Organizations have asked for technologies to help them quickly and easily build scalable Web-based applications. The Microsoft® Windows NT® 4.0 Option Pack delivers this capability with distributed application services for the Microsoft Windows® operating system that integrate new Web, transaction, scripting, component, and message queuing services directly into Microsoft Windows NT Server 4.0. The Windows NT 4.0 Option Pack integrates the following:

Enhanced Web Services for Windows NT Server 4.0

• Internet Information Server 4.0—Microsoft Internet Information Server 4.0 is the standards-based, Web-based applications server in Windows NT Server that brings unprecedented power to Web professionals, both as a Web server for corporate intranets and public Internet sites and as the superior platform for the next generation of line-of-business applications.
• Index Server 2.0—Indexes the contents and properties of documents on a Web site served by Internet Information Server. You can set up Index Server so that clients can search a Web site with any browser by filling in the fields of a query form formatted in HTML.
• Certificate Server 1.0—Certificate Server is a general-purpose, highly customizable server application for managing the issuance, revocation, and renewal of digital certificates.
• Site Server Express 2.0—Site Server Express offers a subset of the functionality found in Microsoft Site Server. It includes site analysis, usage analysis, and publishing capabilities.

Application Services for Windows NT Server 4.0

• Microsoft Transaction Server 2.0—Makes it easier to build and deploy server-based applications by providing server run time, such as automatic transactions and resource pooling, services for component-based applications.
• Microsoft Message Queue Server (MSMQ) 1.0—MSMQ makes it easy for application programs to communicate with other application programs quickly, reliably, and asynchronously by sending and receiving messages.
• Data Access Components 1.5—These components provide client/server applications—deployed over the Web or a LAN—with easy-to-use, programmatic access to all types of data throughout the enterprise.

Communication Services for Windows NT Server 4.0

Update to the Windows NT Server basic networking services with the provision of seamless and secure telecommuting services via the Internet, outsourcing or reducing current Remote Access Service costs, and the ability to provide custom low-cost Internet access to consumer subscribers of an Internet Service Provider (ISP). Install these services today to see how Internet Connection Services for Remote Access Service can help you significantly reduce remote connectivity costs, improve end-user experience, and enable new business paradigms over the Internet.

Using this guide

This document gives you information on getting the Microsoft Windows NT 4.0 Option Pack installed so that you can take advantage of the new Web, applications, and communication services in Windows NT Server. This document assumes that you are familiar with Windows NT Server 4.0.

Each section contains information to help you understand when and how to install the various components of the Windows NT 4.0 Option Pack. This guide is only one source of information. Other information about the Option Pack and its technologies can be found at the sites outlined below.

Fast Facts

For additional information regarding the technologies included in the Windows NT 4.0 Option Pack, refer to the following resources:

Knowledge Base

This page contains ongoing information on Microsoft products and services. This is always a good place to start.

http://support.microsoft.com/support/

Site Builder Network Workshop

Site Builder Network is Microsoft's one-stop resource for Web professionals, including programmers, designers, authors, and administrators.

http://www.microsoft.com/workshop/

News Groups

• Microsoft Internet Information Server: General— news://microsoft.public.inetserver.iis/
• Microsoft Internet Information Server: Index Server— news://microsoft.public.inetserver.iis.tripoli/
• Microsoft Internet Information Server: Miscellaneous— news://microsoft.public.inetserver.misc/
• Microsoft Management Console— news://microsoft.public.management.mmc/
• Microsoft Transaction Server: Administration and Security— news://microsoft.public.microsofttransactionserver.administration-security/
• Microsoft Transaction Server: Integration— news://microsoft.public.microsofttransactionserver.integration/
• Microsoft Transaction Server: Programming— news://microsoft.public.microsofttransactionserver.programming/
• Additional news groups can be found at: http://support.microsoft.com/support/news/default.asp

About Option Pack Installation

Windows NT Server 4.0 Option Pack offers the following three installation options:

Minimum Install

The Minimum option conserves hard-disk space and offers the following limited components:

• Microsoft Active Server Pages—Server-side scripts and components used to create browser-independent dynamic content.
• Microsoft Data Access Components—Easy use of databases with support for a variety of connections, including Microsoft ActiveX® Data Objects with Remote Data Service and OLE-DB.
• Internet Service Manager (ISM) MMC Snap-in—Offers complete control of your Web and FTP sites with a wizard-driven graphical interface.

Typical Install

The Typical option includes all the components offered in the Minimum option and the following components:

• FTP Service—Installs the necessary components to operate an FTP server.
• Internet Service Manager (HTML)—Administers your Web and FTP sites from across the intranet or the Internet by using a Web browser.
• Documentation—Online documentation covering server administration, content management, and content development, including indexing, scripting, and programming.

Custom Install

With the Custom option, you can choose which components to install on your system. The following additional components are available:

• FTP Service—Installs the necessary components to operate an FTP server.
• Internet Service Manager Snap-in—Offers complete control of your Web and FTP sites with a wizard-driven graphical interface.
• Documentation—Online documentation covering the Internet Service Manager snap-in, content management, and content development, including scripting and programming.

The following table describes the available options for each type of installation. An X in the Min. column indicates options included by default in the Minimum Install option. An X in the Typ. column indicates additional options included in the Typical Install option. Options without an X in either column are available as selections in the Custom Install option.

