The Dexterous HTML-based ISM

Email this Article

Printer-Friendly

View Reader Comments

[June 1999]
The Dexterous HTML-based ISM
By: Ken Spencer
Feature
InstantDoc #5381
From the June 1999 edition of Windows IT Pro

Access and manage IIS via an HTTP connection

Internet Information Server (IIS) 4.0 includes an HTML-based version of Internet Service Manager (ISM). As long as you have an HTTP connection to the server running IIS, you can use HTML-based ISM to manage IIS. You can even use HTML-based ISM via an HTTP connection that doesn't support NetBEUI over TCP/IP.

When you need to manage IIS from a remote location and you don't have a RAS or WAN connection to the IIS server, you can't use the Microsoft Management Console (MMC) version of ISM. In this type of situation, HTML-based ISM is handy. Suppose someone from your office pages you while you are out of town at Microsoft TechEd, and you need to change the configuration of your company's Web site. Assuming that you previously installed HTML-based ISM and configured IIS to let you remotely access the Administrative Web Site (AWS) IIS properties page, you can perform the update from any system with authorization to remotely access the server using an HTTP connection.

The AWS automatically installs with IIS. You can find the .htm and .asp files and subfolders that make up AWS in the C:\winnt\system32\inetsrv\ iisadmin folder. When you use HTML-based ISM to access a site, the default.asp file checks your browser type and displays a message if your browser doesn't meet ISM's browser requirements. Table 1, page 132, lists the minimum browser requirements for full HTML-based ISM support. These browsers support the proper version of JavaScript and meet other ISM requirements. You need to enable browser cookies to use HTML-based ISM. When you disable cookie support, ISM displays a page requesting that you enable cookies.

Configuring HTML-based ISM
IIS installs the AWS with security settings that restrict remote access to the local computer. Screen 1 shows the AWS settings to restrict all systems except the local system from remote access. If you try to access the AWS without properly configuring the access authorization settings, you'll receive the error message HTTP Error 403—Access to Internet Service Manager (HTML) is restricted to Localhost.

To change the access restrictions, start the MMC version of ISM. Select the AWS, then right-click and select Properties from the pop-up menu. Click the Directory Security tab, and click Edit in the IP Address and Domain Name Restrictions section of the page. The IP Address and Domain Name Restrictions dialog box, which Screen 2 shows, will open. Click add to specify access permissions for a particular system that you want to use to remotely manage IIS via HTML-based ISM. In the Grant Access On dialog box that opens, enter the IP address, domain name, or subnet mask from which you want to let computers access the site. Click OK to close the Grant Access On dialog box, and click OK to close the IP Address and Domain Name Restrictions dialog box. Click OK or Apply in the AWS Properties page to apply the changes to the AWS.

Screen 2 shows the IP Address and Domain Name Restrictions dialog box for my IIS server after I added the IP address 221.103.231.13. For many sites, setting permissions for HTML-based ISM to an IP address or subnet mask makes sense. Restricting ISM access to an explicit IP address or a subnet mask provides a granular level of control over access that better prevents intruders from entering a site than restricting access to a domain name does.

Alternatively, you can set the restrictions to specify the systems you want to prevent from accessing your AWS and let users at all other IP addresses or domains access the site. You probably won't choose this approach because every system you leave off the list has access, and you can't know every IP address or domain from which intruders might attempt to hack your severs.

Probably the best solution is to use either Windows NT Challenge/Response authentication or Basic Authentication for the AWS, which lets you remove the explicit IP address restrictions to let authorized users access the AWS from any system. When you disable Anonymous Access to the site, both NT Challenge/Response authentication and Basic Authentication will force user validation. To disable Anonymous Access to AWS, click the Directory Security tab and click Edit in the Anonymous Access and Authentication Control section of the page. In the Anonymous Access and Authentication Control dialog box that opens, clear the Allow Anonymous Access checkbox and click OK. Click OK again to close the Anonymous Access and Authentication Control dialog box. Click OK or Apply in the AWS Properties page to apply the changes to the AWS. (For more information about user authentication, see Ethan Wilansky and Geoff Moes, "Remote Administration, Part 2," http://www.winntmag.com, instaNT document number 3942.) Before a user gains access to the AWS, the user needs to log on to the IIS server. Users with NT Challenge/Response-capable systems and browsers and a valid NT account in the IIS server's domain can gain access to the site without supplying a username or password. ISM prompts users who lack a valid account, correct permissions, or a system that supports NT Challenge/Response for a username and password.

Prev. page [1] 2 next page

ADS BY GOOGLE

SQL JOB OPENINGSSPONSORED LINKS

Backup & Recover like the DBA star you are: With continuous application imaging and data de-dupe, Replay AppImage speeds recovery in test or live environments from hours to minutes. Try it now!

SQL Management Made Easy with DBLaunch 4.0!: Wish you could migrate multiple SQL databases with the same time and effort it takes for one? Now you can with DBLaunch. Download a free trial today!

Order Your SharePoint Fundamentals CD!: Learn how to uncover rich information management capabilities with this free SharePoint CD.

FEATURED LINKS

Empower Your Processes with PowerShell 201: Paul Robichaux delves deep into PowerShell how-tos in 3 informative lessons, each followed by live Q&A—all on your own computer! Register today!

SQL Connections, March 22-25, 2009 – Orlando, FL: The first 800 paid attendees receive SQL Server 2008 Standard Edition w/one CAL. Register by January 12 and receive a free night at the JW Marriott (with 3-night stay). For details (203) 268-3204 or 800-438-6720.

Join Today: VIP Monthly Pass: Get online access to ALL of the resources in the Windows IT Pro and SQL Server Magazine network! With your order, you'll also receive a full digital copy of the latest issue of SQL Server Magazine.

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technology Resource Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home SuperSite IT Job Hound ITTV

	Copyright © 2009 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

SQL Server Magazine

Search

Related Events

Related Resources

SQL JOB OPENINGSSPONSORED LINKS

Backup & Recover like the DBA star you are

SQL Management Made Easy with DBLaunch 4.0!

Order Your SharePoint Fundamentals CD!

FEATURED LINKS

Empower Your Processes with PowerShell 201

SQL Connections, March 22-25, 2009 – Orlando, FL

Join Today: VIP Monthly Pass