch.

1.
2.
On the Lab Launcher, next to 6427A-NYC-WEB-A click Launch.

Log on to NYC-WEB-A as Woodgrovebank\Administrator with the password of Pa$$w0rd.
f Task 3: Add Basic, Windows Integrated and Digest Security features to the IIS Role
1.
2.
3.
4.
On NYC-WEB-A, in Server Manager, in the console pane, expand Roles and then click Web Server
(IIS).
Right-click Web Server (IIS) and then click Add Role Services.
The Add Role Services dialog box appears. In the Role services box, under Security, select Basic
Authentication, Windows Authentication, and Digest Authentication.
5.
6.
In the details pane, in the Role Services section, notice that Basic Authentication, Windows
Authentication, and Digest Authentication are listed as Installed.
f Task 4: Create a virtual directory named public

1.
Click Start | Administrative Tools | Internet Information Services (IIS) Manager.
2.
In the Connections pane, expand NYC-WEB-A | Sites and then click Default Web Site.
3.
In the Actions pane, click View Virtual Directories.
4.
Click Add Virtual Directory.
5.
The Add Virtual Directory dialog box appears. In the Alias field, type Public.
6.
Next to the Physical path field, click the Browse (...) button.
7.
The Browse For Folder dialog box appears. Browse to C:\inetpub, and then click Make New Folder.
8.
Type Public, and then click OK.
9.
Click OK.
10. Click Start | Computer and then browse to C:\inetpub\wwwroot.

11. Select all, then right-click and then click Copy.
12. Browse to C:\inetpub\public, right-click, and then click Paste.
f Task 5: Configure the public virtual directory for anonymous authentication

1.
In Internet Information Services (IIS) Manager, in the Connections pane, expand Default Web
Site and then click Public.
2.
In the details pane, double-click Authentication.
3.
Click Anonymous Authentication. Notice that it is enabled.
4.
In the Actions pane, click Edit.
5.
The Edit Anonymous Authentication Credentials dialog appears. Notice that Specific user is
selected and set to IUSR.
6.
Click Cancel.
7.
In Server Manager, in the console pane, expand Configuration | Local Users and Groups and then
click Users.
8.
In the details pane, right-click Guest, and then click Properties.
9.
The Guest Properties dialog box appears. Clear Account is disabled, and then click OK.
Note: It is a poor security practice and should not be done in a real-world scenario.
10. Click Start | Administrative Tools | Local Security Policy.
11. The Local Security Policy window opens. In the console pane, expand Local Policies and then click
User Rights Assignment.
12. In the details pane, right-click Allow log on locally, and then click Properties.
13. The Allow log on locally Properties dialog appears. Click Add User or Group.
14. The Select Users, Computers, or Groups dialog box appears. Click Locations.
15. The Locations dialog box appears. Click NYC-WEB-A, and then click OK.
16. In the Enter the object names to select field, type Guest, and then click OK twice.
17. Close Local Security Policy.
18. Click Start | Switch User.
19. Logon as NYC-WEB-A\Guest with no password.
21. The Windows Internet Explorer window opens. Browse to http://localhost. Note that weve set
the default site to the Public virtual directory so theres no need to use localhost/public.
Notice that the IIS7 Welcome page loads.
23. Log on as Woodgrovebank\Administrator with the password of Pa$$w0rd.
Results: After this exercise, you should have created virtual directories on the Web server and provided
both public and restricted access levels to those directories.

Scenario
Next you will create two web sites, and two web applications, in the employee and restricted virtual directories,
named Woodgrove and Exec respectively. Exec will be a .NET 3.0 application. You will also delegate administrative
access to ITAdmins_WoodgroveGG.
Exercise Overview
In this exercise, you will learn how to create web sites and applications.
1.
2.
3.
4.
Create a site named Woodgrove.

Copy the Woodgrove application to the appropriate directory.
Add the .NET 3.0 Feature to the server.
Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG.
f Task 1: Create a site named Woodgrove

1.
2.
3.
4.
5.
6.
7.
On NYC-WEB-A, in Internet Information Services (IIS) Manager, in the Connections pane, click
Sites.
In the Actions pane, click Add Web Site.
The Add Web Site dialog box appears. In the Site name field, type Woodgrove.
In Physical path, click the Browse (...) button.
The Browse For Folder dialog box appears. Browse to C:\inetpub, and then click Make New Folder.
Type woodgrove, and then click OK.
In the Port field, type 88, and then click OK.
f Task 2: Copy the Woodgrove Application to the Appropriate Directory

1.
In Windows Explorer, browse to E:\Mod02\Labfiles\WoodGrove.
2.
Select all, then right-click, and then click Copy.
3.
Browse to C:\inetpub\woodgrove, right-click, and then click Paste.
f Task 3: Add the .NET 3.0 Feature and ASP.NET to the server
1.
2.
3.
4.
5.
6.
7.
8.
9.
In Server Manager, in the console pane, click Features.

In the details pane, click Add Features.
The Add Features Wizard dialog box appears. Select .NET Framework 3.0 Features.
The Add Features Wizard dialog box appears. Click Add Required Role Services.
Click Next twice.
On the Select Role Services page, select ASP.NET.
The Add Features Wizard dialog box appears. Click Add Required Role Services.
Click Next, and then click Install.
f Task 4: Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG

1.
Internet Information Services (IIS) Manager, in the Connections pane, expand Sites and then click
Woodgrove.
2.
In the Actions pane, click Edit Permissions.
3.
The woodgrove Properties dialog box appears. Click the Security tab.
4.
Click Edit.
5.
The Permissions for woodgrove dialog box appears. Click Add.
6.
The Select, Users, Computers, or Groups dialog box appears. In the Enter the object names to
select field, type ITAdmins_WoodgroveGG, and then click Check Names.
7.
Click OK.
8.
Next to Full control, select Allow and then click OK twice.
Results: After this exercise, you should have successfully installed .NET 3.0 Framework, ASP.NET, and
created the Woodgrove site and copied its content.

Scenario
You will now create a new application pool for temporary applications.
Exercise Overview
Create an application pool named TempPool.
f Task 1: Create an application pool named TempPool

1.
On NYC-WEB-A, in Internet Information Services (IIS) Manager, expand NYC-WEB-A and then
click Application Pools.
2.
In the Actions pane, click Add Application Pool.
3.
The Add Application Pool dialog box appears. In the Name field, type TempPool.
4.
Click OK.
5.
In the details pane, notice that TempPool appears in the list of application pools.
Results: After this exercise, you should have successfully added an application pool named TempPool.

Scenario
Next, you will configure the new application pools according to the needs for the new applications. You will also
practice starting, stopping, and recycling the application pools and configuring health settings. You will also
rename the Exec and Woodgrove pools to ExecPool and WoodgrovePool.
Exercise Overview
In this exercise, you will configure the application pools and validate functionality.
1.
2.
3.
4.
5.
6.
7.
Rename Woodgrove to WoodgrovePool.

Configure WoodgrovePool and the Woodgrove site for Windows Integrated authentication to allow all
authenticated users.
Configure TempPool to use LocalSystem as worker process identity.
Stop, start and recycle WoodgrovePool.
Configure TempPool for Classic Pipeline Mode.
Remove TempPool.
Configure Health and Recycling settings for WoodgrovePool.
f Task 1: Rename Woodgrove to WoodgrovePool

1.
On NYC-WEB-A, in Internet Information Services (IIS) Manager, expand Sites and then click
Woodgrove.
2.
In the Actions pane, click Basic Settings.
3.
The Edit Site dialog box appears. Click Select.
4.
The Select Application Pool dialog box appears. In the Application pool list, click TempPool, and
then click OK twice.
5.
In the Connections pane, click Application Pools.
6.
In the details pane, click Woodgrove.
7.
In the Actions pane, click Rename.
8.
Type WoodgrovePool, and then press Enter.
9.
In the Connections pane, click Woodgrove.
10. In the Actions pane, click Basic Settings.

11. The Edit Site dialog box appears. Click Select.
12. The Select Application Pool dialog box appears. In the Application pool list, click
WoodgrovePool, and then click OK twice.
f Task 2: Configure WoodgrovePool and the Woodgrove site for Windows Integrated
authentication to allow all authenticated users
1.
In the Connections pane, expand Sites and then click Woodgrove.
2.
3.
Click Windows Authentication.
4.
In the Actions pane, click Enable.
5.
In the details pane, click Anonymous Authentication.
6.
In the Actions pane, click Disable.
7.
On the Lab Launcher, next to 6427A-NYC-SVR1 click Launch.
8.
Log on to NYC-SVR1 as LocalAdmin with the password of Pa$$w0rd. Note that this machine is not
joined to the domain.
9.
10. The Windows Internet Explorer window opens. Browse to http://nyc-weba.woodgrovebank.com.

Notice that the IIS Welcome page appears indicating that the previous anonymous public site
configuration is correct.
11. Browse to http://nyc-web-a.woodgrovebank.com:88.
Notice that there is an error message and the page will not load. Windows authentication has failed
for this user/machine.
Question: Why does Windows authentication fail?
Answer: Because NYC-SVR1 is not joined to the Woodgrovebank domain, the user account cannot
be authenticated.
12. On NYC-WEB-A, click Start | All Programs | Internet Explorer.
13. The Windows Internet Explorer window opens. Browse to http://localhost:88.
Notice that the Woodgrove Bank page appears. Windows authentication is successful.
f Task 3: Configure TempPool to use LocalSystem as worker process identity

1.
In Internet Information Services (IIS) Manager, in the Connections pane, click Application Pools.
2.
In the details pane, click TempPool.
3.
In the Actions pane, click Advanced Settings.
4.
The Advanced Settings dialog box appears. Under the Process Model section, click Identity.
5.
Next to NetworkService, click the Browse (...) button.
6.
The Application Pool Identity dialog box appears. In the Built-in account list, click LocalSystem.
7.
Click OK twice.
f Task 4: Stop, start and recycle WoodgrovePool

1.
2.
In the details pane, click WoodgrovePool.
3.
In the Actions pane, click Stop.
4.
In the details pane, notice that the status of WoodgrovePool changes to Stopped.
5.
In the Actions pane, click Start.
6.
In the details pane, notice that the status of WoodgrovePool changes to Started.
7.
In the Actions pane, click Recycle.

WoodgrovePool recycles, however the results may not be visible.
10
f Task 5: Configure TempPool for Classic Pipeline Mode

1.
2.
3.
4.
5.

The Edit Application Pool dialog box appears. In the Managed pipeline mode list, click Classic.
Click OK.
f Task 6: Remove TempPool

1.
2.
3.
4.

In the Actions pane, click Remove.
The Confirm Remove dialog box appears. Click Yes.
f Task 7: Configure Health and Recycling settings for WoodgrovePool

1.
2.
3.
4.

In the details pane, click WoodgrovePool.
In the Actions pane, click Recycling.
The Edit Application Pool Recycling Settings dialog box appears. Select Fixed number of
requests.
5. In the Fixed Number of requests field, type 1000.
6. Click Next.
7. On the Recycling Events to Log page, select Number of requests.
8. Click Finish.
9. In the Actions pane, click Advanced Settings.
10. The Advanced Settings dialog box appears. In the Rapid-Fail Protection section, click Failure
Interval (minutes).
11. In the value column, type 10 and then click OK.
Close each of the running virtual machines. Do not save changes so they are reset to defaults for the
next lab.
Results: After this exercise, you should have successfully configured and verified the configuration of the
application pools.
Lab Answer Key: Configuring IIS 7.0 Application Settings
Module 3
Contents:

13
Lab: Configuring IIS 7.0 Application Settings

Logon Information:
Virtual Machine: NYC-DC1, NYC-WEB-A
User Name: Administrator
Password: Pa$$w0rd

Note: If you have already logged on to a virtual machine, skip the logon task for that particular virtual
machine.

Scenario
You receive a service request from the Enterprise Design Team to deploy an application server. You need to add
and configure the ASP.NET role service, and Application Server role, on the Web Server. The server will be available
from the Internet and Sales Associates will need to log in with the user name sales and password support from
their clients sites to get contact information for support (This is a very poor security practice and all authenticated
connections should use individual user names and you do not have appropriate permissions to set the username
and password). This requires a medium level of security. If there is an error, the error message returned to the
client browser should direct the user to contact their district sales manager for login information.
Exercise Overview
In this exercise, you will learn how to add the ASP.NET role service and configure ASP.NET. You will choose and
configure the appropriate authentication model, and set up custom error pages to handle HTTP errors.
1.
2.
3.
Add ASP.NET and Basic Security features to the IIS Role.
4.
Create the SalesSupport application and copy the ASP.NET application files.
5.
Configure Basic Security to allow access to authenticated Woodgrovebank domain users.
6.
Configure custom error pages for 401.aspx for 401 errors, and Other_Errors.aspx for all other errors.


1.
2.
f Task 3: Add ASP.NET and Basic Security features to the IIS Role
1.
On NYC-WEB-A, in Server Manager, in the console pane, expand Roles and then click Web Server
(IIS).
2.
Right-click Web Server (IIS), and then click Add Role Services.
3.
The Add Role Services dialog box appears. In the Role services box, under Application
Development, select ASP.NET.
4.
The Add Role Services box appears. Click Add Required Role Services.
5.
In the Role Services box, under Security, select Basic Authentication.
6.
7.
8.
In the details pane, in the Role Services section, notice that ASP.NET and Basic Authentication are
listed as Installed.
1.
2.
3.
In the Actions pane, click View Applications.
4.
Click Add Application.
5.
The Add Application dialog box appears. In the Alias field, type SalesSupport.
6.
7.
The Browse For Folder dialog box appears. Browse to C:\inetpub\wwwroot, and then click Make
New Folder.
8.
Type SalesSupport and then click OK.
9.
Click OK.
10. Click Start | Computer and then browse to E:\Mod03\Labfiles\SalesSupport.

11. Select all, then right-click and then click Copy.
12. Browse to C:\inetpub\wwwroot\SalesSupport, right-click, and then click Paste.
f Task 5: Configure Basic Security to allow access to authenticated Woodgrovebank

domain users
1.
In Internet Information Services (IIS) Manager, in the Connections pane, expand Default Web
Site and then click SalesSupport.
2.
3.
Click Anonymous Authentication.
4.
In the Actions pane, click Disable.
5.
In the details pane, click Basic Authentication.
6.
7.
Click Edit.
8.
The Edit Basic Authentication Settings dialog appears. In the Default domain and Realm fields,
type woodgrovebank.
9.
Click OK.