Min.	Typ.	Components and Sub-components
		Certificate Server Create and request X509 digital certificates for authentication purposes.
		Certificate Server Certificate Authority
		Certificate Server Documentation
		Certificate Server Web Client
	X	FrontPage Server Extensions Supports using the Microsoft FrontPage® Web site creation and management tool to manage your Web site, as well as create the site content.
	X	FrontPage Server Extension Files
		Internet Connection Services for Remote Access Service A set of core Windows NT–based services that facilitate the creation of secure, seamless virtual private networks (VPNs), and improved dial-up connections.
		Connection Manager Administration Kit
		Connection Point Services
		Phone Book Administrator
		Phone Book Service
		Internet Authentication Services
		Product Documentation
		Connection Manager Administration Kit Documentation
		Connection Point Services Documentation
		Getting Started Documentation
		Internet Authentication Services Documentation
X		Internet Information Server Web services for Windows NT Server to host Web and FTP sites on the corporate intranet or the Internet.
	X	Documentation
	X	Active Server Pages
	X	Common Documentation Files
	X	Internet Information Server Administrator's Documentation
		Internet Information Server software development kit (SDK)
		Streaming Multimedia
X		File Transfer Protocol (FTP) Service
		Internet NNTP Service
		NNTP Service
		NNTP Service Documentation
X		Internet Service Manager
X		Internet Service Manager (HTML)
X		SMTP Service
	X	SMTP Documentation
	X	SMTP Service
		World Wide Web Samples
X		World Wide Web Service
X		Microsoft Data Access Components 1.5 Easy use of databases with support for ActiveX Data Objects and the Microsoft Access driver.
X		Data Sources
X		Jet and Access
		Oracle (not available on Alpha)
X		Microsoft SQL Server™
X		MDAC: ADO, ODBC, and OLE-DB
	X	ADO Documentation
X		MDAC Core Files: ADO, ODBC, and OLE-DB
	X	Remote Data Service 1.5 (RDS/ADC)
	X	RDS Core Files
	X	RDS Documents
	X	RDS Samples
	X	Microsoft Index Server Create a site index and search for text in a variety of formats.
		Index Server System Files
		Language Resources
		Dutch Language
		French Language
		German Language
		Italian Language
		Japanese Language
		Spanish Modern Language
		Swedish Language
		United Kingdom English Language
	X	United States English Language
	X	Online Documentation
	X	Sample Files
	X	Microsoft Management Console Installs the Microsoft Management Console for Windows NT.
	X	Microsoft Management Console
		Microsoft Message Queue Server Allows applications to pass along transaction notification and continue processing without waiting for confirmation that the transaction has completed.
		Administration Tools
		HTML Documentation
		Microsoft Message Queue Core
		Software Development Kit
	X	Microsoft Script Debugger Provides a debugging environment for testing and correcting errors in Web document scripts. Use the debugger to test scripts written in Microsoft Visual Basic® Scripting Edition (VBScript) and Microsoft JScript™, as well as programs written in Sun Microsystems Java. You can use Microsoft Script Debugger to debug both client scripts and server scripts.
		Microsoft Site Server Express Includes site analysis, usage analysis, and Web publishing capabilities.
		Content Analyzer
		Usage Import and Report Writer
		Posting Acceptor
		Web Publishing Wizard 1.51
X		Windows NT Option Pack Common Files Core program files needed by all components.
X		Transaction Server Component services for server-centric applications. A transaction is a server operation that succeeds or fails as a whole, even if the operation involves many steps. Microsoft Transaction Server also supports process isolation of applications.
X		Transaction Server Core Components
X		Transaction Server Core Documentation
		Transaction Server Development
		Transaction Server Development
		Transaction Server Development Documentation
		Visual Basic Transaction Server Add-In
		Microsoft Visual InterDev™ RAD Remote Deployment Support Enables the remote deployment of applications on your Web server.
		Visual InterDev RAD Remote Deployment Support
	X	Windows Scripting Host Supports creating and using scripts written at the command line to manage server properties.
		Windows Scripting Host Files

Installing the Option Pack

This section gives general instructions on installing the Windows NT 4.0 Option Pack. Additional information and details about each of the components are in the following sections.

Before You Begin

You can install the Option Pack from the compact disc or over the Internet. Both sources provide the same installation options. This topic gives instructions for installing from either source and also defines the dependency installation relationships between various Option Pack components.

To install the Option Pack:

1. Before installing the Option Pack, you need to install Microsoft Internet Explorer 4.01 and Microsoft Service Pack 3. Both are located on the CD or can be downloaded from http://www.microsoft.com/ .
2. Uninstall any Beta versions of Internet Information Server by using the Remove All option from the Setup program of the installed Internet Information Server version. The Internet Information Server Setup Internet Information Server 2.0 and Internet Information Server 3.0.
3. If Autorun is enabled on your computer, loading the compact disc in the drive launches Setup. If Autorun is disabled on your computer, select Run from the Windows NT Start menu and type CD drive letter:\setupcd\winnt.srv\default.htm. If you are installing over the Internet, select your platform and follow the on-screen instructions.
4. Select the appropriate Option Pack installation option and follow the on-screen directions.

Component Installation Dependencies

There are situations when you may just want to install certain components of the Option Pack. For instance, you may want to install the Microsoft Management Console on a remote Windows NT Workstation to administer an Internet Information Server 4.0 server on the network. Installing some components of the Option Pack may also require other components to be installed. The following list describes the additional components required to install each component.

Components and Sub-components	Requires

Certificate Server

Certificate Authority	Certificate Web Client, Web Server, and Jet and Access Driver
Certificate Server Documentation	Common Documentation Files
Certificate Web Client	Web Server and Jet and Access Driver

FrontPage Server Extensions

FrontPage Server Extension Files

Web Server

Internet Information Server

Documentation

Active Server Pages	Internet Information Server Administrator Documentation
Common Documentation Files	Web Server
Internet Information Server Administrator Documentation	Common Documentation Files, Internet Service Manager
SDK	Active Server Pages Documentation
Streaming Multimedia	Internet Information Server Administrator Documentation
File Transfer Protocol (FTP) Server	Internet Service Manager

Internet News Service

NNTP Service	Web Server
NNTP Service Documentation	Common Documentation Files
Internet Service Manager	Common Program Files, Microsoft Management Console
Internet Service Manager (HTML)	Web Server

SMTP Service

SMTP Documentation	Common Documentation Files
SMTP Service	Web Server

Web Service

World Wide Web Samples	Web Server, Jet and Access Driver, SQL Server
World Wide Web Service	Internet Service Manager, Transaction Server Core Components

Microsoft Data Access Components (MDAC)

Data Sources

Jet and Access driver	MDAC Core Files
Oracle	MDAC Core Files
SQL Server	MDAC Core Files

MDAC: ADO, ODBC, and OLE-DB

MDAC Core Files	Web Server
ADO Documentation	MDAC Core Files

Remote Data Service

RDS Core Files	MDAC Core Files
RDS Docs	MDAC Core Files
RDS Samples	MDAC Core Files, Jet, and Access Driver
RDS v1.1 Files	MDAC Core Files

Microsoft Index Server

Index Server System Files	Web Server
Language Resources	Index Server System Files
Online Documentation	Index Server System Files, Common Documentation Files
Sample Files	Index Server System Files

Microsoft Message Queue

Administration Tools	Microsoft Message Queue Server
HTML Documentation	Common Documentation Files, Common Program Files
Microsoft Message Queue Server	Transaction Server Core Components; Microsoft SQL Server w/ Service Pack 2 or 3
Software Development Kit	Microsoft Message Queue Server

Microsoft Script Debugger

Core Program Files

Web Server

Microsoft Site Server Express

Content Analyzer	Web Server
Usage Import and Report Writer	Web Server
Posting Acceptor	Web Server
Web Publishing Wizard 1.51

Microsoft Internet Connection Services for Remote Access Service

Connection Manager Administration Kit

Connection Manager Administration Kit	Common Program Files
Product Documentation	Product Documentation

Connection Point Services

Phone Book Administrator	Common Program Files
Phone Book Service	Common Program Files and Access and Jet Driver
Product Documentation	Product Documentation

Internet Authentication Services

Internet Authentication Services	Common Program Files, Internet Service Manager
Internet Authentication Services Documentation	Product Documentation
Product Documentation	Common Documentation Files

Transaction Server

Microsoft Management Console	Common Program Files
Transaction Server Core Components	Microsoft Management Console
Transaction Server Core Documentation	Transaction Server Core Components

Transaction Server Development

Transaction Server Development	Transaction Server Core Components, Jet and Access Driver, SQL Server, Oracle
Transaction Server Development Documentation	Transaction Server Development
Visual Basic Transaction Server Add-In	Transaction Server Development

Visual InterDev RAD Remote Deployment Support

Visual InterDev RAD Remote Deployment Support

FrontPage Server Extensions

Microsoft Windows Scripting Host

Windows Scripting Host Executables	Web Server
Windows Scripting Host Sample Scripts	Windows Scripting Host Executables

Unattended Option Pack Installation

If you are installing the Option Pack many systems, you can copy the Unattend.txt file from the Windows NT Option Pack compact disc to a folder on the local computer and perform unattended installations from that folder. This is useful for performing installations without remaining at the computer and stepping through the installation options. The Unattend.txt file is located on the compact disc in the is \Ntoptpak\En\X86\Winnt.SRV directory, where CPU type is the processor on the computer where Internet Information Server will be installed.

