Windows NT 4.0 IIS 3.0 Web Server Configuration Guide

Introduction

Internet Information Server (IIS) 3.0 comes bundled with Windows NT Server 4.0, providing web, FTP, and Gopher services. This guide covers installation, configuration, security, and optimization of IIS 3.0 for web hosting.

IIS 3.0 Overview

Components

• World Wide Web Service: HTTP/HTTPS web server
• FTP Service: File Transfer Protocol server
• Gopher Service: Legacy information service
• Internet Service Manager: Administration tool
• Key Manager: SSL certificate management

New Features in IIS 3.0

• Active Server Pages (ASP)
• HTTP 1.1 support
• HTTP Keep-Alives
• Multiple virtual servers
• Enhanced logging options
• Microsoft Transaction Server

Installing IIS 3.0

Prerequisites

• Windows NT Server 4.0
• TCP/IP protocol installed
• Administrator privileges
• Service Pack 3+ recommended

Installation Steps

1. During NT Installation ``` Setup → Select Components [X] Internet Information Server

Sub-components: [X] Internet Service Manager [X] World Wide Web Service [X] FTP Service [ ] Gopher Service ```

1. Post-Installation Control Panel → Network → Services → Add Select "Microsoft Internet Information Server" Insert NT Server CD Choose components

2. Initial Configuration

3. Services start automatically
4. Default website created
5. Anonymous access enabled

Service Pack Considerations

Always apply latest service pack: 1. Install IIS 3.0 2. Apply NT Service Pack 3. Re-apply service pack after IIS changes

Basic Web Server Configuration

Internet Service Manager

1. Launch ISM Start → Programs → Microsoft Internet Server → Internet Service Manager

2. Interface Overview

3. Tree view of services
4. WWW, FTP, Gopher nodes
5. Property sheets for configuration

Default Website Setup

1. Website Properties ``` Right-click WWW Service → Properties

Service Tab: TCP Port: 80 Connection Timeout: 900 seconds Maximum Connections: 1000 ```

1. Directory Settings ``` Directories Tab: Home Directory: C:\InetPub\wwwroot

Access: [X] Read [ ] Write [X] Execute (scripts only)

[ ] Directory browsing allowed ```

1. Default Documents ``` Documents Tab: [X] Enable Default Document

Default Documents (in order): Default.htm Default.asp Index.htm Index.html ```

Creating Virtual Directories

1. Add Virtual Directory ``` Directories Tab → Add

Directory: D:\WebApps\Sales Alias: /sales

Access: [X] Read [ ] Write [X] Execute ```

1. Virtual Directory Uses
2. Organize content
3. Map to different drives
4. Separate applications
5. Different security settings

Advanced Configuration

Host Headers (IIS 4.0 feature)

IIS 3.0 workaround for multiple sites: 1. Use different IP addresses 2. Use different ports 3. Use ISAPI filter for host routing

MIME Types

1. Configure MIME Types ``` Service Properties → MIME Map

Add custom types: Extension: .pdf MIME Type: application/pdf ```

1. Common MIME Types .html text/html .css text/css .js application/javascript .jpg image/jpeg .gif image/gif .zip application/zip

HTTP Headers

1. Custom Headers ``` HTTP Headers Tab → Add

Custom Header: X-Powered-By Value: IIS 3.0 ```

1. Content Expiration [X] Enable Content Expiration ( ) Expire immediately (X) Expire after: 7 days ( ) Expire on: [date]

Security Configuration

Authentication Methods

1. Configure Authentication ``` Directory Security Tab

Anonymous Access: [X] Allow Anonymous Access Username: IUSR_SERVERNAME Password: [auto-generated]

Authentication Methods: [ ] Basic Authentication [X] Windows NT Challenge/Response ```

1. Authentication Types
2. Anonymous: No credentials required
3. Basic: Clear text (use with SSL)
4. NTLM: Encrypted Windows authentication

IP Address Restrictions

1. Grant/Deny Access ``` Directory Security → IP Address Restrictions

( ) Granted Access (default all) ( ) Denied Access

Exceptions: Add → Single Computer: 192.168.1.100 Add → Group: 192.168.1.0/255.255.255.0 ```

SSL Configuration

1. Generate Certificate Request Key Manager → Create New Key Key Name: WWW-Server Bits: 512 (or 1024) Organization: Company Name Common Name: www.example.com

2. Install Certificate Key Manager → Install Key Certificate Browse to .cer file from CA

3. Enable SSL Directory Security → Secure Communications [X] Require Secure Channel [ ] Require 128-bit encryption

NTFS Permissions

Recommended permissions:

C:\InetPub\wwwroot
- Administrators: Full Control
- System: Full Control
- IUSR_SERVERNAME: Read & Execute
- Everyone: (Remove)

C:\InetPub\scripts
- Administrators: Full Control
- System: Full Control
- IUSR_SERVERNAME: Read & Execute

Active Server Pages (ASP)

Enabling ASP

ASP is enabled by default. Verify:

Application Mappings:
.asp → C:\WINNT\System32\inetsrv\asp.dll

Basic ASP Example

Create test.asp:

<%@ Language=VBScript %>
<html>
<head><title>ASP Test</title></head>
<body>
<h1>Server Information</h1>
<%
Response.Write "Server Name: " & Request.ServerVariables("SERVER_NAME") & "<br>"
Response.Write "Server Time: " & Now() & "<br>"
Response.Write "Your IP: " & Request.ServerVariables("REMOTE_ADDR")
%>
</body>
</html>