11. The Windows Internet Explorer window opens. Browse to http://localhost/salessupport.
12. The Connect to localhost dialog box appears. Notice that there is a warning about basic
authentication and insecure credentials.
13. In the User name field, type yvonne. Note that Yvonne is a marketing account manager with a
domain account in the Woodgrovebank domain.
14. In the Password field, type Pa$$w0rd and then click OK.
Notice that the Sales Support Resources page loads successfully.
15. Close Internet Explorer. Note that you must close the browser to reset the session so you can try
logging in as a different user.
18. The Connect to localhost dialog box appears. In the User name field, type bob. Note that Bob does
not have a domain account in the Woodgrovebank domain.
19. Leave the Password field blank and then click OK.
20. Click OK two more times.
Notice that you get an HTTP 401.1 Unauthorized error. Note that detailed error messages show up
locally by default.
21. Close Internet Explorer.
f Task 6: Configure custom error pages for 401.aspx for 401 errors, and Other_Errors.aspx
for all other errors
1.
In Windows Explorer, browse to E:\Mod03\Labfiles\WBErrors.
2.
Select all, right-click and then click Copy.
3.
Browse to C:\inetpub\custerr\en-US, right-click, and then click Paste.
4.
In Internet Information Services (IIS) Manager, in the Connections pane, click SalesSupport.
5.
In the details pane, double-click Error Pages.
6.
In the Actions pane, click Edit Feature Settings.
7.
The Edit Error Pages Settings box appears. Click Custom error pages.
8.
Click OK.
9.
In the details pane, under the Status Code column, click 401.
10. In the Actions pane, click Edit.

11. The Edit Custom Error Page dialog box appears. Click Set.
12. The Set Localized Custom Error Path dialog box appears. In the Relative file path field, delete the
existing text and then type 401.aspx.
13. Click OK twice.
14. In the details pane, under the Status Code column click 404.
15. In the Actions pane, click Edit.
16. The Edit Custom Error Page dialog box appears. Click Set.
17. The Set Localized Custom Error Path dialog box appears. In the Relative file path field, delete the
existing text and then type Other_Errors.aspx.
18. Click OK twice. Note that in a real world situation, you would repeat these steps for each error that
you wanted to assign to a custom error message.
21. The Connect to localhost dialog box appears. In the User name field, type bob.
22. Leave the Password field blank and then click OK three times.
Notice that there is now a custom error message directing you to contact your district sales manager.
25. The Windows Internet Explorer window opens. Browse to
http://localhost/salessupport/brokenlink.
26. The Connect to localhost dialog box appears. In the User name field, type yvonne.
If you are prompted, add the site to the allowed list.
Notice that you get a custom error that is slightly different. Since the path brokenlink doesnt exist,
this is a custom 404 error.

Tip: If you are having problems verifying your custom error settings, and changes dont seem to be
taking effect, be sure to clear the browser cache.
installed, configured Basic authentication, and verified custom error pages in Internet Explorer.

Scenario
Next you will configure some test settings for the SalesSupport application. The Enterprise Design team is planning
on implementing a database to store the support resource data. You will need to enter the provided connection
string. You will also rename the cookie that the page uses to SalesSupport. Next you will create a custom control
for testing the new configuration. Finally, you will set some application settings and then verify that the application
can read them by loading the custom test page.
Exercise Overview
In this exercise, you will learn how to configure ASP.NET application development settings.
1.
Configure ASP.NET Connection Strings to connect to Resources.MDF.
2.
Configure ASP.NET Session State settings to rename the cookie to SalesSupport.
3.
Add a custom control: Woodgrovebank.TestControls Version=1.0.0.0
4.
Add application settings at Site and Application levels.
f Task 1: Configure ASP.NET Connection Strings to connect to Resources.MDF

1.
On NYC-WEB-A, in Internet Information Services (IIS) Manager, in the Connections pane, expand
Sites | Default Web Site and then click SalesSupport.
2.
In the details pane, double-click Connection Strings.
3.
4.
The Add Connection String dialog box appears. In the Name field, type LocalResources.
5.
Click Custom.
6.
In the Custom field delete the existing text and then type data
source=.\SQLEXPRESS;AttachDbFileName=e:\mod03\labfiles\resources.mdf;IntegratedSecurit
y=True
7.
Click OK.
f Task 2: Configure ASP.NET Session State settings to rename the cookie to SalesSupport
1.
In the Connections pane, click SalesSupport.
2.
In the details pane, double-click Session State.
3.
In the Cookie Settings section, in the Name field, delete the existing text and then type
SalesSupport_SessionID.
4.
f Task 3: Add a custom control: Woodgrovebank.TestControls Version=1.0.0.0

1.
2.
In the details pane, double-click Pages and Controls.
3.
In the Action pane, click Register Controls.
4.
Click Add Custom Control.
5.
The Add Custom Control dialog box appears. In the Tag prefix field type Woodgrovebank.
6.
In the Namespace field, type TestControls.
7.
In the Assembly field, type Version=1.0.0.0.
8.
Click OK.
f Task 4: Add application settings at site and application levels

1.
2.
The Windows Internet Explorer window opens. Browse to

3.
The Connect to localhost dialog box appears. In the User name field, type yvonne.
4.
In the Password field, type Pa$$w0rd and then click OK.

Notice that the Woodgrove Bank Sales Application Settings Test Page opens. It should report No
Application Settings defined.
5.
In Internet Information Services (IIS) Manager, in the Connections pane, click Default Web Site.
6.
In the details pane, double-click Application Settings.
7.
8.
The Add Application Setting dialog box appears. In the Name field, type DefaultLocation.
9.
In the Value field, type New York.
10. Click OK.

11. In Internet Explorer, click the Refresh button.
Notice that it now reports DefaultLocation = New York.
12. In Internet Information Services (IIS) Manager, in the Connections pane, click SalesSupport.
13. In the details pane, double-click Application Settings.
14. Notice in the details pane that DefaultLocation is inherited.
16. The Add Application Setting dialog appears. In the Name field, type debug_mode.
17. In the Value field, type true.
18. Click OK.

Notice that it now reports DefaultLocation = New York and debug_mode = true.
Question: How might the application settings be used in real world Web applications?
Answer: The application can customize content or actions based on the settings. This gives flexibility
to the administrator to customize the application at deployment time.

Results: After this exercise, you should have configured ASP.NET development settings and verified test
page functionality.
Exercise 3: Configuring a Web Server to Host Multiple Applications with Separate

Application Pools
Scenario
You will now deploy the SalesSupport application to two new instances. Once instance will be a test deployment
with additional testing configuration. Another instance will be for the German division of Woodgrove and will
need to be set for German globalization settings. Additionally, you will disable the debug mode for the production
version of SalesSupport.
Exercise Overview
1.
Create three application pools named SalesSupport, SalesSupport_De, and SalesSupport_Test.
2.
Create the applications SalesSupport_De and SalesSupport_Test.
3.
Use XCopy to deploy the files from the SalesSupport directory to the SalesSupport_DE and SalesSupport_Test
directories.
4.
Assign the applications to the appropriate application pools.
5.
Configure application pool recycling for unlimited requests.
6.
Configure the SalesSupport_Test application pool to record recycled events.
7.
Configure the SalesSupport .NET compilation debug setting to False.
8.
Configure the SalesSupport_De application globalization settings for Germany.
f Task 1: Create three application pools named SalesSupport, SalesSupport_De, and

SalesSupport_Test
1.
Application Pools.
2.
3.
The Add Application Pool dialog box appears. In the Name field, type SalesSupport.
4.
Click OK.
5.
6.
The Add Application Pool dialog box appears. In the Name field, type SalesSupport_De.
7.
Click OK.
8.
9.
The Add Application Pool dialog box appears. In the Name field, type SalesSupport_Test.
10. Click OK.
11. In the details pane, notice that SalesSupport, SalesSupport_DE, and SalesSupport_Test appear in
the list of application pools.
f Task 2: Create the applications SalesSupport_De and SalesSupport_Test

1.
2.
3.
4.
The Add Application dialog box appears. In the Alias field, type SalesSupport_De.
5.
Next to the Physical path field, click the Browse () button.
6.
New Folder.
7.
Type SalesSupport_De and then click OK twice.
8.
9.
The Add Application dialog box appears. In the Alias field, type SalesSupport_Test.
10. Next to the Physical path field, click the Browse () button.
11. The Browse For Folder dialog box appears. Browse to C:\inetpub\wwwroot, and then click Make
New Folder.
12. Type SalesSupport_Test and then click OK twice.
13. In the details pane, notice that SalesSupport, SalesSupport_DE, and SalesSupport_Test appear in
the list of applications.
f Task 3: Use XCopy to deploy the files from the SalesSupport directory to the
SalesSupport_DE and SalesSupport_Test directories
1.
Click Start | Command Prompt.
2.
Type cd \inetpub\wwwroot and then press Enter.
3.
Type xcopy /e SalesSupport\*.* SalesSupport_De and then press Enter.
4.
Type dir SalesSupport_De and then press Enter to confirm that the files were copied.
5.
Type xcopy /e SalesSupport\*.* SalesSupport_Test and then press Enter.

Shortcut: Press Up Arrow twice, and then Backspace and change the last few characters of the
previous command line to _Test, and then press Enter.
6.
Type dir SalesSupport_Test and then press Enter to confirm that the files were copied.
f Task 4: Assign the applications to the appropriate application pools

1.
2.
3.
In the details pane, click /SalesSupport.
4.
5.
The Edit Application dialog box appears. Click Select.
6.
The Select Application Pool dialog box appears. In the Application pool list, click SalesSupport,
and then click OK twice.
7.
In the details pane, click /SalesSupport_De.
8.
9.
10
SalesSupport_De, and then click OK twice.
11. In the details pane, click /SalesSupport_Test.
12. In the Actions pane, click Basic Settings.
13. The Edit Application dialog box appears. Click Select.
SalesSupport_Test, and then click OK twice.
15. In the Connections pane, click SalesSupport_De.
16. In the details pane, double-click Authentication.
17. Click Anonymous Authentication.
18. In the Actions pane, click Disable.
19. In the details pane, click Basic Authentication.
21. Click Edit.
22. The Edit Basic Authentication Settings dialog appears. In the Default domain and Realm fields,
type woodgrovebank.
23. Click OK.
24. In the Connections pane, click SalesSupport_Test.
25. In the details pane, double-click Authentication.
28. In the details pane, click Basic Authentication.
30. Click Edit.
31. The Edit Basic Authentication Settings dialog appears. In the Default domain and Realm fields,
type woodgrovebank.
32. Click OK.
f Task 5: Configure production application pool recycling for unlimited requests

1.
2.
In the details pane, click SalesSupport.
3.
4.
The Edit Application Pool Recycling Settings dialog box appears. Clear the Regular time intervals
check box, and then click Next.
5.
Click Finish.
6.
In the details pane, click SalesSupport_De.
7.
8.
The Edit Application Pool Recycling Settings dialog box appears. Clear Regular time intervals
check box, and then click Next.
9.
11
Click Finish.
f Task 6: Configure the SalesSupport_Test application pool to record recycled events

1.
In the details pane, click SalesSupport_Test.
2.
3.
The Edit Application Pool Recycling Settings dialog box appears. Select Fixed number of
requests.
4.
In the Fixed number of requests field, type 1024 and then click Next.
5.
On the Recycling Events to Log page, select Number of requests, On-demand, and
Configuration changes.
6.
Click Finish.
f Task 7: Configure the SalesSupport .NET compilation debug setting to False

1.
2.
In the details pane, double-click .NET Compilation.
3.
Under Behavior, in the Debug list, click False.
4.

Question: What is the advantage of disabling the debug setting in .NET compilation?
Answer: The compiled code will be smaller and faster without debug code. It is a good idea to use
this setting when an application is fully tested and deployed to final production.
f Task 8: Configure the SalesSupport_De application globalization settings for Germany

1.
In the Connections pane, click SalesSupport_De.
2.
In the details pane, double-click .NET Globalization.
3.
In the Culture list, click German (Germany) (de-DE).
4.
In the UI Culture list, click German (Germany) (de-DE).
5.
6.
7.
The Windows Internet Explorer window opens. Browse to http://localhost/salessupport.
8.
The Connect to localhost dialog box appears. In the User name field, type yvonne.
9.
In the Password field, type Pa$$w0rd and then click OK.
10. Open a second tab in Internet Explorer and then browse to http://localhost/salessupport_test.
11. Open a third tab and then browse to http://localhost/salessupport_de.
12. Right-click the notification area and then click Task Manager.
13. The Task Manager window opens. Click the Processes tab.
14. Under the Image Name column, notice that there are at least three instances of w3wp.exe running,
indicating at least three separate application pools.
15. Close Task Manager.
16. In Internet Explorer, browse to http://localhost/salessupport_de/test.aspx.
Notice that the date is now in dd.mm.yyyy format, the cultural default for Germany.
12
17. Close Internet Explorer. In the Internet Explorer dialog box, click Close Tabs.
Results: After this exercise, you should have successfully deployed multiple applications with separate
application pools, configured recycling and debug settings, and configured and verified .Net
globalization settings.
13

Scenario
Next, you will configure the machine key, .NET trust level, and File and Folder security.
Exercise Overview
In this exercise, you will configure ASP.NET security settings.
1.
Set the machine key of SalesSupport_de.
2.
Configure the SalesSupport_Test site for medium trust level.
3.
Configure File and Folder security so that only ITAdmins_WoodgroveGG can access the Test.aspx page on
SalesSupport.
4.
Enable Tracing and Logging for the SalesSupport_Test site.
5.
Configure Request Filtering so that only ASPX requests are processed.
f Task 1: Set the machine key of SalesSupport_de

1.
SalesSupport_De.
2.
In the details pane, double-click Machine Key.
3.
In the Actions pane, click Generate Keys.
4.
Click Apply.
f Task 2: Configure the SalesSupport_Test site for medium trust level

1.
In the Connections pane, click SalesSupport_Test.
2.
In the details pane, double-click .NET Trust Levels.
3.
In the Trust level list, click Medium (web_mediumtrust.config).
4.
f Task 3: Configure File and Folder security so that only ITAdmins_WoodgroveGG can
access the Test.aspx page in SalesSupport
1.
2.
In the details pane, click the Content View tab at the bottom of the window.
3.
Click test.aspx.
4.
In the Actions pane, click Edit Permissions.
5.
The test.aspx Properties dialog box appears. Click the Security tab.
6.
Click Advanced.
7.
The Advanced Security Settings for test.aspx dialog box appears. Click Edit.
8.
Clear the Include inheritable permissions from this objects parent check box.
9.
The Windows Security dialog box appears asking if you want to copy the inherited permissions. Click
Copy.
10. Click Users (NYC-WEB-A\Users), and then click Remove.
14
11. Click Add.