To start unattended setup

1. Go to the computer where you want to install the Option Pack and either place the compact disc in the CD drive or make a network connection to the CD drive containing the Option Pack disc.
2. Copy Unattend.txt to your local hard disk and make any necessary changes to install the appropriate components.
3. At a command prompt, change to the folder on the compact disc containing Setup.exe.
4. Type setup.exe/u:full path to Unattend.txt where full path to Unattend.txt is the drive and path on the local computer where Unattend.txt is located. For example, setup.exe/u:c:\temp\unattend.txt.

If you have previously installed the Option Pack and now want to add or remove components, you must use maintenance mode during unattended installation.

To run unattended setup in maintenance mode

1. Go to the computer where you want to install the Option Pack and either place the compact disc in the CD drive or make a network connection to the CD drive containing the Option Pack disc.
2. Copy Unattend.txt to your local hard disk and make any necessary changes to install the appropriate components.
3. At a command prompt, change to the folder on the compact disc containing Setup.exe.
4. Type %windir%\system32\sysocmgr.exe /I:%windir%\system32\setup\iisv4.inf /c /u:full path to Unattend.txt where full path to Unattend.txt is the drive and path on the local computer where Unattend.txt is located.

Note Be sure to test your unattended installation script before deployment. Some components shipped in the Option Pack have dependencies on other components being installed. Also, some components require additional text files to complete unattended installation. See Unattend.txt on the compact disc for more information about unattended setup.

Adding Options After Installing the Option Pack

If you decide to add optional components after doing the initial installation, follow these steps:

1. Click Start, point to Programs, point to Microsoft Windows NT 4.0 Option Pack, and then click Option Pack Setup.
2. In the Options window, click Add/Remove.
3. Select check boxes for optional items you want to install and clear the check boxes for any items you want to uninstall.
4. Follow the on-screen directions to complete the setup process.

Documentation

The Windows NT 4.0 Option Pack contains a comprehensive set of online documents. When you run the installation program for the Option Pack, you have the choice of which components you want to install. When you install a component, it automatically installs the documentation that's associated with that component.

Using the Documentation

The World Wide Web service must be installed and the server must be running to view the documentation (with the exception of release notes and troubleshooting files). If the Web site is stopped, when you click Product Documentation, you get the message, "A connection with the server could not be established." If you get this error, start Internet Service Manager and check the status of the Web site; if the site is stopped, then start the service.

You can use other browsers to view the documentation, but it is most easily viewed and navigated by using Microsoft Internet Explorer. For best results, use:

• Internet Explorer version 3.02 with Authenticode™ 2 update or later versions of Internet Explorer
• A monitor with a screen size of 15 inches or larger
• Resolution set to 800 pixels by 600 pixels
• Color palette set at 256 colors
• Browser set to full-screen
• Browser font size set to Medium
• Browser security set to Medium

To view the documentation from the server:

Select Product Documentation from the Windows NT 4.0 Option Pack under the Start menu. This brings up your browser and loads the product documentation application. The documentation system is compatible with any Web browser that supports frames. However, the printing utility that you use to print sections of the documentation only works with Internet Explorer 4.01, which is included with the Option Pack.

To view the documentation from a different system:

1. Start the Internet Service Manager—Select the Internet Service Manager icon from Start/Programs/Windows NT 4.0 Option Pack. This starts the Microsoft Management Console with the Internet Information Server snap-in loaded.
2. Expand the Internet Information Server snap-in.
3. Expand the system where you loaded the Option Pack.
4. Expand the Default Web Site.
5. Right-click IISHELP and select Properties.
6. Click the Directory Security tab.
7. Click Edit under IP Address and Domain Name Restrictions.
8. Select GrantedAccess.

   Note By default, the documentation is set up so that only users on the local system can view it. By changing this setting, you are making the content under the IISHELP virtual directory available to everyone.

Printing Documents

Using Internet Explorer 4.01, which comes with the Option Pack, you can take advantage of the rich printing capabilities built into the online documentation.

1. With the documentation displayed in your browser and the Content tab highlighted, select the section or page you wish to print.
2. Click Print.
3. This prints the page or all the pages under the section that you selected.

Installing Additional Documentation Components

You can also choose to install additional documentation components without installing the services. For instance, if you're interested in reading about Microsoft Message Queue Server, but don't what to install it at this time, here's what you would do:

1. Run the installation utility. Select Windows NT Option Pack Setup from Start/Programs/Windows NT Option Pack/.
2. Click Add/Remove.
3. Select Microsoft Message Queue under the components window.
4. Click Show Subcomponents.
5. Select HTML Documentation.
6. Click OK.
7. Click Next.

This installs the documentation for Microsoft Message Queue Server. Remember, by default, only the documentation for the selected components is installed during setup.

Microsoft Management Console

Introduction

The Microsoft Management Console (MMC) is an extensible common console for managing network applications. The MMC itself provides no management capabilities; these features are implemented through incorporating snap-ins. Snap-ins are the programs responsible for performing the management task. The console provides a common framework for managing these applications. The Option Pack installs the MMC and several snap-ins (example: the Internet Service Manager) that manage the installed services.

Using the MMC

The MMC interface looks much like the Windows Explorer, having several possible viewing panes and child windows. A typical MMC window may look like this:

The scope pane (the left pane) is a tree displaying the tool's namespace. Each node in the tree represents a manageable object, task, or view. The scope pane may not be visible in all views. The result pane (the right pane) displays the result of selecting a node in the scope pane. Often, as in the Windows Explorer, the right pane displays the contents of a folder or other container.

An administrator can create tools from various snap-ins, and then save these tools for later use or for sharing with other administrators or operators. With this approach, the administrator can efficiently create custom tools with different levels of complexity for delegating and coordinating tasks and managing workflow. For example, an administrator can combine simple tasks into one tool and then give that tool to a subordinate or trainee. The same administrator can also design different tools for daily, weekly, and monthly administrative tasks.

All snap-ins written for the MMC, whether from Microsoft or an independent vendor, have a similar look and feel. The familiar environment should make it easier for users to use all tools after learning one. Tools can also mix and match functionality from many snap-ins.

Future releases of Windows NT and all Microsoft BackOffice® family of products, as well as third-party networking products, include MMC snap-ins as their administrative programs and control panel applets.

Using the MMC from a Remote System

There are three Option Pack services that make use of the MMC: Index Server, Internet Information Server, and Transaction Server.

It is possible to administer a server running the Option Pack services on a remote Windows NT Workstation computer simply by installing the MMC and the appropriate snap-ins on a local machine. To set this up:

1. Run the Windows NT Option Pack installation program.
2. Select Next, then Accept.
3. Select Custom.

   To only set up MMC on this system, uncheck all components except:

   • Microsoft Management Console
   • Windows NT Option Pack Common Files
4. Under Internet Information Server (Personal Web Server on Windows NT Workstation), select Internet Service Manager. Make sure this is the only component selected.
5. Click Next and follow the instructions.