ASP Application Settings

1. Script Timeout Service Properties → Advanced ASP Script Timeout: 90 seconds

2. Script Debugging [ ] Enable server-side script debugging

Performance Tuning

Connection Settings

1. Optimize Connections ``` Performance Tab:

Tune server performance based on: ( ) Fewer than 10,000 hits per day (X) Fewer than 100,000 hits per day ( ) More than 100,000 hits per day ```

1. Connection Limits Bandwidth Throttling: [X] Enable Bandwidth Throttling Maximum network use: 1024 KB/s

Caching Configuration

1. Object Cache ``` Registry: HKLM\System\CurrentControlSet\Services\InetInfo\Parameters

ObjectCacheTTL = 300 (seconds) MaxCachedFileSize = 262144 (bytes) MemoryCacheSize = 3072000 (bytes) ```

1. ASP Caching ASP Script Engine Cache: ScriptFileCacheSize = 250 (scripts)

HTTP Compression

Not built into IIS 3.0. Options: 1. Third-party ISAPI filters 2. Manual gzip of static files 3. Upgrade to IIS 4.0/5.0

Logging and Monitoring

Log Configuration

1. Enable Logging ``` Logging Tab: [X] Enable Logging

Log Format: ( ) Microsoft Format (X) NCSA Common Log Format ( ) ODBC Logging ```

1. Log Settings ``` New Log Time Period: ( ) Daily (X) Weekly ( ) Monthly ( ) When file size reaches: [MB]

Log file directory: C:\WINNT\System32\LogFiles ```

Log File Analysis

Sample log entry (NCSA format):

192.168.1.100 - - [01/Jan/2024:12:00:00 -0500] "GET /index.htm HTTP/1.0" 200 1234

Fields: - Client IP - RFC931 identity - Username - Date/Time - Request - Status code - Bytes sent

Performance Monitor

Key counters to monitor:

Web Service object:
- Bytes Total/sec
- Current Connections
- Connection Attempts/sec
- Get Requests/sec
- Not Found Errors/sec

Active Server Pages object:
- Requests/sec
- Requests Queued
- Requests Failed
- Script Failures/sec

FTP Service Configuration

Basic FTP Setup

1. FTP Service Properties ``` TCP Port: 21 Connection Timeout: 900 seconds Maximum Connections: 1000

[X] Allow anonymous connections Username: IUSR_SERVERNAME Password: [auto-generated] ```

1. Directory Settings ``` Home Directory: C:\InetPub\ftproot

Access: [X] Read [ ] Write

Directory Style: (X) UNIX ( ) MS-DOS ```

FTP Security

1. User Isolation ``` Create structure: C:\InetPub\ftproot\LocalUser\username

Users see only their folder ```

1. Welcome Messages Messages Tab: Welcome message: Welcome to FTP Server Exit message: Goodbye! Maximum connections message: Server is busy

Virtual Server Configuration

Multiple IP Addresses

1. Add IP to Network Card Network → Protocols → TCP/IP → Advanced Add additional IP addresses

2. Create Virtual Server WWW Service → Properties → Advanced Multiple identities for this service Add → IP Address: 192.168.1.101

Different Ports

Alternative for single IP:

Site 1: 192.168.1.100:80
Site 2: 192.168.1.100:8080
Site 3: 192.168.1.100:8081

Troubleshooting IIS

Service Won't Start

1. Check Event Log
2. Verify port not in use: netstat -an | find ":80"
3. Check service dependencies
4. Verify TCP/IP configuration

Authentication Issues

1. 401 Errors
2. Check NTFS permissions
3. Verify authentication methods

4. Check anonymous user account

5. Access Denied

6. IUSR account permissions
7. Password synchronization
8. Account not locked out

Performance Problems

1. Slow Response
2. Check CPU and memory
3. Review connection limits
4. Analyze log files

5. Monitor disk I/O

6. Connection Refused

7. Maximum connections reached
8. Service stopped
9. IP restrictions

Security Best Practices

Hardening IIS 3.0

1. Remove Sample Files Delete: C:\InetPub\iissamples C:\InetPub\scripts\samples

2. Disable Unnecessary Services

3. Remove Gopher if not used
4. Disable directory browsing

5. Remove unused ISAPI mappings

6. Regular Updates

7. Apply all service packs
8. Monitor security bulletins
9. Test patches before production

Security Checklist

• [ ] Change IUSR password
• [ ] Remove sample applications
• [ ] Set strong NTFS permissions
• [ ] Enable logging
• [ ] Restrict IP access where possible
• [ ] Use SSL for sensitive data
• [ ] Disable parent paths in ASP
• [ ] Regular security audits

Backup and Recovery

Backup Strategy

1. Files to Backup ```
2. Website content (C:\InetPub\wwwroot)
3. IIS configuration (Registry)
4. SSL certificates
5. Log files

6. Custom ISAPI filters ```

7. Registry Keys HKLM\System\CurrentControlSet\Services\W3SVC HKLM\System\CurrentControlSet\Services\MSFTPSVC HKLM\System\CurrentControlSet\Services\InetInfo

Disaster Recovery

1. Document all configurations
2. Test restore procedures
3. Maintain offline copies
4. Plan for hardware failure

Migration Considerations

Upgrading from IIS 3.0

Future upgrade paths: - IIS 4.0 (Windows NT 4.0 Option Pack) - IIS 5.0 (Windows 2000) - Plan for Active Directory integration

Content Migration

1. Export website content
2. Document virtual directories
3. Save custom configurations
4. Test thoroughly before cutover

Conclusion

IIS 3.0 provides a solid web platform for Windows NT Server 4.0. While lacking modern features, it remains functional for basic web hosting needs. Proper configuration and security measures ensure reliable service. Regular monitoring and maintenance keep sites running smoothly. Consider upgrade paths for enhanced functionality and security features.