12. The Select User, Computer, or Group dialog box appears. In the Enter the object name to select
field, type Network Service. Note that since we have removed Users, we need to specifically allow
the Network Service account. The SalesSupport application pool is running under the Network
Service account with pass-through authentication.
13. Click Check Names, and then click OK.
14. The Permission Entry for test.aspx dialog box appears. In the Permissions section, next to Full
control, select Allow.
15. Click OK.
16. Click Add.
17. The Select User, Computer, or Group dialog box appears. In the Enter the object name to select
field, type ITAdmins_WoodgroveGG.
18. Click Check Names, and then click OK.
19. The Permission Entry for test.aspx dialog box appears. In the Permissions section, next to Full
control, select Allow.
20. Click OK four times.
21. In Internet Explorer, browse to http://localhost/salessupport/test.aspx.
22. The Connect to localhost dialog box appears. In the User name field, type yvonne.
24. Click OK two more times. Notice that Yvonne no longer has access to test.aspx.
25. Click the Refresh button.
26. The Connect to localhost dialog box appears. In the User name field, type betsy. Note that Betsy is
a member of the ITAdmins_WoodgroveGG security group.
Notice that Betsy has access to the page.
f Task 4: Enable Tracing and Logging for the SalesSupport_Test site

1.
In Server Manager, in the console pane, expand Roles and then click Web Server (IIS).
2.
Right click Web Server (IIS), and then click Add Role Services.
3.
The Add Role Services dialog box appears. Select Health and Diagnostics to select all of the Health
and Diagnostics services.
4.
5.
When the installation completes, click Close.
6.
Click Start, type Notepad and then press Enter.
7.
8.
9.
Browse to C:\inetpub\wwwroot\SalesSupport_Test.
10. Click test.aspx, and then click Open.
15
11. In the first line of the file, modify the trace=false attribute to read trace=true so that the line
reads:
<@ Page Language=C# trace=true %>
12. On the fifth line of the file, type This message should appear between the double quotes, so that
the line reads:
Response.Write(This message should appear);
Question: How would an application use tracing?

Answer: A developer can add trace commands to the Web application code to record information
that can be used for debugging and monitoring. The administrator has the ability to enable or disable
tracing as needed.
13. On the File menu, click Save.
14. Close Notepad.
15. In Internet Explorer, browse to http://localhost/salessupport_test/test.aspx.
16. If the Connect to localhost dialog box appears, in the User name field, type betsy.
18. Notice that This message should appear appears at the top of the page.
Scroll down and notice that the trace information appears at the bottom of the page.
19. In the Trace Information section, the next to last lines contain the trace messages from the test.aspx
file. Notice that the warning message is red.
21. In Internet Information Services (IIS) Manager, in the Connections pane, click Default Web Site.
22. In the Actions pane, click Failed Request Tracing. If Failed Request Tracing does not appear, close
and reopen IIS Manager for the added Health and Diagnostics features to appear.
23. The Edit Web Site Failed Request Tracing Settings dialog box appears. Select Enable, and then
click OK.
24. In the details pane, double-click Failed Request Tracing Rules.
26. The Add Failed Request Tracing Rule wizard appears. On the Specify Content to Trace page, click
ASP.NET (*.aspx), and then click Next.
27. On the Define Trace Conditions page, in the Status code(s) field, type 200 and then click Next.
28. On the Select Trace Providers page, under Providers, clear all check boxes except ASPNET.
29. Click ASPNET.
30. Under Areas, clear all check boxes except Page.
31. Under Verbosity, notice that it is set to Verbose.
32. Click Finish.
33. In Internet Explorer, browse to http://localhost/salessupport_test/test.aspx.
34. If the Connect to localhost dialog box appears, in the User name field, type betsy.
16
36. Press CTRL + O.

37. The Open dialog box appears. Click Browse.
38. Browse to C:\inetpub\logs\FailedReqLogFiles\W3SVC1.
39. In the HTML Files list, click All Files.
40. If there is more than one, click the most recent fr######.xml file, and then click Open.
41. Click OK.
42. The failed request log opens. Notice in the Request Summary section the details of the request: App
Pool is SalesSupport_Test, Authentication is Basic, User from token is
WOODGROVEBANK\betsy.
43. In the Errors and Warnings section, click Expand All.
44. Notice that the warning This is a warning. appears.
f Task 5: Configure Request Filtering so that only ASPX requests are processed
1.
In Internet Explorer, browse to http://localhost/welcome.png.

Notice that the IIS7 graphic appears.
2.
Browse to http://localhost/iisstart.htm.
Notice that the IIS7 Welcome page appears.
3.
4.
5.
The Notepad window opens. On the File menu click Open.
6.
7.
Browse to C:\inetpub\wwwroot.
8.
Click web.config, and then click Open.
9.
After the sixth line, <system.webServer>, press Enter and then add the following security section:
<security>
<requestFiltering>
<fileExtensions allowUnlisted="false" >
<add fileExtension=".aspx" allowed="true"/>
</fileExtensions>
</requestFiltering>
</security>
Question: How could you disable only certain extensions, such as .MP3 and .WMA?
Answer: Set the allowUnlisted property to true. Add the unallowed file extensions and set their
allowed properties to false.
11. Close Notepad.
13. The Windows Internet Explorer window opens. Browse to http://localhost/welcome.png.
14. Notice that HTTP Error 404.7 appears. Detailed error messaging states that The request filtering
module is configured to deny the file extension.
17
15. Browse to http://localhost/iisstart.htm.

Notice the same error.
16. Click Start | Command Prompt.
17. Type cd \inetpub\wwwroot and then press Enter.
18. Type copy iisstart.htm *.aspx and then press Enter.
19. Type dir, and then press Enter and notice that the file was copied it iisstart.aspx.
20. In Internet Explorer, browse to http://localhost/iisstart.aspx.
Notice that the page with the aspx extension loads without error but the image still does not display.
21. Close each of the running virtual machines. Do not save changes so they are reset to default for the
next lab.
the advanced security settings for ASP.NET.
Lab Answer Key: Configuring IIS 7.0 Modules
Module 4
Contents:
Lab: Configuring and Editing Modules

Logon Information:
Virtual Machine: NYC-WEB-B
User Name: Woodgrovebank\Administrator
Password: Pa$$w0rd

Scenario
You received a service request from the application development team specifying the modules that are required to
install, test, and run an application on the specified web server. To reduce the server footprint and vulnerability,
you must remove the unnecessary modules.
Exercise Overview
In this exercise, you will learn how to remove native modules from a Web server to improve security and reduce
the server footprint.
1.
2.
3.
4.
5.
6.
7.
Start the 6427A-NYC-WEB-B virtual machine and log on as Woodgrovebank\Administrator.

Backup the current Web server configuration.
Examine the modules currently installed on the Web server.
Remove the Default Document Module and the Directory Listing Module.
Validate that the modules have been removed and test the new server configuration.
Restore the modules to the Web server configuration.
Validate that the modules have been restored and test the server configuration.
f Task 1: Start the 6427A-NYC-WEB-B virtual machine and log on as

1.
2.
On the Lab Launcher, next to 6427A-NYC-WEB-B, click Launch.

Log on to NYC-WEB-B as Woodgrovebank\Administrator with the password of Pa$$w0rd.
f Task 2: Backup the current Web server configuration.

1.
On NYC-WEB-B, if Server Manager opens, Close the Server Manager and click Start | Command
Prompt.
2.
3.
4.
Type cd \windows\system32\inetsrv\ and then press Enter.

Type appcmd add backup original and then press Enter.
Notice that the AppCmd completes the backup and reports BACKUP object "original" added.
5.
Question: When using the appcmd add backup command, where are the backup configuration file
placed?
Answer: In a new folder, in the C:\Windows\System32\inetserv\backup\ folder.
f Task 3: Examine the modules currently installed on the Web server

1.
2.
In the Connections pane, click NYC-WEB-B.
3.
In the details pane, in the Group by list, click Category.
4.
In the details pane, in the Server Components section, double-click Modules.
5.
In the Group by list, click Module Type.
6.
Notice that the DefaultDocumentModule and the DirectoryListingModule entries are listed in the
Native Modules section.
Question: What do the DefaultDocumentModule and DirectoryListingModules do?
Answer: The DefaultDocumentModule offers the functionality of offering the Web browser a default
file when a specified folder or directory is specified by the URL. The DirectoryListingModule will
supply the Web client with a list of the folder contents, when a folder or directory is specified by the
URL.
f Task 4: Remove the Default Document Module and the Directory Listing Module
1.
2.
3.
4.
5.
6.
7.
In the Connections pane, expand NYC-WEB-B | Sites, and then click Default Web Site.
In the Actions pane, click Browse *:80(http).
The Windows Internet Explorer window opens. Notice that the Woodgrove Bank page opens as
expected.
Click Start | Computer and then browse to C:\windows\system32\inetsrv\config\.
In the details pane, double-click applicationHost.config.
The Notepad window opens. Find the <globalModules> section.
<globalModules> tag by deleting these two lines:
<add name="DefaultDocumentModule" image=
"%windir%\System32\inetsrv\defdoc.dll" />
<add name="DirectoryListingModule" image=
"%windir%\System32\inetsrv\dirlist.dll" />
8.
9.
Scroll down to the bottom of the file and find the <system.webServer> section.
Delete the references to the DefaultDocumentModule and the DirectoryListingModule from within
the <handlers accessPolicy="Read, Script"> tag by replacing:
<add name="StaticFile" path="*" verb="*"
modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule"
resourceType="Either" requireAccess="Read" />
With the line:

<add name="StaticFile" path="*" verb="*" modules="StaticFileModule"
resourceType="Either" requireAccess="Read" />
10. Delete the DefaultDocumentModule and the DirectoryListingModule entries from within the
<modules> tag. Delete the two lines:
<add name="DefaultDocumentModule" lockItem="true" />
<add name="DirectoryListingModule" lockItem="true" />

12. Close Notepad.
f Task 5: Validate that the modules have been removed and test the new server
configuration
1.
In Internet Information Services (IIS) Manager, in the Connections pane, click NYC-WEB-B.
2.
3.
In the Native Modules section, notice that the DefaultDocumentModule and the
DirectoryListingModule entries are gone.
4.
In Internet Explorer, click the Refresh button.

Notice that the Web page is now blank, even though Internet Explorer indicates that it is done
loading.
5.
In Internet Explorer, browse to http://localhost/default.aspx.

Notice that the Web page loads after you specify the default document.
Question: Why did the Web page get restored after the file name, default.aspx was added to the
URL?
Answer: The Web server is still completely operational, but no longer offers default documents or
directory browsing. So if a full URL is specified, complete with a file name, then the Web server will
return that file to the Web client, if available.
f Task 6: Restore the modules to the Web server configuration
In the Command Prompt, type appcmd restore backup original and then press Enter.
Notice that the AppCmd completes the restore and reports that the original configuration has been
restored.
Question: After the AppCmd completes the restore, where does it restore the configure files to?
Answer: The files are restored to the C:\Windows\System32\inetsrv\config folder.
f Task 7: Validate that the modules have been restored and test the server configuration
1.
Use IE to browse to http://localhost/, and then click Refresh

Notice that the page once again loads properly from the default document.
2.
Results: After this exercise, you should have successfully removed native modules from a Web server,
and then confirmed that the server operates as expected.

Scenario
To increase throughput, it has been determined that output caching would be beneficial on some of the
applications on the web server. You need to make sure that the Output Cache module is installed and configured
as specified in the service request. The development team also requested the installation of a new Managed
Module that provides an additional level of logging for their application.
Exercise Overview
In this exercise, you will learn how to add new managed modules to a Web server.
1.
Install the logging managed module.
2.
Confirm the installation of the logging managed module.
3.
Test the Web site forms authentication functionality.
4.
Examine the modules currently running on the Web server.
5.
Remove the forms authentication managed module.
6.
Test the new configuration.
f Task 1: Install the logging managed module

1.
In Windows Explorer, browse to C:\inetpub\.
2.
Right-click inetpub, and then click New | Folder.
3.
Type logging_module and then press Enter.
4.
Browse to E:\Mod04\Labfiles\logging_module.
5.
Select all, then right-click and then click Copy.
6.
Browse to C:\inetpub\logging_module, right-click, and then click Paste.
7.
Browse to C:\inetpub\logging_module\logs\.
8.
Right-click logs, and then click Properties.
9.
The logs Properties dialog box appears. Click the Security tab.
10. Click Edit.

11. The Permissions for logs dialog box appears. In the Group or user names section, click Users
(NYC-WEB-B\Users).
12. In the Permissions for Users box, next to Modify, select Allow.
13. Click OK twice.
14. In Internet Information Services (IIS) Manager, in the Connections pane, click Sites.
15. In the Actions pane, click Add Web Site.
16. The Add Web Site dialog box appears. In the Site name field, type logging_module.
17. In the Physical path field, type C:\inetpub\logging_module.
18. In the Port field, type 8181.
19. Click OK.
f Task 2: Confirm the installation of the logging managed module

1.
In the Actions pane, click Browse *:8181 (http).
2.
The Windows Internet Explorer window opens. Click Go on to Second Page.
3.
Notice that the second page loads. Close Internet Explorer.
4.
In Internet Information Services (IIS) Manager, in the Connections pane, click logging_module.
5.
6.
In the Managed Modules section, click Logger.
7.
8.
The Edit Managed Module dialog box appears. Notice that the type is listed as HttpLogger.
9.
Click Cancel.
10. In Windows Explorer, browse to C:\inetpub\logging_module\logs.

11. Double-click [yyyymmdd].txt.
12. The Notepad window opens. Notice the log entries for http://localhost:8181/default.aspx and
http://localhost:8181/second_page.htm.
Question: Why does the log file entries have the numbers 8181 listed?
Answer: The logging module records the complete URL of the requested Web site files. The
logging_module web site was configured to use port number 8181, which is a secondary Web site
port.
13. Close Notepad.
f Task 3: Test the Web site forms authentication functionality

1.
2.
3.
The Windows Internet Explorer window opens. Click Shared Documents.
4.
In the Email field, type lmartin@woodgrovebank.com.
5.
In the Password field, type Pa$$w0rd.
6.
Click Login.
7.
If you get the AutoComplete Passwords dialog box, click No.
8.
Click Woodgrove Confidential Memo.

Notice that the image representing the Woodgrove Confidential Memo appears.
9.
Click the Back button.
10. Click Signout.