This gives you the ability to manage Microsoft Internet Information Server and Microsoft Transaction Server remotely using the Microsoft Management Console. To manage Internet Information Server and Microsoft Transaction Server remotely, you are required to have administrative privileges on the server you're managing. Otherwise you receive an "Access Denied" error.

To Connect to a Remote Server:

1. After following the steps above to set up MMC and the appropriate snap-ins, open the Internet Service Manager in the Windows NT Option Pack group under Start.
2. To manage a remote Internet Information Server, right-click the Internet Information Server snap-in and select Connect.
3. Type in the name of the server you wish to manage. (This must be the machine name and not the domain name.)
4. Select OK. An icon that represents the remote server should appear.

Follow the same steps to manage a remote Microsoft Transaction Server, except right-click the Microsoft Transaction Server snap-in and select Connect.

Web Services for Windows NT Server 4.0

Microsoft Internet Information Server 4.0 is the enhanced Web server integrated with Windows NT Server 4.0 that makes it easy to publish information and bring business applications to the Web.

Installation Requirements

The performance of your Web server can vary widely, depending on the following system factors:

• Type of processor
• Amount of RAM
• Capacity of the installed network connection card
• Type of session that is open

The following table lists the minimum and recommended hardware needed to run Windows NT 4.0 Option Pack components.

Hardware Requirements and Recommendations

To publish on an intranet, you need:

• A network adapter card and local area network (LAN) connection.
• A name resolution system to resolve computer names to IP (Internet protocol) addresses. This step is optional, but it does allow users to use "friendly" text names instead of IP addresses when connecting to your server. Windows NT Server provides WINS for corporate Windows networks. For the Internet, you must use a DNS server.

To publish on an Internet, you need:

• An Internet connection and IP address from your ISP. To publish on the Internet, you must have a connection to the Internet from a network provider.
• A network adapter card suitable for your connection to the Internet.
• Domain name system (DNS) registration for your IP address. This step is optional, but it does allow users to use "friendly" text names instead of IP addresses when connecting to your server. For example, microsoft.com is the domain name registered to Microsoft. Within the microsoft.com domain, Microsoft has named its World Wide Web server http://www.microsoft.com/ .

Software Requirements

Components of the Window NT 4.0 Option Pack require the following software to be installed on the computer prior to the installation of the Option Pack:

• Windows NT Server version 4.0 or later
• Windows NT Service Pack 3.
• Microsoft Internet Explorer version 4.01 or later.
• The Windows NT TCP/IP Protocol and Connectivity Utilities. If you are publishing on the Internet, your ISP must provide your server's IP address, subnet mask, and the default gateway's IP address. (The default gateway is the ISP computer through which your computer routes all Internet traffic.)
• If the FTP service provided with Windows NT Server or the Windows NT Server Resource Kit has been installed, you must remove it. Also, remove any other previously installed Internet services.

Upgrading from Previous Versions

If a previous version of Internet Information Server is detected on the system by the setup program, two options are presented.

• Upgrade Only: Select this option if you want only to upgrade the existing Internet Information Server services.
• Upgrade Plus: Select this option if you want to upgrade the existing Internet Information Server services and add services new to Internet Information Server 4.0 such as SMTP and NNTP. If you select this option, then you cannot remove an existing Internet Information Server service.

Administration

Internet Information Server 4.0 provides a comprehensive set of tools for managing your Web server. This section briefly describes how to get started with the Windows-based interface and the browser-based interface. In addition, all the settings for Internet Information Server 4.0 are configurable using scripts executed at the command line. See the documentation for more information.

Windows-Based Administration

Internet Information Server 4.0 provides a snap-in to the Microsoft Management Console (MMC). This replaces the Internet Server Manager that shipped with previous versions of Internet Information Server.

To start the MMC from the server with the Internet Information Server snap-in loaded:

• From Start/Programs/Windows NT 4.0 Option Pack/Internet Information Server, select Internet Service Manager.

Browser-Based Administration

The new browser-based Internet Service Manager provides complete administration control over the Web server, Web sites, and FTP sites. You can use the browser-based ISM to manage the server as a whole or securely manage individual sites locally and remotely.

To start the browser-based Internet Service Manager locally:

1. Click Start, point to Programs, then Windows NT 4.0 Option Pack, and then Microsoft Internet Information Server.
2. Click Internet Service Manager (HTML) to launch the browser and access the administration Web site.

Although it is possible to remotely manage the server using the browser-based ISM, you should be aware that the default restriction, which denies all hosts except the local server, provides the greatest security. If you do grant access to additional IP addresses, make sure that your local server resources have been secured (see Securing Your Web Server).

To use the browser-based ISM remotely, you must first remove the default IP restrictions.

• From the local server, right-click the Administration Web Site under the server you want to manage and select Properties.
• On the Directory Security property sheet, click Edit under the IP Address and Domain Name Restrictions.
• By default the server is set up to deny access to all but the local server. To allow for remote administration, add the IP address of the remote computer or select the Granted Access to grant access to all.
1. Start a browser and type the domain name and the assigned port number for the HTML Admin Site. Adding /iisadmin/ is optional. For example, http://www.microsoft.com/ :<port number>/iisadmin/.

   Note The port number can be obtained by clicking Advanced under the Web Site Identification of the property sheet for the Administration Web Site.

Setting Up a Web Site

This section describes how to use the Default Web Site included with Internet Information Server to quickly set up a Web site.

To establish a Web site by using the Internet Information Server defaults:

1. Create a home page for your Web site.
2. Name your home page file Default.htm. If you want to use another name, you must start Internet Service Manager, click Default Web Site, click Properties on the toolbar, choose the Documents property sheet, and add the filename to the top of the list of enabled default documents.
3. Copy your home page file into the Default Web Site home directory for Internet Information Server. The default home directory offered in Setup is <Drive>\Inetpub\wwwroot.
4. If your network has a name resolution system, then visitors can simply type your computer name in the address bar of their browser to reach your site. If your network does not have a name resolution system, then visitors must type the numerical IP address of your computer. For more information on name resolution systems, see About Name Resolution in the documentation.

Using Microsoft FrontPage with Internet Information Server 4.0

Microsoft FrontPage 98 server extensions for Internet Information Server are native Internet Server API (ISAPI) dynamic-link libraries (DLLs) and offer improved performance over extensions used in FrontPage 97. The extensions are an integral part of Internet Information Server 4.0 as they are integrated into the setup as well as the administration tools. FrontPage 97 server extensions are not fully compatible with Internet Information Server 4.0 and are not recommended.

Virtual Directories and Server Extensions

Virtual directories map the URL space of the Web site to the file system of the local or networked computer. They control read and execute access to specified directories within the file system and allow seemingly related URLs to refer to noncontiguous content areas in the file system.

FrontPage automatically manages the use of virtual directories for executable and unreadable directories. Virtual directories are set up in each FrontPage Web to mark the directories that contain the FrontPage Server Extension DLLs as executable and to mark hidden directories as unreadable. FrontPage creates the following virtual directories for each sub-Web:

· vti_bin
· vti_bin\_vti_aut
· vti_bin\_vti_adm
· vti_pvt
· vti_cnf
· vti_txt

The root FrontPage Web has a seventh virtual directory:

_vti_log

Each FrontPage Web, including each sub-Web, contains copies of three ISAPI DLLs that make up the FrontPage Server Extensions. These DLLs are created in directories below the top-level directory of a FrontPage Web:

• vti_bin/_vti_adm/admin.dll for administrative tasks
• vti_bin/_vti_aut/author.dll for authoring FrontPage Webs
• vti_bin/shtml.dll for browse-time FrontPage components such as form handlers

Setting Up a Web Site Using FrontPage 98

If FrontPage 98 is installed on the same machine as Internet Information Server, then you can create a new Web quickly and easily by following the steps in this section.