11. Click Home.
f Task 4: Examine the modules currently running on the Web server

1.
In the Internet Information Services (IIS) Manager window, in the Connections pane, click NYCWEB-B.
2.
3.
In the Managed Modules section, click OutputCache.
4.
5.
The Edit Managed Module dialog box appears. Notice that the module is configured properly and is
set to run normally.
6.
Click Cancel.
f Task 5: Remove the forms authentication managed module

1.
2.
3.
In the Managed Modules section, click FormsAuthentication.
4.
5.
f Task 6: Test the new configuration

1.
In the Internet Explorer window, click Shared Documents.

Notice that you now get Access is denied error message, indicating that the logon failed because the
forms authentication module has been removed.
Question: Why is the Access denied error message displayed at this point?
Answer: The Access is denied error message indicates that the logon failed because the forms
authentication module has been removed.
2.
next lab.
Results: After this exercise, you should have successfully added a managed module to the Web
server.
Lab Answer Key: Securing the IIS 7.0 Web Server and Web Sites
Module 5
Lab Answer Key: Securing the IIS 7.0 Web Server and Web
Sites
Contents:
Exercise 2: Configure Authorization, Authentication and Access
10
Lab: Securing the IIS 7.0 Web Server and Web

Sites
Logon Information:
Virtual Machine: NYC-DC1, NYC-WEB-B
Password: Pa$$w0rd

Scenario
Additional security measures need to be put in place to protect the Web server. These measures will protect the
web server against unauthorized access by specific IP addresses and domains.
Additional ISAPI and CGI restrictions need to be put into place. Then you are given a list of accounts authorized for
a specific site. You must give separate access to the IT Admin group and the developer, Herbert Dorner.
Exercise Overview
In this exercise, you will be supplied the service request document and the Active Directory account list. Start the
exercise by creating a self-signed server certificate. You will then need to set the IP restrictions as outlined in the
service request.
Then set ISAPI and CGI restrictions. You must run the .NET Framework 1.1 Aspnet_isapi.dll on your Web server. You
can follow these steps to set the ASP.NET ISAPI to Allowed in the ISAPI and CGI Restrictions list. Finally, you have to
create an application pool that uses .NET Framework 1.1 and that is configured to use ISAPI mode to process
requests made to applications in the application pool.
Finally, set the Active Directory permissions, as specified in the service request document.
1.
2.

3.
Create a self-signed server certificate for the Web server.
4.
Block IP addresses as specified in the service request.
5.
Examine the current ISAPI and CGI Restrictions.
6.
7.
Set ISAPI and CGI restrictions to use ASP.NET version 1.1.
8.
Set the rights and permissions for Active Directory users.
9.
Validate the new configuration.

On the Lab Launcher, next to 6427A-NYC-DC1, click Launch.

Woodgrovebank\Administrator.
1.
2.
Log on to NYC-WEB-B as Woodgrovebank\Administrator with the password of Pa$$word.
f Task 3: Create a self-signed server certificate for the Web server

1.
On NYC-WEB-B, click Start | Administrative Tools | Internet Information Services (IIS) Manager.
2.
3.
In the details pane, in the Group by list, click Category.
4.
In the details pane, in the Security section, double-click Server Certificates.
5.
In the Actions pane, click Create Self-Signed Certificate.
6.
The Create Self-Signed Certificate dialog box appears. In the Specify a friendly name for the
certificate field, type woodgrovebank.
7.
Click OK.
Notice that the new self-signed certificate has been added to the certificate list.
Question: What are the advantages and disadvantages of using self-signed certificates?
Answer: The primary advantages of using a self-signed certificate are that it provides a secure
method of transferring data. Unlike certificates offered by 3rd parties, self-signed certificates have no
financial cost associated with them. They provide a good solution for securing Web data transfer or
personal information, i.e. if used for personal use.
The primary disadvantage of using self-signed certificates is that when used for public access, the user
has no way to validate the authenticity of the certificate owner. This implies that there is no reputable
3rd party verifying the certificate owner. So, although the data is secure, you may not be able to trust
the source.
f Task 4: Block IP addresses as specified in the service request

1.
2.
In the details pane, in the Security section, double-click IPv4 Address and Domain Restrictions.
3.
In the Actions pane, click Add Deny Entry.
4.
The Add Deny Restrictions Rule dialog box appears. In the Specific IPv4 address field, type
10.10.20.1.
5.
Click OK.
6.
In the Actions pane, click Add Deny Entry.
7.
The Add Deny Restrictions Rule dialog box appears. Click IPv4 address range.
8.
In the IPv4 address range field, type 10.10.10.0.
9.
In the Mask field, type 255.255.255.0.
10. Click OK.

Notice that the new IP restrictions have been added to the list.
Question: When would you want to use this feature to block IP addresses?
Answer: An organization may want to block malicious users or restrict access from a certain domain
or location.
f Task 5: Examine the current ISAPI and CGI Restrictions

1.
2.
In the details pane, in the Security section, double-click ISAPI and CGI Restrictions.
Notice that Active Server Pages and ASP.NET v2.0.50727 are the only applications currently listed.
3.
In the details pane, click Active Server Pages.
4.
5.
The Edit ISAPI or CGI Restriction dialog box appears. Notice that you can easily edit the ISAPI or
CGI path, description, and execution allow.
6.
Click Cancel.
7.
In the Action pane, click Edit Feature Settings.
8.
The Edit ISAPI or CGI Restrictions Settings dialog box appears. While its not a recommended
practice, you can easily allow unspecified CGI and ISAPI modules.
9.
Click Cancel.
f Task 6: Install the .NET Framework 1.1

1.
Click Start | Computer and then browse to E:\ Mod05\Labfiles.
2.
Double-click dotnetfix.exe.
3.
The Microsoft .NET Framework 1.1 Setup dialog box appears, confirming if you want to install the
.NET Framework package. Click Yes.
4.
The Microsoft .NET Framework 1.1 Setup dialog box appears, asking you to agree to the license
agreement. Click I agree.
5.
Click Install.
6.
When the installation is complete, click OK. Note that it may take about four minutes to complete.
7.
In the Windows Explorer window, in the details pane, double-click NDP1.1sp1-KB867460-X86.exe.
8.
The Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) dialog box appears, confirming if
you want to install the Service Pack. Click OK.
9.
The Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) License Agreement dialog box
appears, asking you to agree to the license agreement. Click I accept.
10. When the installation is complete, click OK. Note that it may take about two minutes to complete.
f Task 7: Set ISAPI and CGI restrictions to use ASP.NET version 1.1
1.
In Internet Information Services (IIS) Manager, in the Connections pane, click NYC-WEB-B.
2.
In the details pane, in the Security section, double-click ISAPI and CGI Restrictions.
Notice that the ASP.NET v1.1.4322 has been added.
3.
In the details pane, click ASP.NET v1.1.4322.
4.
5.
The Edit ISAPI or CGI Restriction dialog box appears. Select Allow extension path to execute, and
then click OK.
6.
In the Connections pane, ensure that NYC-WEB-B is already expanded, and then click Application
Pools.
Notice that the ASP.NET v1.1 application pool has been added and started.
f Task 8: Set the rights and permissions for Active Directory users
1.
In Windows Explorer, browse to C:\inetpub\.
2.
Right-click wwwroot and then click Properties.
3.
The wwwroot Properties dialog box appears. Click the Security tab.
4.
Click Edit.
5.
The Permissions for wwwroot dialog box appears. Click Add.
6.
The Select Users, Computers, or Groups dialog box appears. Click Locations.
7.
The Locations dialog box appears. If WoodgroveBank.com is not already highlighted, then in the
Location tree, click WoodgroveBank.com.
8.
Click OK.
9.
In the Enter the object names to select field, type ITAdmins_WoodgroveGG and then click Check
Names.
10. Click OK.

Notice that the Read & execute, List folder contents, and Read options are allowed.
11. Click Add.
12. The Select Users, Computers, or Groups dialog box appears. In the Enter the object names to
select field, type Herbert and then click Check Names.
13. Click OK.
14. Next to Full control, select Allow.
15. Click OK.
f Task 9: Test and validate the new configuration

1.
In the Group or user names field click ITAdmins_WoodgroveGG.

Notice that the Read & execute, List folder contents, and Read options are allowed.
2.
In the Group or user names field click Herbert Dorner.

Notice that the all the options are allowed.
3.
Click OK.
Results: After this exercise, you should have successfully set IP restrictions, ISAPI and CGI restrictions,
and Active Directory permissions, as specified in a service request document
Exercise 2: Configure Authorization, Authentication and Access

Scenario
Additional security measures need to be put in place to protect the Web server. An application is protected with
forms authentication, but it is discovered that some of the content can bypass forms authentication and still be
accessed, such as a jpg, by entering the direct URL path and file name. You must configure the protected content
to use the managed forms authentication module.
Exercise Overview
In this exercise, you must reconfigure authentication and authorization so that shared documents folder on the
Web server is fully protected by forms authentication.
1.
Turn off the Web site cache for the shared documents folder.
2.
Sign into the Woodgrove Bank Web site and retrieve the confidential memo.
3.
Bypass the Web site forms authentication.
4.
Modify the applicationHost.config to unlock the URL Authorization <configSections> section by changing the
override mode default to allow.
5.
Modify the applicationHost.config <applicationPools> section to change the Classic .NET application pool to
Integrated mode.
6.
Modify the applicationHost.config file to disable all other authentication types except for anonymous.
7.
Modify the applicationHost.config file to protect all content by removing the managedHandler precondition
from the <system.webServer> section.
8.
Reconfigure the authorization and authentication so that the protected content uses forms authentication.
9.
Test and validate the new Web site configuration.
f Task 1: Turn off the Web site cache for the shared documents folder
1.
On NYC-WEB-B, in Internet Information Services (IIS) Manager, in the Connections pane, ensure
NYC-WEB-B | Sites | Default Web Site | docs is expanded, and then click shared.
2.
In the details pane, in the HTTP Features section, double-click HTTP Response Headers.
3.
4.
The Add Custom HTTP Response Header dialog box appears. In the Name field, type CacheControl.
5.
In the Value field, type no-cache and then click OK.
f Task 2: Sign into the Woodgrove Bank Web site and retrieve the confidential memo
1.
2.
3.
4.
5.
6.
7.
8.
The Windows Internet Explorer window opens. Click Shared Documents.
In the Email field, type lmartin@woodgrovebank.com.
Click Login.
If you get the AutoComplete Passwords dialog box, click No.
9. Click the Back button.

10. Click Signout.
f Task 3: Bypass the Web site forms authentication

1.
In Internet Explorer, browse to http://localhost/docs/shared/Woodgrove_memo.jpg.

Question: Why is the confidential memo being displayed even after the user logs out?
Answer: The Web site and directory are not fully protected by forms authentication.
2.
f Task 4: Modify the applicationHost.config to unlock the URL Authorization

<configSections> section by changing the override mode default to allow
1.
In Windows Explorer, browse to C:\windows\system32\inetsrv\config.
2.
In the details pane, double-click applicationHost.config.

Unlock the URL Authorization section by changing the override mode default to 'allow'. Do this by
modifying the authorization section indicated on the next step.
3.
Find the <configSections> section. Find:

<section name="authorization" overrideModeDefault="Allow" />
And replace it with:

<section name="authorization"
type="System.WebServer.Configuration.UrlAuthorizationSection, System.ApplicationHost,
Version=7.0.0.0, culture=neutral, PublicKeyToken=31bf3856ad364e35"
overrideModeDefault="Allow" />
f Task 5: Modify the applicationHost.config <applicationPools> section to change the

Classic .NET application pool to Integrated mode
Change the Classic .NET application pool to Integrated mode by finding the <applicationPools>
section and replacing:
<add name="Classic .NET AppPool" managedPipelineMode="Classic" />
With:
<add name="Classic .NET AppPool" managedPipelineMode="Integrated" />
f Task 6: Modify the applicationHost.config file to disable all other authentication types
except for anonymous
1.
Find the <authentication> section.
2.
Append:
enabled="false"
To:
clientCertificateMappingAuthentication, digestAuthentication,
iisClientCertificateMappingAuthentication, and windowsAuthentication.
f Task 7: Modify the applicationHost.config file to protect all content by removing the
managedHandler precondition from the <system.webServer> section
1.
Remove the preconditions for FormsAuthentication and DefaultAuthentication from the modules
section. Do this by finding the <system.webServer> section, and then modifying the lines indicated
on the next steps.
2.
Replace:
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"
preCondition="managedHandler" />
With:
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"
/>
3.
Replace
type="System.Web.Security.DefaultAuthenticationModule" preCondition="managedHandler"
/>
With:
type="System.Web.Security.DefaultAuthenticationModule" />
4.
5.
Close Notepad.
f Task 8: Reconfigure the authorization and authentication so that the protected content
uses forms authentication
1.
In Windows Explorer, browse to C:\inetpub\wwwroot.
2.
In the details pane, double-click Web.Config.
3.
The Notepad window opens. Find the line <authorization> section.
4.
Add the line <allow users="lmartin@woodgrovebank.com" />, above the line .
5.
Remove the commenting brackets from the line , changing it to <deny
users="?" />.
6.
7.
Close Notepad.
8.
In Internet Information Services (IIS) Manager, in the Connections pane, click shared.
9.
In the details pane, in the Security section, double-click Authentication.

f Task 9: Test and validate the new Web site configuration

1.
In Internet Explorer, in the Email field, type lmartin@woodgrovebank.com.
2.
3.
Click Login.
4.
5.
6.
Click Signout.
7.
In Internet Explorer, browse to http://localhost/docs/shared/Woodgrove_memo.jpg.

Notice that you are redirected to the login page and that proper authentication is now required to
access the Woodgrove Memo file.
Results: After reconfigure the Web sites authorization and authentication, so that all content uses
forms authentication and thereby protecting the confidential memo, the only way to obtain the memo
is by having the correct credentials.
10

Scenario
Additional security measures need to be put in place to protect the Web server. You received a service request to
keep a log of all visitors to the web server for the past 24 hours. You must enable and configure logging and then
test and verify the log.
Exercise Overview
In this exercise, you must configure and test Web site logging operations.
1.
Examine and configure logging options.
2.
Test the logging operations.
f Task 1: Examine and configure logging options

1.
On NYC-WEB-B, in Internet Information Services (IIS) Manager, in the Connections pane, click
NYC-WEB-B.
2.
In the details pane, in the Health and Diagnostics section, double-click Logging.
3.
Notice that the Log File Rollover Schedule is set for Daily.
4.
Select Use local time for file naming and rollover.
5.
f Task 2: Test the logging operations

1.
In Internet Explorer, click the Refresh button.
2.
In Windows Explorer, browse to C:\ inetpub\logs\LogFiles\W3SVC1.
3.
In the details pane, double-click the newest log file.