To set up a new FrontPage 98 Web Site:

1. Start the FrontPage 98. The FrontPage Explorer appears and a Getting Started dialog box appears prompting you to select an existing Web or to create a new one.
2. Select the Create a New FrontPage Web radio button, then select OK.

3. The New FrontPage Web dialog box appears, prompting you for the kind of FrontPage Web to create and its title. The default Web to create is Personal Web. The URL for the Web appears under the Web title. Select OK when finished.
4. The FrontPage Explorer window displays the contents of the new Web after it is successfully created.

Webs as applications

Newly created Webs are not applications by default. A Web in Internet Information Server is capable of using ASP functionality, however, for application components such as global.asa to be executed, the server must know that the Web is an application.

Changing a Web to an application is accomplished through the Internet Service Manager.

To change a Web to an application:

1. Launch Internet Service Manager.
2. Expand the Internet Information Server folder.
3. Expand the node labeled with your computer name.
4. Expand Default Web Site.
5. The Web is represented with a folder icon. Right-click it and select properties.
6. In the Application Settings area on the Directories tab of the properties, select Create.
7. Select OK. The icon for the Web is now an application icon.

If you experience problems viewing your Web in the FrontPage Explorer, there may be a problem with the virtual directories or FrontPage extensions. You can use the FrontPage Server Administrator to troubleshoot FrontPage Webs. A shortcut to this tool can be found in the directory of your FrontPage installation, typically c:\Program Files\FrontPage, or in Start, Programs, Windows NT Option Pack, Microsoft Internet Information Server.

Select the virtual server and port on which you want to check and fix the Server Extensions from within the FrontPage Server Administrator. Then select the Check and Fix option to fix the Server Extensions, replace missing FrontPage directories and files, make sure all FrontPage executables are present and have the correct permissions.

Using Microsoft Visual InterDev with FrontPage and Internet Information Server

Microsoft Visual InterDev is a Web development environment that provides a visual interface for quickly adding sophisticated database features to a Web site. If you plan to use Visual InterDev to develop Web-based applications, it is recommended that you install FrontPage first. After verifying that the FrontPage server extensions are functioning properly by viewing the Web from within the FrontPage Explorer, install Visual InterDev and configure any ODBC data sources that you plan to use. See Accessing a Database in the Application Services section for more on ODBC.

Setting Up an FTP Site

This section describes how to quickly make content available on your FTP server.

To establish an FTP site by using the Internet Information Server defaults:

1. Copy or move your files into the Default FTP Site home directory. The default directory offered in Setup is <Drive>\Inetpub\Ftproot.
2. If your network has a name resolution system, then visitors can type ftp:// followed by your computer name in the address bars of their browsers to reach your site. If your network does not have a name resolution system, then visitors must type ftp:// and the numerical IP address of your computer. For more information on name resolution systems, see About Name Resolution in the documentation.

Hosting Multiple Sites Using Internet Information Server 4.0

Using Internet Information Server 4.0, you can host multiple Web sites (Virtual Server), and multiple FTP sites all on one computer by using either multiple IP addresses or by hosting multiple sites on a single IP address and assigning each site a unique host header name.

Adding a New Site

Using the New Site Wizard, you can easily create new Web and FTP sites. To set up a new Web site on Internet Information Server 4.0, follow these instructions:

1. From Start/Programs/Windows NT 4.0 Option Pack/Internet Information Server, select Internet Service Manager. This brings up the Microsoft Management Console with the Internet Information Server snap-in loaded.
2. Expand the Internet Information Server snap-in.
3. Select the computer or a site and click the Action button.
4. Click New and then Site to launch a wizard that adds a new site.
5. Follow the on-screen directions to assign identification information to your new site.

Naming Your New Site

This section explains assigning identification information to Web sites. Each Web site has a unique, three-part identity it uses to receive and to respond to requests:

• An IP address
• A port number
• A host header name

When running multiple Web sites on a single server, you must ensure that each Web site has a unique identity. Web sites can share any two of their three identity parts with other Web sites, provided the sites are differentiated on the third part. This means that two sites can share their host header name and IP address, but must use different ports. Alternately, they could share a host header name and port, but have different IP addresses.

One of the most useful and interesting scenarios is sharing IP addresses and ports, but having different host header names. Using this strategy, you can operate multiple domain names on one IP address. Here's what you need to do to host multiple Web sites on a single IP address:

1. After a new Web site is created, you can set additional properties on the Web site. Under the Internet Information Server snap-in in the MMC, right-click the Web site and select Properties.
2. On the Web Site tab, click the Advanced button under the Web Site Identification section.
3. Double-click the entry under Multiple identifiers for this Web Site. This is where you assign the three unique identifiers for this Web site.
4. If you want to bind this Web site to a specific IP address, select it under IP Address. Otherwise leave this as (All Unassigned).
5. Unless you want to host your Web site from an alternative TCP Port, leave this set at port 80.
6. Assign a unique host header name. This is the name of your domain. For example http://www.microsoft.com/ .
7. For this newly created site to be accessible using the friendly name, you must register the name with your DNS server. See Name Resolution in the documentation for more detailed information.

New Web sites, by default, are NOT started. After you have named your Web site, you need to start it by right-clicking it and selecting start.

Assigning Web Site Administrators

Web site operators are Windows NT–based user accounts that have limited administration privileges on a Web site.

To add an operator:

1. In Internet Service Manager, select the Web site and click the Properties button to display its property sheets.
2. On the Security Accounts property sheet, under Web Site Operator, click the Add button. This opens the Add Users and Groups window.
3. Either select a user or group from the Names list or select another name list from the List Names From box.
4. Select a member from a group of users by clicking the Members button and selecting the member from the window.
5. Search for a user or group on a network by clicking the Search button.

Creating Virtual Directories

To publish from any directory not contained within your home directory, you create a virtual directory. A virtual directory is a directory that is not contained in the home directory, but appears to client browsers as though it were.

A virtual directory has an alias, a name that client browsers use to access that directory. Because an alias is usually shorter than the path name of the directory, it is more convenient for users to type. An alias is more secure; users do not know where your files are physically located on the server and cannot use that information to modify your files. Aliases make it easier for you to move directories in your site. Instead of changing the URL for the directory, you change the mapping between the alias and the physical location of the directory.

To create a virtual directory:

1. In Internet Service Manager, select the Web site or FTP site to which you want to add a directory.
2. Click the Action button, point to New, and select Virtual Directory.
3. Use the New Virtual Directory wizard to complete this task.

Clustering Web or FTP Servers

Clustering is a way of providing higher availability to your Web sites. When setting up clustering for Web or FTP servers, there are two resources you must specify as clustered resources: the Internet Information Server Web or FTP site and an IP address, on which the Internet Information Server Web or FTP site depends. The following procedure describes the steps to take when setting up clustering with Internet Information Server. For more detailed information, see the documentation for Cluster Server.

To add an Internet Information Server resource using the Cluster Administrator:

1. In the Cluster Administrator, select the group into which you want to add the new resource. This is typically the Cluster Group for the first Internet Information Server resource.
2. On the File menu, select New and then Resource. In the dialog box, enter the name and description for the new resource and select the resource type Internet Information Server Instance from the drop-down list box. Click Next.
3. From the selection field, select the nodes in the cluster on which you want the resource to be available. By default, all the available nodes are selected. Click Next.
4. Select a dependency for the new resource from the left-hand pane. This typically is the Cluster IP Address. You can select multiple dependencies. Click Add to select these dependencies. Click Next.
5. Select either FTP or WWW. Select a server from the drop-down list. Click OK.

To set up clustering on two Web or FTP servers

1. Install Microsoft Cluster Server on both servers.
2. Install Internet Information Server on both servers.
3. Use the Cluster Service Administration user interface to create a second IP address resource on node A in a new group (Group 2).

   Note Multiple IP addresses are managed by the cluster. Each node can host multiple IP addresses at the same time and each one can be failed-over independently. If only a single Web or FTP site is being clustered, you can set its IP address to "Unassigned." However, if multiple sites are being clustered, then you must explicitly assign an IP address to each clustered site.

4. Use Internet Service Manager to create and assign the second Web site to the second IP address by opening the property sheets for the Web site and entering the IP address.
5. Make sure that all anonymous user names and passwords used in the Web site configurations are usable on all nodes of the cluster. All virtual root paths should either point to a shared drive (that is, a UNC or cluster hard disk) or to identical local disks (that is, the same drive letters and directory structures on all nodes in the cluster).
6. Add all Web Sites as cluster nodes using Cluster Service Administration user interface. The first Web Site should be created in the Cluster Group and made dependent on IP1 (cluster IP address); the second Web Site should be created in Group 2 and made dependent on IP2.
7. Manually back up SSL keys, because replication overwrites them with the ones that are installed on the source system (node A).
8. Delete all non-cluster Web sites on target node (B) by using Internet Service Manager. This ensures that replications correctly create a cluster configuration on the target (node B), because replication does not overwrite an existing server IP address assignment.
9. Replicate the configuration settings from node A to node B by using the Iissync.exe utility. You can now move Web sites from one node to another by using the Move Group command of the Cluster Service Administration user interface.

Important You can start and stop Web and FTP sites on a non-clustered computer using Internet Service Manager. However, use the Cluster Server administration user interface to start and stop Web or FTP sites on a clustered computer. You can still use Internet Service Manager to set Web or FTP site properties.

Indexing Content

Microsoft Index Server indexes the contents and properties of documents on a Web site served by Microsoft Internet Information Server (IIS). You can set up Index Server so that clients can search a Web site with any browser by filling in the fields of an HTML query form. When a client executes a query, the Web server forwards the information typed into the query form to the query engine. The query engine finds the pertinent documents, formats the results as an HTML Web page, and returns the results to the client.

In addition to indexing Web pages in HTML format, Index Server indexes documents formatted by applications such as Microsoft Word and Microsoft Excel. Thanks to this feature, you can add documents to a Web site without having to convert them into HTML format.

Installing and Configuring Index Server

Install Index Server through the Option Pack setup program. During installation, a list box shows you optional components that you can install with Internet Information Server. Look for Microsoft Index Server 2.0 and then follow these steps:

To install Index Server:

1. In the Option Pack Optional Component list box, make sure Microsoft Index Server is selected.
2. Click Show Subcomponents.

   The Subcomponents of Index Server list box appears, showing you all the subcomponents of Index Server, which are selected by default. Note that the Index Server System Files are required for Index Server to run.

3. Double-click the Language Resources component to see a list of languages that Index Server supports.
4. In the Subcomponents of Language Resources list box, you can clear the check box of any language that does not apply to your site, and then click OK.
5. In the Subcomponents of Index Server list box, click OK and then click Next.
6. The Index Server Catalog Directory dialog box shows the path where the index is stored.

   A directory named Catalog.wci is created at this location. You can change this directory during setup, if you want. Maximum index size can be 40 percent of the size of the original files, so if you do change the default, be sure to choose a location with enough free space.

   Also, during setup, the Index Server files are copied to your computer under the InetPub directory in the following locations:

   • Sample HTML and script files are copied into /Iissamples/Issamples
   • Administration files are copied into /Iisadmin/Isadmin
   • Documentation files are copied into /Iishelp/Ix
7. Click Next and follow the instructions on-screen to continue setting up Index Server and Internet Information Server.

Testing Your Installation

Index Server is now installed on your system. Check to make sure that Setup created a common program group for Index Server:

1. On the taskbar, click Start , point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Index Server.
2. Select Index Server Sample Query Form.
3. Type Index Server in the form box.
4. Click Go.

The results of the query should return various references to Index Server.

Defining Content to Index

1. Using the Internet Service Manager, right-click the Web site or directory where the content resides and select Properties.
2. From the Home/Virtual Directory property page, check Index this directory.
3. Click OK.

   This adds the content under the Web site or directory to the catalog. Users can now search for specific information under these directories using a Query Form.

Refer to the documentation for more information on:

• Building custom query forms
• Administration
• Setting the scope of a query

Securing Your Web Server

Windows NT security helps you protect your computer and its resources by requiring assigned user accounts for all operations. You can control access to all computer resources, including Web content, by limiting the user rights of these accounts. Windows NT maintains account lists of local users and groups and of users and groups in the domain.

Accessing Server Resources

All Windows NT–based resources, including those accessed using a Web browser, are represented as objects that can be accessed only by authorized Windows NT–based services and users. An object in Windows NT is defined as a set of data or an application.

Access to each object is controlled through an Access Control List (ACL). Every user of the system must have a user account, which is added to a resource ACL by means of granting permissions. When a user wants to access an object, the system checks the user's security identifier and group memberships with the ACL to determine whether the user is allowed to complete the request.

The association of an ACL with a file or directory is possible only with the NTFS file system. For this reason, it is the recommended file system of choice for Windows NT–based systems that host Web sites. Implementing NTFS on a volume allows administrators precise control over resources on the volume.

Association of an ACL with a file or folder is accomplished by assigning NTFS permissions to these objects. There are six NTFS file permissions:

R = Display the file's data, attributes, owner, and permissions

X = Run (execute) the file

W = Write to the file or change the file's attributes

D = Delete the file

P = Change the file's permissions

O = Take ownership of the file

These individual permissions combine to form the more familiar, predetermined permissions Read, Change, Full Control, and No Access according to the following table. Notice that Special Access is any combination of permissions set by the administrator and does not refer to one of the predetermined permissions.

Permission	R	X	W	D	P	O
No Access	?	?	?	?	?	?
Read	¦	¦	?	?	?	?
Change	¦	¦	¦	¦	?	?
Full Control	¦	¦	¦	¦	¦	¦
Special Access (any combination)	¦	¦	¦	¦	¦	¦

¦ Permissions granted ? Permissions not granted

Directory permissions are similar to file permissions. The major difference between directory and file permissions is Special Access. Special Access for directories can be either:

• Special Directory Access, which sets Special Access rights for new and existing directories.
• Special File Access, which sets Special Access rights for new and existing files.