Notice the most recent log entries at the bottom of the log. Notice that the log entries include a
number of lines with the word GET.
Question: What does the word GET mean in this log file?
Answer: The GET commands indicate requests from the client to the Web server to retrieve the Web
pages and images.
4.
next lab.
Results: After examining the configuration of the Web servers logging settings, the current log file was
examined and proven to successfully track the Web servers activity.
Lab Answer Key: Configuring Delegation and Remote Administration
Module 6
Lab Answer Key: Configuring Delegation and Remote
Administration
Contents:
Lab: Configuring Delegation and Remote

Administration
Logon Information:
Virtual Machine: NYC-DC1, NYC-WEB-B
Password: Pa$$w0rd

Note: If you have already logged on to a virtual machine, skip the logon task for that particular virtual
machine.

Scenario
You need to be able to configure the server remotely. You must enable remote administration and then test it by
accessing the administration features from a remote computer.
A new site has been set up and you have been asked to delegate the administration of the site to the business
owner. You will need to give the business owner permission to administer their site only, but not the other sites
hosted on the server
You have been assigned a service request to allow all site owners to administer the error messages for their site.
You must unlock the error page feature so that it can be delegated.
Exercise Overview
In this exercise you will practice configuring a Web server for remote administration.
1.
2.
Start the 6427A-NYC-DC1 virtual machine and log on as Woodgrovebank\Administrator.

3.
Configure NYC-WEB-B for remote administration.
4.
Test NYC-WEB-B remote administration.
f Task 1: Start the 6427A-NYC-DC1 virtual machine and log on as

1.
2.

Log on to NYC-DC1 as Woodgrovebank\Administrator with the password of Pa$$w0rd.

1.
2.

f Task 3: Configure NYC-WEB-B for remote administration

1.
On NYC-WEB-B, click Start | Administrative Tools | Internet Information Services (IIS) Manager.
In the Internet Information Services (IIS) Manager connections pane, click NYC-WEBB(WOODGROVEBANK\Administrator).
2.
3.
In the details pane, in the Management section, double-click Management Service.

Select Enable remote connections.
4.
Click Windows credentials or IIS Manager credentials.
5.
6.
Click Start.
f Task 4: Test NYC-WEB-B remote administration

1.
On NYC-DC1, click Start and click Server Manager. In the Server Manager console pane, click
Roles.
2.
Right-click Roles, and then click Add Roles.
3.
The Add Roles Wizard appears. Click Next.
4.
In the Roles box, select Web Server (IIS).
5.
The Add Roles Wizard dialog box appears. Click Add Required Features.
6.
Click Next twice.
7.
In the Role services box, clear all check boxes except for IIS Management Console.
8.
9.
10. Click Start | Administrative Tools | Internet Information Services (IIS) Manager.
11. In the details pane, click Connect to a server.
12. The Connect to Server wizard appears. In the Server name field, type NYC-WEB-B, and then click
Next.
13. On the Provide Credentials page, in the User name field, type
administrator@woodgrovebank.com.
14. In the Password field, type Pa$$w0rd, and then click Next.
15. The Server Certificate Alert dialog box appears. Click Connect.
16. The Specify a Connection Name dialog box appears. Click Finish.
17. In the Connections pane, expand NYC-WEB-B | Sites and then click Default Web Site.
Question: Is the IIS Management Service available for configuration remotely?
Answer: No, this service can only be configured locally
18. In the details pane, in the IIS section, double-click Default Document.
19. Click index.htm.
20. In the Actions pane, click Move Up.
21. The Default Document dialog box appears. Click Yes.
22. In the Actions pane, click Move Up.
Results: After completing this exercise, you should have configured the IIS Management Service to
accept remote connections and you should have tested a remote connection from NYC-DC1.

Scenario
Exercise Overview
In this exercise you will practice delegating administration of two web sites to the appropriate business owners.
1.
Configure delegated administration for the Human Resources site.
2.
Share the Woodgrove sales Web site for Betsy Stadick.
3.
Configure delegated administration for the Sales site.
4.
Test delegated administration for the Human Resources and Sales sites.
f Task 1: Configure delegated administration for the Human Resources site

1.
On NYC-WEB-B, click Start | Computer and then browse to Allfiles(E:)\Mod06\Labfiles.
2.
Right-click WoodgroveHRSite, and then click Share.
3.
The File Sharing dialog box appears. Type Herbert and then click Add.
4.
Next to Herber Dorner, click Reader, and then click Co-owner.
5.
Click Share.
6.
The Your folder is shared page appears. Click Done.
7.
In the Internet Information Services (IIS) Manger Connections pane, expand Sites, and then click
HR.
8.
In the details pane, in the Management section, double-click IIS Manager Permissions.
9.
In the Actions pane, click Allow User.
10. The Allow User dialog box appears. In the Windows field, type Herbert and then click OK.
f Task 2: Share the Woodgrove Sales Web Site for Betsy Stadick
1.
In Windows Explorer, browse to E:\Mod06\Labfiles.
2.
Right-click WoodgroveSalesSite, and then click Share.
3.
The File Sharing dialog box appears. Type Betsy and then click Add.
4.
Next to Betsy Stadick, click Reader and then click Co-owner.
5.
Click Share.
6.
The Your folder is shared page appears. Click Done.
f Task 3: Configure delegated administration for the Sales site

1.
Click Start, and click Run, then type Notepad, and then press ENTER.
2.
3.
4.
Browse to C:\windows\system32\intesrv\config.
5.
Click applicationHost.config, and then click Open.
6.
Scroll down to the <authentication> tag and delete the following text:
<basicAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication />
<windowsAuthentication />
7.
8.
On the File menu, click Open.
9.
The Open dialog box appears. Browse to E:\Mod06\Labfiles.
10. Click EnableAnonymousAuthentication.txt, and then click Open.

11. On the Edit menu, click Select All.
12. On the Edit menu, click Copy.
13. On the File menu, click Open.
14. The Open dialog box appears. In the Text Documents list, click All Files.
15. Browse to C:\windows\system32\intesrv\config.
16. Click applicationHost.config, and then click Open.
17. Scroll to the end of the applicationhost.config file and put the cursor on the line before
</configuration>.
18. On the Edit menu, click Paste.
20. Close Notepad.
f Task 4: Test delegated administration for the Human Resources and Sales sites
1.
On NYC-DC1, click Start | Switch User.
2.
Log on as woodgrovebank\herbert with a password of Pa$$w0rd.
3.
4.
The User Account Control dialog box appears. In the Password field, type Pa$$w0rd, and then click
OK.
5.
In the details pane, click Connect to a site.
6.
The Connect to Site dialog box appears. In the Server name field, type NYC-WEB-B.
7.
In the Site name field, type HR, and then click Next.
8.
The Provide Credentials page appears. In the User name field, type
9.
In the Password field, type Pa$$w0rd and then click Next.
11. The Specify a Connection Name dialog box appears. In the Connection Name field, type Human
Resources Site and then click Finish.
12. In the Connections pane, click Start Page.
13. In the details pane, click Connect to a site.
14. The Connect to Site dialog box appears. In the Server name field, type NYC-WEB-B.
15. In the Site name dialog box, type Sales, and then click Next.
16. The Provide Credentials page appears. In the User name field, type
17. In the Password field, type Pa$$w0rd, and then click Next.
18. The Connect to Site dialog box appears with an error stating that the user is not authorized to
connect to the specified computer.
Question: Why does this error occur?
Answer: This error occurs because Herbert was not granted IIS Manager permission on the Sales site.
19. Click OK.
20. Click Cancel.
21. Close Internet Information Service (IIS) Manager.
22. The Internet Information Service (IIS) Manager dialog box appears, asking if you want to save
changes. Click No.
24. Log on as woodgrovebank\betsy with a password of Pa$$w0rd.
25. Click Start, and click Run, then type Notepad, and then press Enter.
26. The Notepad window opens. On the File menu, click Open.
27. The Open dialog box appears. Browse to E:\Mod06\Labfiles.
28. Click DisableAuthentications, and then click Open.
29. On the Edit menu, click Select All.
30. On the Edit menu, click Copy.
32. The Open dialog box appears. In the File name field, type \\NYC-WEBB\WoodgroveSalesSite\Web.Config and then click Open.
33. Scroll to the end of the Web.Config file and put the cursor on the line before </configuration>.
34. On the Edit menu, click Paste.
36. Close Notepad.
37. Click Start | Internet Explorer.
38. The Windows Internet Explorer window opens. Browse to http://sales.woodgrovebank.com.

39. Notice error 401 indicating that the user does not have permission to view this page.
Question: Why does the server report this error?
Answer: The server reports a 401 error because both Anonymous Authentication and Windows
Authentication have been disabled. The web server is unable to service a request for a web page if no
means for authentication is configured.
40. Click Start, and click Run, then type Notepad, and then press Enter.
41. The Notepad window opens.
43. The Open dialog box appears. In the File name field, type \\NYC-WEBB\WoodgroveHRSite\Web.Config and then click Open.
44. The Network Error dialog box appears. Click See details and note the resulting error and notice that
it says access is denied.
45. Click Cancel twice and then close Notepad.
Results: After completing this exercise, you should have successfully delegated administration for the
Human Resources web site to Herbert Dorner and delegated administration for the Sales web site to
Betsy Stadick.

Scenario
Exercise Overview
In this exercise you will practice configuring delegated administration so that all site owners can administer the
error messages for their site.
1.
Configure feature delegation for the Human Resources and Sales sites.
2.
Test feature delegation for the Human Resources site.
f Task 1: Configure feature delegation for the Human Resources and Sales sites
1.
On NYC-WEB-B, in the Internet Information Services (IIS) Manger Connections pane, click NYCWEB-B.
2.
In the details pane, in the Management section, double-click Feature Delegation.
3.
Click Error Pages.
4.
In the Actions pane, click Read/Write.
f Task 2: Test feature delegation for the Human Resources site

1.
On NYC-DC1, click Start | Switch User,
2.
Log on as woodgrovebank\herbert with a password of Pa$$w0rd.
3.
4.
The User Account Control dialog box appears. In the Password field, type Pa$$w0rd, and then click
OK.
5.
In the details pane, click Connect to a site.
6.
The Connect to Site dialog box appears. In the Server name field, type NYC-WEB-B.
7.
In the Site name dialog box, type HR, and then click Next.
8.
The Provide Credentials page appears. In the User name file, type herbert@woodgrovebank.com.
9.
In the Password field, type Pa$$w0rd, and then click Next.
11. The Specify a Connection Name dialog box appears. In the Connection Name field, type Human
Resources Site and then click Finish.
12. In the Connections pane, click Human Resources Site.
13. In the details pane, in the IIS section, double-click Error Pages.
14. Right-click the line beginning with 404, and then click Edit.
15. The Edit Custom Error Page dialog box appears. Click Execute a URL on this site.
16. In the URL (relative to site root) field, type /ErrorPages/custom404.htm and then click OK.
17. Click Start | Internet Explorer.
18. The Internet Explorer window opens. Browse to
http://hr.woodgrovebank.com/missingpage.htm.
19. Note that the custom error page is displayed.
next lab.
Results: After completing this exercise, you should have successfully configured the Human Resources
and Sales sites so that the site owners can customize error pages for each site.
Lab Answer Key: Using Command-line and Scripting for IIS 7.0 Administration
Module 7
Lab Answer Key: Using Command-line and Scripting for IIS
7.0 Administration
Contents:
Exercise 4: Manage IIS tasks using WMI and AppCmd
Lab: Using Command-line and Scripting for IIS

7.0
Logon Information:
Virtual Machine: NYC-WEB-B
Password: Pa$$w0rd

Scenario
The development team requires additional tools to manage their Websites. First you need to make sure that
PowerShell will correctly manage the servers services and make sure it can successfully stop and start the Web
service.
Exercise Overview
In this exercise, you will learn how to use PowerShell to manage IIS 7.0.
1.
2.
3.
4.
5.
6.

Use PowerShell to identify all services.
Use PowerShell to identify running services that start with a w.
Stop the w3svc service using PowerShell.
Start the w3svc service using PowerShell.
List PowerShell.exe process using the get-wmiobject cmdlet.

1.
2.

f Task 2: Use PowerShell to identify all services

1.
On NYC-WEB-B, if Server Manager opens, Close the Server Manager and click Start | All
Programs | Windows PowerShell 1.0 | Windows PowerShell.
2.
At the Windows PowerShell prompt, type get-service and then press Enter.
Notice the status, name, and display name of each service.
f Task 3: Use PowerShell to identify running services that start with a w

1.
Type get-service -include w* | sort-object -property status and then press Enter.
2.
Notice the list of services that begin with a w with the stopped services listed first.
f Task 4: Stop the w3svc service using PowerShell

1.
Type stop-service -servicename w3svc and then press Enter.
2.
Type get-service -servicename w3svc and then press Enter
f Task 5: Start the w3svc service using PowerShell.

1.
Type start-service -servicename w3svc and then press Enter.
2.
Type get-service -servicename w3svc and then press Enter.
f Task 6: List PowerShell.exe process using the get-wmiobject cmdlet

1.
Type Get-WmiObject -query "Select * From Win32_Process Where Name = 'powershell.exe'"

and then press Enter.
2.
Notice the detailed information for the powershell.exe process.

Question: What operating system is listed in the details?
Answer: Microsoft Windows Server 2008 Enterprise.
Results: After this exercise, you should have successfully identified, stopped and started services using
PowerShell.

Scenario
You need to verify that a script will effectively stop and start using MWA. Run the script and then check to make
sure that the service is stopped. Then restart the service using the script and verify that it is started.
Exercise Overview
In this exercise, you will learn how to use MWA to execute a script.
1.
Load Microsoft.Web.Administration.dll.
2.
Get Website information with MWA.
3.
Create a function using MWA to find Websites.
4.
Use the findsite function to list the default Website, the default Website ID, and then stop and start the default
Website.
f Task 1: Load Microsoft.Web.Administration.dll

1.
On NYC-WEB-B, in PowerShell, type

[System.Reflection.Assembly]::LoadFrom("C:\windows\system32\inetsrv\Microsoft.Web.Admi
nistration.dll") and then press Enter.
2.
Notice the GAC, version and location for the Microsoft.Web.Administration.dll, which signifies the DLL
file was loaded.
f Task 2: Get Website information with MWA

1.
Type (New-Object Microsoft.Web.Administration.ServerManager).Sites and then press Enter.
2.
Notice the detailed information for the sites on the server.
3.
Type (New-Object Microsoft.Web.Administration.ServerManager).Sites | ForEach-Object

{$_.Name} and then press Enter.
4.
Notice the names of the Websites on the server.
f Task 3: Create a function using MWA to find Websites
Type function findsite {$name=$args[0]; ((New-Object

Microsoft.Web.Administration.ServerManager).Sites | Where-Object {$_.Name -match
$name}); } and then press Enter.
Question: This command line didn't return any values. What did it do?
Answer: This command line created the command findsite, which integrates the
Microsoft.Web.Administration module into an easy-to-use single command.
f Task 4: Use the findsite function to list the default Website, the default Website ID, and
then stop and start the default Website
1.
Type findsite default* and then press Enter.
2.
Notice the detailed information for the default Website.
3.
Type (findsite default*).ID and then press Enter.
4.
Notice the ID for the default Website: 1.
5.
Type (findsite default*).Stop() and then press Enter.
6.
Notice the status for the default Website is now stopped.
7.
Type (findsite default*).Start() and then press Enter.
8.
Notice the output is unknown.