As with file permissions, there are predefined directory permissions that contain the ability to perform tasks. The permissions and their associated tasks are shown in the following table:

Permission	R	X	W	D	P	O
No Access	?	?	?	?	?	?
List	¦	¦	?	?	?	?
Read	¦	¦	?	?	?	?
Add	?	¦	¦	?	?	?
Add & Read	¦	¦	¦	?	?	?
Change	¦	¦	¦	¦	?	?
Full Control	¦	¦	¦	¦	¦	¦
Special Access (any combination)	¦	¦	¦	¦	¦	¦

¦ Permissions granted ? Permissions not granted

Setting permissions on a directory changes the existing permissions for that directory and for any existing files in the directory. However, it does not change existing permissions for any subdirectories unless specifically set to do so. To do this, select the Replace Permissions on the Subdirectories check box when setting the directory permissions.

New files or subdirectories created in a directory inherit that directory's current directory permissions.

The group Everyone contains all users and groups, including the Internet Guest account and the Guest group. By default, the group Everyone has full control of all files created on an NTFS volume.

To assign NTFS permissions:

1. Using the Windows NT Explorer, select a directory or file you want to secure. This directory should contain the Web pages and/or Web applications you want to provide authenticated access to.
2. On the File menu, select Properties.
3. On the Security property sheet, click Permissions.
4. In the Directory Permissions dialog box, click Add to add users and groups.
5. In the Add Users and Groups dialog box, select a computer or domain from the List Names From list box.
6. In the Names box, select a user or group that you want to grant access to your file or directory. (For more information about user and groups, click the Help button.)
7. From the Type of Access list box, set the access permission level for the selected user or group.
8. Click OK.

Note If there are conflicts between your NTFS and Web server permissions, the most restrictive settings are used. This means that permissions that explicitly deny access always take precedence over those permissions that grant access.

Authentication

IIS Authentication Types

• Basic – The Basic authentication method is a widely used, industry-standard method for collecting user name and password information. However, using this authentication method, the user information is passed in clear text form over the network.
• Windows NT Challenge/Response – This method authenticates users without requiring the transmission of actual passwords across a network. Currently, Microsoft Internet Explorer, version 2.0 or later, is the only Web browser that supports this authentication method.
• SSL Client Certificate – You can also use your Web server's Secure Sockets Layer (SSL) 3.0 security features to authenticate users by checking the contents of an encrypted digital identification submitted by the user's Web browser during the logon process. User certificates can be mapped to Windows NT user accounts making it easier to control their access to content on the server.

Users are able to access information through Internet Information Server in one of two ways.

• Anonymous Access—This is associated to the Internet Guest account. If you decide that you don't need to authenticate users to your site, Internet Information Server logs user on under this account. By default, this user account is automatically created under the name of IUSR_MachineName, where MachineName is the name of the server.
• Authenticated Access—This requires the user to provide a user name and password or present a digital certificate.

Setting Up Authentication

To prevent anonymous users from being able to access content on your site, you can set up authenticated access.

1. Use the Windows NT User Manager for Domains utility to create a Windows NT–based user account on your server. If appropriate, add the account to a specific Windows NT–based user group.
2. Configure Windows NT File System (NTFS) permissions for the directory or file for which you want to control access. (See the section on Access Control.)
3. Using the Internet Service Manager, select the directory or file, and open its property sheets. (If you have configured NTFS permissions for a directory corresponding to a Web site, then select that Web site and open its property sheets.)
4. Select the Directory Security or File Security property sheet. Under Anonymous Access and Authentication Control, click Edit.
5. In the Authentication Methods dialog box, select the authentication method you want to use.

Setting Up Client Certificate Authentication

Client certificates are encrypted, digital identifications that contain personal information. Similar to conventional forms of identification, client certificates enable Web servers to authenticate, or confirm, the identity of a user before letting that user log on to a restricted Web site.

To enable client certificates:

Note If you have not previously created a server key pair and certificate request, see the section on Encryption and Certificate Server.

1. In Internet Service Manager, select a Web site, directory, or file and open its property sheets.
2. Select the Directory Security or File Security property sheet under Secure Communications and click Edit.
3. In the Secure Communications dialog box, select the Require Secure Channel when accessing this resource check box. Requiring a secure channel means that user cannot connect to this site without using a secure link (that is, the link's URL must begin with https://).

   Under Client Certificate Authentication, select one of the following to enable client certificate authentication:

   • Accept Certificates—Users can access the resource with a client certificate, but the certificate is not required.
   • Require Client Certificates—The server requests a client certificate before connecting the user to the resource. Users without a valid client certificate are denied access.
4. Click OK.

Setting Access By IP Address or Domain Name

Internet Information Server can be configured to grant or deny access to specific IP addresses. You can deny access to your server from a particular host or subnet. Conversely, you can choose to enable only specific sites to have access to your service.

Use the Directory Security tab of the World Wide Web Serviced Property Sheets to limit access to IP addresses or network ids for the selected information service. The properties dialog box is illustrated below.

To restrict access by IP address:

1. Select the Edit button. The IP Address and Domain Name Restrictions dialog box appears.

2. Then select Granted Access or Denied Access and click Add.

   

3. The Deny Access On dialog box appears. To exclude a single computer from accessing your Web server, select Single Computer and provide the IP address of the computer. To exclude a group of computers, click Group of Computers and provide an IP address and subnet mask to exclude a group of computers. To exclude a domain, click Domain Name and type in the name of the domain.

By using the IP Address and Domain Name Restrictions feature, you can specify by IP address which computer or group of computers are granted or denied access. If you choose to grant access to all users by default, you can then specify the computers to be denied access.

Conversely, if you choose to deny access to all users by default, you can then specify which computers are allowed access.

FrontPage Security and Internet Information Server

In the FrontPage Explorer, authors can mark directories executable to allow the directories to store executable objects such as Active Server Pages (ASP), Database Connector files (IDC), CGI Scripts, ISAPI Extensions, and Perl scripts. Each directory that is marked executable causes FrontPage to create a virtual directory.

There are three kinds of users defined for every FrontPage Web: administrators, authors, and browsers (end users). All permissions are cumulative; all authors also have browsing permission and all administrators also have authoring and browsing permissions.

The list of administrators, authors, and browsers is defined on a per-Web basis. All content in a FrontPage Web is accessible to the same set of users and groups. It is not possible to control permissions on a per-file or per-directory basis with FrontPage. All FrontPage sub-Webs either inherit the permissions (list of administrators, authors, and browsers) of the FrontPage root Web or use their own, unique permissions.

FrontPage implements Web security on Internet Information Server by changing the access-control lists for all files and directories in each FrontPage Web. FrontPage controls who can administer a FrontPage Web by setting the ACL on admin.dll, the administrative DLL. Similarly, FrontPage sets authoring permissions by setting the ACLs on author.dll. The default ACL sets browsing permission on Web content and lets all users execute the run-time DLL, shtml.dll.