Question: Why does the command return an output value of unknown?
Answer: Because it attempted to start the default Web site without first checking to see if it was
stopped or checking the result.
9.
Type (findsite default*).State and then press Enter.
10. Notice the status for the default Website is now started.
Results: After this exercise, you should have successfully used Microsoft.Web.Administration to gather
Website information and created a function to start and stop the default Website.

Scenario
The development team provided you with a script that lists Websites on the server. You need to test and run the
script using PowerShell.
You also need to deploy several identical Websites using the same default content located on a share. A
PowerShell script will be used to automate this task.
Exercise Overview
In this exercise, you will learn how to use a PowerShell scripts.
1.
2.
3.
4.
5.
6.
7.
Create Microsoft.PowerShell profile script to automatically load assemblies.

Set execution policy to unrestricted.
Add a global variable to profile script.
List sites using global variable.
Use PowerShell script to find sites.
Review and run a script to create a Website.
Use PowerShell script to verify site was created.
f Task 1: Create Microsoft.PowerShell profile script to automatically load assemblies

1.
On NYC-WEB-B, in PowerShell, type if (test-path $profile) {echo "Path exists."} else {new-item path $profile -itemtype file -force}; notepad $profile and then press Enter.
2.
The Notepad window opens. Type the following:

echo "Microsoft IIS 7.0 Environment Loader"
echo "Copyright 2006 Microsoft Corporation. All rights reserved."
echo "Loading IIS 7.0 Managed Assemblies"
$inetsrvDir = (join-path -path $env:windir -childPath "\system32\inetsrv\")
Get-ChildItem -Path (join-path -path $inetsrvDir -childPath "Microsoft*.dll") |
ForEach-Object {[System.Reflection.Assembly]::LoadFrom((join-path -path $inetsrvDir childPath $_.Name))}
echo "Assemblies loaded."
3.
f Task 2: Set execution policy to unrestricted

1.
Minimize but do not close Notepad.
2.
In Windows PowerShell, type get-executionpolicy and then press Enter.
3.
Notice the executionpolicy is set to restricted.
4.
Type set-ExecutionPolicy Unrestricted and then press Enter.
f Task 3: Add a global variable to profile script

1.
In Notepad, at the end of the script, type, new-variable iismgr -value (New-Object
Microsoft.Web.Administration.ServerManager) -scope "global".
2.
3.
Minimize but do not close Notepad.
f Task 4: List sites using global variable

1.
2.
3.
4.
Close Windows PowerShell and then reopen it.

Notice the script information that now executes when you open PowerShell.
Type $iismgr.Sites and then press Enter.
Notice the site information that is displayed.
f Task 5: Use PowerShell script to find sites

1.
Close Windows PowerShell.
2.
Click Start | Computer, and then browse to E:\Mod07\Labfiles\Scripts.
3.
Right-click iis.type.ps1xml, and then click Edit.
4.
The Notepad window opens. Review the code.
5.
On the File menu, click Save As.
6.
The Save As dialog box appears. In the Save as type list, click All Files.
7.
Browse to C:\windows\System32\WindowsPowerShell\v1.0 and then click Save.
8.
Close Notepad.
9.
Restore Notepad, at the end of the script, type the following:

new-variable iissites -value (New-Object
Microsoft.Web.Administration.ServerManager).Sites -scope "global"
new-variable iisapppools -value (New-Object
Microsoft.Web.Administration.ServerManager).ApplicationPools -scope "global"
update-typedata -append (join-path -path $PSHome -childPath "iis.types.ps1xml")

11. Close Notepad.
12. Click Start | All Programs | Windows PowerShell 1.0 | Windows PowerShell.
13. The Windows PowerShell window opens. Type $iissites.Find("^Default*") and then press Enter.
14. Notice the details for the default Website are listed.
f Task 6: Review and run a script to create a default Website in PowerShell

1.
In Windows Explorer, browse to

E:\Mod07\Labfiles\Scripts\CreateWebsite\CreateWebsite\CreateWebsite.
2.
Double-click CreateWebsite.cs.
3.
The Notepad window opens. Review the code, and then close Notepad.
4.
In Windows Explorer, browse to

E:\Mod07\Labfiles\Scripts\CreateWebsite\CreateWebsite\CreateWebsite \bin\Debug.
5.
Right-click CreateWebsite.exe, and then click Copy.
6.
Browse to C:\ and then click Paste.
7.
In Windows PowerShell, type c:\CreateWebsite.exe and then press Enter.
f Task 7: Use PowerShell script to verify Website was created

1.
Type $iissites.Find("^NewSite*") and then press Enter.
2.
Notice the details for the new Website are listed.
Results: After this exercise, you should have successfully created a Microsoft.PowerShell profile script.
You should have also used a saved script to list Website. Finally, you should have successfully created a
site named NewSite.
Exercise 4: Manage IIS tasks using WMI and AppCmd

Scenario
You need to verify which tasks are running on the server. Use WMI and AppCmd to display the list of running
tasks.
Exercise Overview
In this exercise, you will use WMI and AppCmd for IIS administration.
1.
2.
3.
4.
5.
6.
Use AppCmd to identify tasks running on the Web server.

Use AppCmd to identify all running application pools.
Use AppCmd to recycle all running application pools.
Move all applications in a site to NewAppPool application pool.
Store configuration information to file, and then restore the configuration information.
Use WMI to list the Default Web Site on the Web server.
f Task 1: Use AppCmd to identify tasks running on the Web server

1.
2.
3.
4.
On NYC-WEB-B, click Start | Command Prompt.

Type cd \windows\system32\inetsrv and then press Enter.
Type appcmd list wp and then press Enter.
Notice this command lists the current running worker processes. If the command doesnt list any
results, there arent any worker processes running.
f Task 2: Use AppCmd to identify all running application pools

1.
Type appcmd list apppool and then press Enter.
2.
Notice the currently running application pools are listed.
f Task 3: Use AppCmd to recycle all running application pools

1.
Type appcmd list apppool /xml | appcmd recycle apppool /in and then press Enter.
2.
Notice the message is displayed DefaultAppPool successfully recycled.
f Task 4: Move all applications in a site to NewAppPool application pool

1.
Type appcmd list app /site.name:"NewSite" /xml | appcmd set app /in
/applicationPool:NewAppPool and then press Enter
2.
Notice the following is displayed APP object NewSite/ changed.
f Task 5: Store configuration information to file, and then restore the configuration
information
1.
Type appcmd list config "Default Web Site/" /section:caching /xml /config > config.xml and
then press Enter.
2.
Type appcmd set config "Default Web Site/" /in < config.xml and then press Enter.
3.
Notice the configuration changes were applied to the Default Web Site.
f Task 6: Use WMI to list the Default Web Site on the Web server
1.
10
2.
The Notepad window opens. Type:

Set oIIS = GetObject("winmgmts:root\WebAdministration")
Set oSite = oIIS.Get("Site.Name='Default Web Site'")
WScript.Echo "Retrieved an instance of Site"
WScript.Echo "Name: " & oSite.Name
WScript.Echo "ID:
" & oSite.ID
3.
4.
The Save As dialog box appears. In the File name field, type C:\GetSite.vbs.
5.
In the Save as type list, click All Files, and then click Save.
6.
Close Notepad.
7.
From the command prompt, type cd \, and then press Enter.
8.
Type cscript //h:cscript, and then press Enter.
9.
Notice the default script has been set to cscript.exe.
10. Type getsite.vbs, and then press Enter.

11. Notice the Web site name and ID are displayed.
next lab.
Results: After this exercise, you should have successfully used AppCmd to recycle application pools,
move application and store configuration information to a file. You should have also successfully
identified the default Website using WMI.
Lab Answer Key: Tuning IIS 7.0 for Improved Performance
Module 8
Contents:
Lab: Tuning IIS 7.0 for Improved Performance

Logon Information:
Virtual Machine: NYC-DC1, NYC-WEB-A
Password: Pa$$w0rd

Scenario
You receive a request to deploy a second copy of an installed application, and then deploy updates to the new
installation so that the Enterprise Design QA team can test the proposed updates.
Exercise Overview
In this exercise, students will learn how to deploy an application, as well as application updates, with Xcopy.
1.
2.

3.
Add ASP.NET and Dynamic Content Compression features to the IIS Role.
4.
Create the SalesSupport application and copy the ASP.NET application files.
5.
Deploy a second copy of the SalesSupport application named SalesSupport2 using Xcopy.
6.
Deploy the application updates to SalesSupport2 using Xcopy.
7.
Create and assign an application pool for SalesSupport2 and test functionality.

1.
2.

f Task 3: Add ASP.NET and Dynamic Content Compression features to the IIS Role
1.
On NYC-WEB-A, click Start and click Server Manager. In Server Manager console pane, expand
Roles and then click Web Server (IIS).
2.
3.
Right-click Web Server (IIS), and then click Add Role Services.
The Add Role Services dialog box appears. In the Role services box, select ASP.NET.
4.
The Add Role Services box appears. Click Add Required Role Services.
5.
In the Performance section, select Dynamic Content Compression.
6.
7.
8.
In the details pane, in the Role Services section, notice that ASP.NET and Dynamic Content
Compression are listed as Installed.
1.
2.
3.
4.
5.
The Add Application dialog box appears. In the Alias field, type SalesSupport.
6.
7.
New Folder.
8.
Type SalesSupport and then click OK.
9.
Click OK.
10. Click Start | Computer and then browse to E:\Mod08\Labfiles\SalesSupport.

11. Select all, then right-click and click Copy.
12. Browse to C:\inetpub\wwwroot\SalesSupport, right-click, and then click Paste.
f Task 5: Deploy a second copy of the SalesSupport application named SalesSupport2

using Xcopy
1.
2.
Type cd \inetpub\wwwroot and then press Enter.
3.
Type md SalesSupport2 and then press Enter.
4.
Type xcopy /e SalesSupport\*.* SalesSupport2.
5.
Notice that 36 files are copied.
f Task 6: Deploy the application updates to SalesSupport2 using Xcopy

1.
At the command prompt, type E: and then press Enter.
2.
Type cd \Mod08\Labfiles\SalesSupport2 and then press Enter.
3.
Type xcopy /e *.* c:\inetpub\wwwroot\salessupport2 and then press Enter.
4.
When prompted to overwrite files, press A for all.
5.
6.
7.
lick Add Application.
8.
The Add Application dialog box appears. In the Alias field, type SalesSupport2.
9.
10. The Browse For Folder dialog box appears. Browse to C:\inetput\wwwroot\SalesSupport2, and
then click OK twice.
f Task 7: Create and assign an application pool for SalesSupport2 and test functionality
1.
2.
3.
The Add Application Pool dialog box appears. In the Name field, type SalesSupport2 and then
click OK.
4.
In the Connections pane, expand Default Web Site and then click SalesSupport2.
5.
6.
7.
The Select Application Pool dialog box appears. In the Application pool list, click SalesSupport2,
and then click OK twice.
8.
9.
10. Notice that the Woodgrove Bank Sales Support page loads successfully.
12. Notice that the Woodgrove Bank Sales Support page version 2.0 loads successfully.
installed, deployed that SalesSupport2 application, and verified functionality.

Scenario
Next you will configure performance options for the SalesSupport application. First, you will use Performance
Monitor to look at the current machine performance. Then you will configure and test output caching,
compression, and throttling.
Exercise Overview
In this exercise, students will learn how to configure IIS Performance Options.
1.
Use Performance Monitor to measure performance.
2.
Configure Output Caching.
3.
Configure Compression.
4.
Configure connection limit throttling.
f Task 1: Use Performance Monitor to measure performance

1.
On NYC-WEB-A, click Start | Administrative Tools | Reliability and Performance Monitor.
2.
In the console pane, click Performance Monitor.
3.
In the details pane, right-click the graph, and then click Remove All Counters.
4.
The Performance Monitor Control dialog box appears. Click OK.
5.
Above the graph, click the Add button (green plus).
6.
The Add Counters dialog box appears. In the Available counters list, scroll down, and then expand
Web Service.
7.
Click Bytes Sent/sec.
8.
In the Instances of selected object field, click <All instances>.
9.
Click Add, and then click OK.
10. With Reliability and Performance monitor running, in Internet Explorer, browse to
11. After the page loads, click Refresh several times rapidly. Notice that the dynamically generated time
updates each time you refresh.
13. In Reliability and Performance Monitor, notice that the graph reflects the throughput. Note that
you can right-click the graph and then click Scale Selected Counters to get a better representation.
You may need to do this a couple of times to get a zoomed in view of the data.
f Task 2: Configure Output Caching

1.
In Internet Information Services (IIS) Manager, in the Connections pane, expand NYC-WEBA(WOODGROVEBANK)| Sites | Default Web Site and then click SalesSupport.
2.
In the details pane, in the IIS section, double-click Output Caching.
3.
4.
The Add Cache Rule dialog box appears. In the File name extension field, type .aspx.
5.
Select Kernel-mode caching.
6.
Click At time intervals, and then delete the existing text and type 00:00:10.
7.
Click OK.
8.
Open Internet Explorer, and browse to http://localhost/salessupport/test.aspx.
9.
Click Refresh several times rapidly for at least 30 seconds.
10. Notice that the time updates only every 10 seconds after the first couple of loads and that the
subsequent loads are much faster.
11. In Internet Explorer, browse to http://localhost/salessupport2/test.aspx.
12. Click Refresh several times rapidly.
13. Notice that the time updates with each load.
14. In Reliability and Performance monitor, compare the two peaks for throughput on the graph.
Notice that the first peak has higher throughput than the second.
f Task 3: Configure Compression

1.
In Internet Explorer, browse to http://localhost.
2.
Click Refresh several times rapidly.
3.
In Reliability and Performance Monitor, note the throughput on the graph.
4.
5.
In the details pane, in the IIS section, double-click Compression.
6.
Clear the Enable static content compression check box.
7.
8.
In Internet Explorer, browse to http://localhost.
9.
Click Refresh several times rapidly.
10. In Reliability and Performance Monitor, note the throughput on the graph. There should not be
much change for static compression.
Question: Why does the graph show little or no change?
Answer: Static compression is cached. Only the first page load requires processing the compression.
11. In Internet Explorer, browse to http://localhost/SalesSupport/test.aspx.
13. In Reliability and Performance Monitor, note the throughput on the graph.
14. In Internet Information Services (IIS) Manager, in the details pane, select Enable dynamic
content compression.
16. In Internet Explorer, browse to http://localhost/SalesSupport/test.aspx.
19. In Reliability and Performance Monitor, note the throughput on the graph. The throughput has
decreased because dynamic compression negates dynamic output caching.
f Task 4: Configure connection limit throttling

1.
Open Internet Explorer, and browse to http://localhost.
2.
Right click the IIS7 tab, and then click New Tab.
3.
In the new tab, browse to http://localhost.
4.
Repeat to create another new tab, and then browse to http://localhost.
5.
You should have three tabs open. Right-click one of the tabs, and then click Refresh All.
6.
Notice that all of the tabs refresh successfully.
7.
Close Internet Explorer. In the Internet Explorer dialog box, click Close Tabs.
8.
9.
In the Actions pane, click Limits.
10. The Edit Web Site Limits dialog box appears. Select Limit number of connections.
11. In the Limit number of connections field, type 1.
12. Click OK.
13. Open Internet Explorer, and browse to http://localhost in three tabs.
14. In Internet Explorer, right-click one of the tabs, and then click Refresh All.
15. Notice that at least one of the tabs now reports Service Unavailable.
16. Close Internet Explorer. In the Internet Explorer dialog box, click Close Tabs.
Results: After this exercise, you should have configured performance options and verified functionality.

Scenario
You will now modify the application pools to improve resource usage.
Exercise Overview
In this exercise, students will learn how to manage application pools to improve performance.
1.
Use Reliability and Performance Monitor to measure resource usage.
2.
Recycle an application pool.
3.
Assign SalesSupport and SalesSupport2 to the same application pool.
f Task 1: Use Reliability and Performance Monitor to measure resource usage

1.
On NYC-WEB-A, open Internet Explorer, and browse to http://localhost/salessupport.
2.
Open a second tab and browse to http://localhost/salessupport2.
3.
In Reliability and Performance Monitor, in the console pane, click Reliability and Performance.
4.
In the details pane, expand Memory.
5.
Click the Image column heading to sort by image name, and then scroll down to w3wp.exe.
6.
Notice that there are two instances running. Note the amount of memory being used by each in the
Commit (KB) and Working Set (KB) columns.
f Task 2: Recycle an application pool

1.
In Internet Information Services (IIS) Manager, in the Connections pane, click Application Pools.
2.
In the details pane, click SalesSupport2.
3.
In the Actions pane, click Recycle.
4.
In Reliability and Performance Monitor, notice that one of the w3wp.exe processes consumes less
memory.
5.
Close Internet Explorer. In the Internet Explorer dialog box, click Close Tabs.
f Task 3: Assign SalesSupport and SalesSupport2 to the same application pool

1.
In Internet Information Services (IIS) Manager, in the Connections pane, click SalesSupport2.
2.
3.
4.
The Select Application Pool dialog box appears. In the Application pool list, click DefaultAppPool.
5.
Click OK twice.
6.
7.
In the details pane, click SalesSupport2.
8.
9.
10. Open Internet Explorer, and browse to http://localhost/salessupport.
11. Open a second tab and browse to http://localhost/salessupport2.

12. In Reliability and Performance Monitor, notice that is now only one w3wp.exe process and less
total memory consumed.
next lab.
Results: After this exercise, you should have recycled and consolidated application pools, and verified
resource usage with Reliability and Performance Monitor.
Lab Answer Key: Ensuring Web Site Availability with Web Farms
Module 9
Lab Answer Key: Ensuring Web Site Availability with Web
Farms
Contents:
Lab: Ensuring Web Site Availability with Web

Farms
Logon Information:
Virtual Machine: NYC-DC1, NYC-WEB-D, NYC-WEB2
Password: Pa$$w0rd

Scenario
The Enterprise Design Team has asked you to explore options for increasing Web site availability. Before you
begin, you will back up an existing site and verify that it can be restored properly.
Exercise Overview
In this exercise, students will learn how to back up a Web site. Use the virtual disk drive E: for the backup drive, as a
stand-in for a remote storage device.
1.
2.

Start the 6427A-NYC-WEB-D virtual machine and log on as Woodgrovebank\Administrator.
3.
Start the 6427A-NYC-WEB2 virtual machine and log on as Woodgrovebank\Administrator.
4.
Backup the Web site, Web application, and config files to the E: drive.
Note: If you have already logged on to a virtual machine, skip the logon task for that
particular virtual machine.

f Task 2: Start the 6427A-NYC-WEB-D virtual machine and log on as

1.
On the Lab Launcher, next to 6427A-NYC-WEB-D, click Launch.
2.
Log on to NYC-WEB-D as Woodgrovebank\Administrator with the password of Pa$$w0rd.
f Task 3: Start the 6427A-NYC-WEB2 virtual machine and log on as

1.
On the Lab Launcher, next to 6427A-NYC-WEB2, click Launch.
2.
Log on to NYC-WEB2 as Woodgrovebank\Administrator with the password of Pa$$w0rd.
f Task 4: Backup the Web site, Web application, and config files to the E: drive
1.
On NYC-WEB-D, click Start | Computer, and then browse to E:.
2.
In the File menu, click New | Folder.
3.
Type Web Site Backup, and then press Enter.
4.
Browse to\\NYC-WEB-D\E\Web Site Backup.
5.
Browse to C:\inetpub\wwwroot.
6.
In the details pane, select all, right-click, and then click Copy.
7.
Browse to \\NYC-WEB-D\E\Web Site Backup, right-click and then click Paste.
8.
Notice that the Web site files are now backed up to this shared folder.
Results: After this exercise, you should have successfully backed up a web site.

Scenario
The Enterprise Design Team has asked you to verify that the backups can be restored properly. Do this by
restoring the Web files to a second server and confirm that the second server functions properly.
Exercise Overview
In this exercise, students will learn how to restore a Web site.
This exercises main task is:
Restore the Web site, Web application, and config files from the shared drive.
f Task 1: Restore the Web site, Web application, and config files from the shared drive
1.
On NYC-WEB2, on the desktop, click Start | Administrative Tools | Internet Information Services
(IIS) Manager.
2.
In the Connections pane, expand NYC-WEB2 | Sites, and then click Default Web Site.
3.
4.
The Microsoft Internet Explorer window opens. Notice that the IIS 7.0 default page is displayed.
5.
Click Start | Computer, and then browse to C:\inetpub\wwwroot.
6.
Notice that the folder contains the two IIS 7.0 default Web site files, iisstart.htm and welcome.png,
and the aspnet_client folder.
7.
Browse to the networked computer NYC-WEB-D.
8.
If the NYC-WEB-D computer is not displayed in the details pane, network discovery may be turned
off. Click the notice bar, and then click Turn on network discovery and file sharing.
9.
Browse to\\NYC-WEB-D\E\Web Site Backup.
10. In the details pane, select all, right-click and then click Copy.
11. Browse to C:\inetpub\wwwroot, right-click and then click Paste.
12. If a Copy File dialog box appears, indicating that you are about to overwrite any files or folders, click
Copy and Replace.
13. If a Confirm Folder Replace dialog box appears, indicating that you are about to overwrite a folder,
click Yes.
14. Notice that the new Web site files are now copied to this location.
16. Notice that the Woodgrove Bank Web site has been deployed on the second Web server.
Question: What process on the Web server led to the Woodgrove Bank Web site being displayed
instead of the IIS 7.0 default Web site?
Answer: After the Woodgrove Bank Web site files were copied to the second Web server, the default
file default.aspx superseded the file iisstart.htm.
Results: After this exercise, you should have successfully restored a web site to a second server.

Scenario
The next step is for increasing Web site availability. Now that you have two identically configured Web servers,
implement shared configurations for them.
Exercise Overview
In this exercise, students will learn how to enable shared configuration.
1.
Export and Enable Shared Configuration.
2.
Add the second Web server to use the Shared Configuration.
3.
Test the Shared Configuration.
f Task 1: Export and Enable Shared Configuration

1.
On NYC-WEB-D, click Start | Administrative Tools | Internet Information Services (IIS) Manager.
2.
In the Connections pane, click NYC-WEB-D.
3.
In the details pane, in the Management section, double-click Shared Configuration.
4.
In the Actions pane, click Export Configuration.
5.
The Export Configuration dialog box appears, allowing you to export the local configuration files,
settings, and encryption keys. In the Physical path field, type \\NYC-WEB-D\E.
6.
In the Encryption keys password and Confirm password fields, type Pa$$w0rd.
7.
Click OK.
8.
The Export Configuration dialog box appears indicating that the files were exported successfully.
Click OK.
9.
In the details pane, select Enable shared configuration.
10. In the Physical Path field, type \\NYC-WEB-D\E.

11. In the User name field, type Woodgrovebank\Administrator.
12. In the Password and Confirm password fields, type Pa$$w0rd.
14. The Encryption Keys Password dialog box appears for you to enter the encryption key. In the Enter
encryption key password field, type Pa$$w0rd.
15. Click OK.
16. The Shared Configuration dialog box appears, indicating that the current encryption keys were
backed up. Click OK.
17. The Shared Configuration dialog box appears, indicating that IIS Manager and Management service
must be restarted for these changes to be completed. Click OK.
18. Close Internet Information Services (IIS) Manager.
19. Click Start | Administrative Tools Internet Information Services (IIS) Manager.
20. In the Connections pane, click NYC-WEB-D.
21. In the details pane, in the Management section, double-click Management Service.
22. In the Actions pane, click Start.
f Task 2: Add the second Web server to use the Shared Configuration
1.
On NYC-WEB2, in Internet Information Services (IIS) Manager, in the Connections pane, click
NYC-WEB2.
2.
In the details pane, in the Management section, double-click Shared Configuration.
3.
Select Enable shared configuration.
4.
In the Physical Path field, type \\NYC-WEB-D\E.
5.
In the User name field, type Woodgrovebank\Administrator.
6.
In the Password and Confirm password fields, type Pa$$w0rd.
7.
8.
The Encryption Keys Password dialog box appears. In the Enter encryption key password field,
type Pa$$w0rd.
9.
Click OK.
10. The Shared Configuration dialog box appears, indicating that the current encryption keys were
backed up. Click OK.
11. The Shared Configuration dialog box appears, indicating that IIS Manager and Management service
must be restarted for these changes to be completed. Click OK.
12. Close Internet Information Services (IIS) Manager.
13. Click Start | Administrative Tools | Internet Information Services (IIS) Manager.
14. In the Connections pane, click NYC-WEB2.
15. In the details pane, in the Management section, double-click Management Service.
16. In the Actions pane, click Start.
f Task 3: Test the Shared Configuration

1.
On NYC-WEB-D, in Internet Information Services (IIS) Manager, in the Connections pane, click
NYC-WEB-D.
2.
In the details pane, in the IIS section, double-click Default Document.
3.
4.
The Add Default Document dialog box appears to allow us to add a default document to test the
shared configuration. In the Name field, type test.html and then click OK.
5.
On NYC-WEB2, in Internet Information Services (IIS) Manager, in the Connections pane, click
NYC-WEB2.
6.
In the details pane, in the IIS section, double-click Default Document.
7.
Notice that the default document test.html has been added to the top of the list for the second Web
server as well,
Question: Why has the default document test.html has been added to the top of the list for the
second Web server as well?
Answer: The default document test.html has been added to the top of the list for the second Web
because both servers are using shared configuration.
Results: After this exercise, you should have successfully configured a two-server network with an
underlying foundation of shared configurations.

Scenario
With the two Web servers set up with Shared Configurations, configure Network Load Balancing to increase Web
site availability.
Exercise Overview
In this exercise, students will ensure Web site availability by implementing Network Load Balancing.
Create a new Network Load Balancing cluster.
Add the second host to the Network Load Balancing cluster.
Add the second server to the Network Load Balancing cluster.
Verify Network Load Balancing using NLB commands.
f Task 1: Create a new Network Load Balancing cluster

1.
On NYC-WEB-D, click Start | Administrative Tools | Network Load Balancing Manager.
2.
In the console pane, right-click Network Load Balancing Clusters and then click New Cluster.
3.
The New Cluster: Connect dialog box appears. Start the process by connecting to the Network Load
Balance host computer. In the Host field, Type NYC-WEB-D, and then click Connect.
4.
Make sure the Local Area Connection interface with Interface IP address 10.10.0.21 is highlighted,
and then click Next.
5.
The New Clusters: Host Parameter page shows the dedicated IP addresses and the initial host state.
Click Next.
6.
The New Clusters: Cluster IP Addresses page allows you to add cluster IP addresses that are shared
by every member of the cluster. Click Add.
7.
The Add IP Address dialog box appears, allowing you to add IPv4 or IPv6 addresses to the cluster. In
the Add IPv4 address field, type 10.10.0.27.
8.
In the Subnet mask field, type 255.255.0.0, and then click OK.
9.
Make sure the newly added cluster IP address is highlighted. Click Next.
10. The New Clusters: Cluster Parameters page allows you to modify the operation mode of the cluster
IP addresses. In the Full Internet name field, type cluster.woodgrovebank.com.
11. Click Multicast.
12. Click Next.
13. The New Clusters: Port Rules page allows you to add, edit, and remove cluster IP address port rules.
Click Finish. Wait for the operation to complete before continuing.
f Task 2: Add the second host to the Network Load Balancing cluster
1.
In the console pane, right-click cluster.woodgrovebank.com and then click Add Host to Cluster.
2.
The Add Host to Cluster: Connect dialog box appears. Add the second host computer. In the Host
field, Type NYC-WEB2, and then click Connect. Wait for the operation to complete before
continuing.
3.
Make sure the Local Area Connection interface with Interface IP address 10.10.0.26 is highlighted,
and then click Next.
4.
The New Clusters: Host Parameter page shows the dedicated IP addresses and the initial host state.
Make sure that the Priority (unique host identifier) is 2, and then click Next.
5.
The New Clusters: Port Rules page allows you to add, edit, and remove cluster IP address port rules.
Click Finish. Wait for the operation to complete before continuing.
f Task 3: Add the second server to the Network Load Balancing cluster
1.
On NYC-WEB2, Click Start, click Administrative Tools, and then click Network Load Balancing
Manager.
2.
The Network Load Balancing Manager window opens and loads the current cluster. The Warning
dialog box appears, presenting a warning about running NLB in Unicast mode. Click OK.
f Task 4: Verify Network Load Balancing using NLB commands

1.
2.
Type NLB query 10.10.0.27 and then press Enter.
3.
Notice that the NLB command indicates that host 2 has entered a converging state with the cluster.
4.
On NYC-WEB-D, click Start | Command Prompt.
5.
Type NLB query 10.10.0.27 and then press Enter.
6.
Notice that the NLB command indicates that host 1 has entered a converging state with the cluster.
7.
Type NLB display and then press Enter.
8.
The results show very detailed information about the cluster and its current state. Scroll to the top of
the displayed information to examine the Configuration section.
9.
next lab.
Results: After this exercise, you should have successfully configured network load balancing on a
two-server network, with an underlying foundation of shared configurations.
Lab Answer Key: Troubleshooting IIS 7.0 Web Servers
Module 10
Contents:
Lab: Troubleshooting IIS 7.0 Web Servers

Logon Information:
Virtual Machine: NYC-DC1, NYC-WEB-E
Password: Pa$$w0rd

Scenario
You receive a service request asking to resolve a user issue. The password-protected intranet site is accessed by
domain users within the company, but is not allowing access to anyone. Using logs and detailed error messages,
you must resolve the problem.
Exercise Overview
In this exercise, you will troubleshoot an authentication issue using IIS logs and detailed error messages.
1.
2.
Start the 6427A-NYC-DC1 virtual machine and log on as Woodgrovebank\Administrator.

Start the 6427A-NYC-WEB-E virtual machine and log on as Woodgrovebank\Administrator.
3.
Browse to http://localhost/salessupport.
4.
Examine the log file.
5.
Enable Detailed Error Messages.
6.
Reproduce the issue and examine the detailed error.
7.
Resolve the issue and test functionality.
Note: If you have already logged on to a virtual machine, skip the logon task for that particular
virtual machine.
f Task 1: Start the 6427A-NYC-DC1 virtual machine and log on as

1.
2.
Log on to NYC-DC1 as Woodgrovebank\Administrator with the password of Pa$$w0rd.
f Task 2: Start the 6427A-NYC-WEB-E virtual machine and log on as

1.
On the Lab Launcher, next to 6427A-NYC-WEB-E, click Launch.
2.
Log on to NYC-WEB-E as Woodgrovebank\Administrator with the password of Pa$$w0rd.
f Task 3: Browse to http://localhost/salessupport

1.
On NYC-WEB-E, click Start | All Programs | Internet Explorer.
2.
3.
Notice the Server Error: 401 Unauthorized message.
f Task 4: Examine the log file

1.
Click Start | Computer and then browse to C:\inetpub\logs\LogFiles\W3SVC1.
2.
Double-click the most recent log file.
3.
The Notepad window opens. Scroll to the far right and examine the last entries in the log file. Notice
that the status is 401 and substatus is 2.
4.
Close Notepad.
f Task 5: Enable Detailed Error Messages

1.
Click Start | Administrative Tools | Internet Information Services (IIS Manager).
2.
In the Connections pane, expand NYC-WEB-E | Sites | Default Web Site and then click
SalesSupport.
3.
In the details pane, in the IIS section, double-click Error Pages.
4.
5.
The Edit Error Pages Settings dialog box appears. Click Detailed errors for local requests and
custom error pages for remote requests, and then click OK.
f Task 6: Reproduce the issue and examine the detailed error

1.
2.
Notice the detailed error message reports HTTP Error 401.2 - Unauthorized.
3.
Scroll down to Most likely causes. Notice the first cause is No authentication protocol (including
anonymous) is selected in IIS.
f Task 7: Resolve the issue and test functionality

1.
In Internet Information Services (IIS) Manager, click SalesSupport.
2.
In the details pane, in the IIS section, double-click Authentication.
3.
Notice that all authentication methods are Disabled.
4.
In the details pane, click Basic Authentication.
5.
6.
In the details pane, notice that Basic Authentication is Enabled, and all other authentication
methods are Disabled.
7.
8.
Notice that you are prompted for credentials. For User name, type Yvonne.
9.
For Password type Pa$$w0rd and then click OK.
10. Notice that the SalesSupport application now loads without error.
Results: After this exercise, you should have successfully examined the IIS log files, enabled detailed
error messages, and resolved the authentication issue.

Scenario
You receive another service request to secure another Web site where all users are able to view the content. You
must reproduce the issue, determine the cause, and resolve the issue.
Exercise Overview
In this exercise, you will troubleshoot authorization using Failed Request Tracing.
1.
Browse to http://localhost/salessupport2.
2.
Enable Failed Request Tracing and add a rule to trace successful requests.
3.
Reproduce the issue and examine the Failed Request Tracing log.
4.
Resolve the issue and verify functionality.
f Task 1: Browse to http://localhost /salessupport2

1.
On NYC-WEB-E, in Internet Explorer, browse to http://localhost/salessupport2.
2.
Notice that you are not prompted for credentials and the page loads without error.
3.
f Task 2: Enable Failed Request Tracing and add a rule to trace successful requests
1.
2.
In the Actions pane, click Failed Request Tracing.
3.
The Edit Web Site Failed Request Tracing Settings dialog box appears. Select Enable, and then
click OK.
4.
In the Connections pane, click SalesSupport2.
5.
In the details pane, in the IIS section, double-click Failed Request Tracing Rules.
6.
7.
The Add Failed Request Tracing Rule dialog box appears. Click Next.
8.
Under Status code(s), type 200, and then click Next.

Question: Why do we use status code 200 for this issue?
Answer: Status code 200 is used for a successful page load in IIS. Since the page is loading without
error, we must use the status code 200 to trace the issue.
9.
Under Providers, clear ASP and ISAPI Extension. Leave ASPNET and WWW Server checked.
10. Click Finish.
f Task 3: Reproduce the issue and examine the Failed Request Tracing log
1.
In Internet Explorer, browse to http://localhost/SalesSupport2.
2.
In Windows Explorer, browse to c:\inetpub\logs\FailedReqLogFiles\W3SVC1.
3.
Double-click fr000001.xml.
4.
If prompted to add the site to the Trusted sites zone, click Add twice and then click Close.
5.
Under Request Summary, notice that Authentication is anonymous.
6.
Click the Compact View tab.
7.
Scroll down and examine the lines that begin with AUTH_SUCCEEDED and USER_SET. Notice that
the authorized user is .
Question: What did we learn from the Failed Request Tracing log?
Answer: Anonymous users are being allowed to access the site. Since anonymous authentication
happens successfully, users are not being prompted to enter credentials.
8.
f Task 4: Resolve the issue and verify functionality

1.
In Internet Information Services (IIS) Manager, in the Connections pane, click SalesSupport2.
2.
In the details pane, double-click Authorization Rules.
3.
Notice that Anonymous Users are Allowed.
4.
In the details pane, in the IIS section, click Anonymous Users.
5.
6.
7.
In the Connections pane, click SalesSupport2.
8.
In the details pane, in the IIS section, double-click Authentication.
9.
Notice that both Anonymous Authentication and Basic Authentication are Enabled.

13. Notice that you are prompted for credentials. For User name, type Yvonne.
14. For Password, type Pa$$w0rd and then click OK.
15. Notice that the SalesSupport2 application loads without error.
16. Close Internet Explorer and open it again to create a new session.
17. Browse to http://localhost/salessupport2.
18. When prompted for credentials, leave both fields blank and click OK three times.
19. Notice that you get a 401 Unauthorized message.
Results: After this exercise, you should have successfully enabled failed request tracing, and resolved
the authorization issue.

Scenario
Users are reporting that a Web application is returning an error when they try to browse to it. You must
troubleshoot why the Web application cannot open the content.
Exercise Overview
In this exercise, you will troubleshoot communication using tools.
1.
Reproduce the issue.
2.
Use Ping to verify communication with the Web server.
3.
Enable detailed errors and examine the detailed error.
4.
Correct the problem and verify functionality.
f Task 1: Reproduce the issue

1.
On NYC-DC1, click Start | All Programs | Internet Explorer.
5.
The Windows Internet Explorer window opens. Browse to http://nyc-web-e/netapp/content.
6.
Notice the 500 Internal server error message.
f Task 2: Use Ping to verify communication with the Web server

1.
2.
Type ping NYC-WEB-E and then press Enter.
3.
Notice that the ping succeeds indicating that NYC-DC1 and NYC-WEB-E are communicating.
f Task 3: Enable detailed errors and examine the detailed error

1.
On NYC-WEB-E, in Internet Information Services (IIS) Manager, in the Connections pane, click
NYC-WEB-E.
2.
In the details pane, in the IIS section, double-click Error Pages.
3.
4.
The Edit Error Pages Settings dialog box appears. Click Detailed errors, and then click OK.
5.
6.
Notice the 500.19 error.
7.
Next to Config Error, notice the message Cannot read configuration file because the network
path is not found.
8.
Next to Config File, notice the path has nyc-weeb-e for the server name.
f Task 4: Correct the problem and verify functionality

1.
Internet Information Services (IIS) Manager, in the Connections pane, expand NetApp and then
click Content.
2.
In the Actions pane, click Advanced Settings.
3.
The Advanced Settings dialog box appears. In the Physical Path field, modify the path to read
\\nyc-web-e\content, and then click OK.
4.
5.
Notice that the IIS Welcome page appears and there is no error message.
Results: After this exercise, you should used ping to verify communication, enabled detailed error
messages, and resolved the error.

Scenario
Users are reporting they receive multiple errors when trying to view JPG files that previously worked. You know
that multiple people have the ability to modify this site including Web.config and related files.
Exercise Overview
In this exercise, you will troubleshoot configuration using detailed error messages.
1.
Reproduce the issue and examine the detailed error message.
2.
Examine and correct the web.config file.
3.
Verify functionality.
f Task 1: Reproduce the issue and examine the detailed error message
1.
On NYC-WEB-E, in Internet Explorer, browse to http://localhost/pics/logo.jpg.
2.
Notice the HTTP Error 404.4 Not Found message.
3.
In the Most likely causes section, notice that the most likely cause is The file extension for the
requested URL does not have a handler configured to process the request on the Web server.
f Task 2: Examine and correct the web.config file

1.
In Windows Explorer, browse to C:\Pics.
2.
Double-click web.config.
3.
On the Windows dialog, click Select a Program from a list of installed programs, and then click
OK. Click Notepad, and then click OK.
4.
The Notepad window opens. Notice that the <handlers> section contains a line for handling static
files.
5.
Notice that the path attribute is set to *.jgp. Modify the line so that the path attribute correctly
reads *.jpg.
6.
7.
Close Notepad.
f Task 3: Verify functionality

1.
In Internet Explorer, browse to http://localhost/pics/logo.jpg.
2.
Notice that the Woodgrove Bank logo now appears successfully.
3.
next lab.
Results: After this exercise, you should have reproduced the problem, examined the detailed error
message, and resolved the error.

6427 A Lab Manual

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

6427 A Lab Manual

Transféré par

Droits d'auteur :

Formats disponibles

O F F I C I A L

Product Number: 6427A

Lab Instructions: Configuring an Internet Information Services 7.0 Web Server

Exercise 2: Installing IIS Using Unattended Setup

Exercise 3: Installing IIS on Server Core from Command Line

Exercise 4: Configuring IIS and Validating Functionality

Lab Instructions: Configuuring an Internet Infoormation Services 7.00 Web Server

Exercise 1: Installing IIS Using Role

f Task 1: Start the

f Task 3: Install the Web seerver role

Use Serverr Manager to add

Lab Instructions: Configuring an Internet Information Services 7.0 Web Server

Lab Instructions: Configuring an Internet Information Services 7.0 Web Server

Exercise 2: Installing IIS Using Unattended Setup

Start the 6427A-NYC-SVR3 virtual machine and log on as LocalAdmin.

f Task 1: Start the 6427A-NYC-SVR3 virtual machine and log on as LocalAdmin

Start 6427A-NYC-SVR3, and log on as LocalAdmin with the password of Pa$$w0rd.

f Task 2: Turn on Network Discovery

Open E:\mod01\labfiles\unattend.xml in Notepad and delete the following lines:

Save the modified file to c:\unattend.xml.

Start /w pkgmgr /n:unattend.xml to install IIS.

Lab Instructions: Configuring an Internet Information Services 7.0 Web Server

Exercise 3: Installing IIS on Server Core from Command Line

Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator.

f Task 1: Start the 6427A-NYC-SVR2 virtual machine and log on as Administrator

Start 6427A-NYC-SVR2, and log on as Administrator with the password of Pa$$w0rd.

f Task 2: Disable the firewall

f Task 3: Install IIS from the command line

On NYC-SVR1, in Internet Explorer, browse to http://nyc-svr2 to verify functionality.

Lab Instructions: Configuring an Internet Information Services 7.0 Web Server

Exercise 4: Configuring IIS and Validating Functionality

Under HTTP Response Headers, set Expire Web Content.

Under Compression, enable Static Content Compression.

Under Error Pages, enable Detailed error messages.

Enable Directory Browsing, Windows Authentication, and ASP.NET Impersonation.

Add a rule to trace status code 500 for critical errors.

Under ASP.NET, configure SMTP email for email address NYC-SVR3@WoodGroveBank.com,

Test the configuration by browsing to http://localhost/uddi.

Browse to http://localhost/aspnet_client and investigate the failed request log.

f Task 3: Configure NYC-SVR2 to have no default documents, and redirect requests to

On NYC-SVR2, in the command prompt window, type

Lab Instructions: Configuring an Internet Information Services 7.0 Web Server

Type edit applicationHost.config and then press Enter.

Scroll down to <defaultDocument enabled="true"> (approximately line 169), and change

On NYC-SVR3, in Internet Explorer, browse to http://nyc-svr2 to test the redirection.

Exercise 2: Creating a Web Site and Web Application

Exercise 3: Creating an Application Pool

Exercise 4: Configuring an Existing Application Pool

f Task 1: Start the

f Task 2: Start the

f Task 4: Create a virtual directory named public

Copy the contents of c:\inetpub\wwwroot to c:\inetpub\public.

f Task 5: Configure the public virtual directory for anonymous authentication

Exercise 2: Creating a Web Site and Web Application

Create a site named Woodgrove.

f Task 1: Create a site named Woodgrove

f Task 2: Copy the Woodgrove Application to the Appropriate Directory

Copy the Woodgrove application from e:\Mod02\Labfiles\Woodgrove to c:\inetpub\woodgrove.

In Server Manager, add .NET 3.0 Framework and ASP.NET.

f Task 4: Delegate administrative access of Woodgrove to ITAdmins_WoodgroveGG

Exercise 3: Creating an Application Pool

Create an application pool named TempPool.

f Task 1: Create an application pool named TempPool