FrontPage performs all authoring and administrative tasks by sending HTTP POST requests to these DLLs. The FrontPage Server Extensions are stored in separate directories in the customer's document root:

/document root

/_vti_bin

shtml.dll

/_vti_adm
admin.dll

/_vti_aut
author.dll

The ACLs for a FrontPage Web are set using the FrontPage Explorer's Permissions command on the Tools menu. To add new users and groups, this command makes the Windows NT computer account list available. In FrontPage 98, you can set up a restricted list of users and groups that does not expose the entire contents of the Windows NT–based computer and domain account lists. This lets you protect the confidentiality of your user community.

FrontPage sub-Webs can have unique permissions by maintaining separate ACLs on their own copies of the admin.dll, author.dll, and shtml.dll DLLs. Alternatively, a FrontPage sub-Web can inherit the permissions of the root Web by keeping the ACLs on its admin.dll, author.dll, and shtml.dll the same as the root Web's lists.

FrontPage DLLs

On Windows NT, a DLL that is called from another DLL must run under the same user account as the calling DLL. Therefore, all system DLL code that is run as a consequence of an Internet Information Server request must run on the impersonated user's permissions. The FrontPage DLLs admin.dll, author.dll, and shtml.dll contain calls to Windows NT–based system DLLs.

To ensure that the system DLLs have the correct level of permissions to run under any administrator, author, or end-user's account, FrontPage adds the Interactive and NETWORK accounts to the ACLs of any system DLLs that are used as a result of a FrontPage DLL call. These added users are given "read" and "execute" permissions on the system DLLs. Note that this is necessary when installing any generic CGI scripts that use any Windows NT–based system services on a Web server.

Encryption

A computer vandal can potentially intercept sensitive information transmitted across an unsecured network, such as the Internet. For this reason, if you plan to provide users with access to Web sites that process sensitive financial or personal information, you need to protect your network links with encryption.

Creating and Managing Server Key Pairs

You can use the Key Manager to create, import, and export Secure Sockets Layer (SSL) encryption key pairs, which enable your server to negotiate a secure link with a user's browser. When you create a unique key pair for your server, you must attach the key pair to your server certificate.

To create a server key pair:

1. In Internet Service Manager, click the Key Manager icon.
2. On the Key menu, select Create New Key and follow the instructions.

Installing a Server Certificate

To enable your key pair, you must bind it with a valid certificate that you have installed on your Web server. When you receive a valid certificate from the certificate authority, you can copy and save the certificate text to a file. You can then use Key Manager to install the certificate on your Web server.

1. Save the text of the certificate file that you received from the certificate authority as a standard (ASCII) text file. Use a .txt filename extension.

   Note Consult specific instructions sent by the certificate authority that issued the certificate.

2. In Internet Service Manager, click the Key Manager icon.
3. In the Key Manager window, select the key for which you want to install a certificate.
4. On the Key menu, select Install Key Certificate.
5. In the Open dialog box, select the certificate text file. Click Open.
6. In the Password text box, enter the certificate file password, then click OK.

   Note Key Manager combines the creation of a key pair with the generation of a server certificate request. You can automatically send the request to an online certificate authority if you have received an application plug-in from the authority that is compatible with Microsoft Certificate Server 1.0. See the section on Certificate Server for information on deploying Certificate Server.

Binding the Key Pair to an IP Address

1. In Internet Service Manager, click the Key Manager icon.
2. In the Key Manager window, select the key that you want to configure.
3. On the Key menu, select Properties.
4. In the Server Bindings dialog box, click Add.
5. In the Edit Bindings dialog box, enter an IP address. You can also browse for an IP address that already is bound by using the Ellipsis (. . .) button to the right of the IP Address text box and selecting an address from the Choose Server IP Address item list. If you do not assign an IP address, any unassigned IP address is used.
6. Under Port Number, click Any Unassigned Port to have your Web server assign the key pair an unused port number or click Port Number to type in a value.

Using Certificate Server with Internet Information Server 4.0

• Microsoft Certificate Server is a standards-based, highly customizable server application for managing the issuance, revocation, and renewal of digital certificates.

To install Certificate Server

1. Run the Microsoft Windows NT 4.0 Option Pack Setup program and install Internet Information Server if it is not already installed.
2. Select Custom setup.
3. Select Certificate Server in the Components list box. Internet Information Server must be selected or already installed.
4. Click Next to continue with Windows NT 4.0 Option Pack Setup.

   A wizard guides you through the setup and configuration of Certificate Server. The section below walks you through this wizard.

   1. Introduction. Read the introductory text in this screen and click Next when ready to continue.
   2. Choose Configuration Data Storage Location. Provide the location used by Certificate Server to store Certificate Authority certificates and the Certificate Server configuration file. Applications or users reference this location when they request or use certificates issued by the server. This Shared Folder should be located on a public network share so that any user can access and install the Certificate Authority (CA) certificate. For this release, it must be located on the machine on which Certificate Server is being installed. You must specify a path name such as c:\public. The text you enter for the shared folder name must begin with a drive letter such as c:\. Relative paths are not allowed.
   3. Choose Database Location. To modify the default location for the certificate store database, enter a location or click Browse and select the desired location. The default location is Winnt\System32\CertLog.
   4. Choose Log Location. To modify the default location for the Certificate Server transaction log, enter a location or click Browse and select the desired location. The default location is Winnt\System32\CertLog.

   5. (Optional) Choose to Show Advanced Configuration. With the advanced configuration setup dialog, you can specify further configuration options. You should check this to install a root certificate authority.

      Click Next when ready to continue.

      • If you did not check the Show Advanced Configuration check box, the Identifying Information dialog is displayed. Proceed to step 12 for instructions.
      • If you did check the Show Advanced Configuration check box, the advanced configuration setup dialog is displayed. Proceed to the next step for instructions.

   6. Choose the Make this Certificate Server the default check box.

      Choose Certificate Authority Hierarchy. You can select either:

      • Root CA. Create a root certificate for the Certificate Authority (CA) being created.
      • Non-Root CA. Create a certificate request file that you can use to obtain a certificate from another CA. Use this option only if you want to install a non-root CA that participates in an established CA hierarchy.

      The Configuration Wizard automatically generates self-signed signature (root) and key exchange certificates for the CA being created. The certificate filename is based on the server machine name and uses the .crt extension. These are stored in the Shared Folder created in the Choose Storage Location step.

      Note If you choose Non-Root CA, only the certificate request file is generated in the Shared Folder, because this CA is a non-root CA. The signature certificate for a non-root CA must be generated and stored later using the process described in Installing a Certificate Authority Hierarchy.

   7. Click Next when ready to continue. The Identifying Information dialog is displayed.
   8. Enter Identifying Information. Provide the information for each of the requested identifying items.

      Item	Information	Example
      Name	Certificate Authority name	Test Site Certificate Authority
      Organization	Your company	Microsoft Corporation
      Organizational Unit	Your organizational unit	Beta Support Group
      Locality	Your locality	Redmond
      State	Your state	Washington
      Country	Your country	U.S.
      Comment	An identifying comment	For internal use only

   9. Click Next when ready to continue.

The Configuration Wizard stores all the configuration information you have specified and performs the following steps:

• Generates a public/private key pair and self-signed root (site) certificate for this Certificate Server and installs them in the local machine's key repository and certificate store, respectively.
• Writes the Certificate Server's signature and key exchange certificates to the Shared Folder and adds the Certificate Server to the list in the Certificate Authority Certificate List Web page. This page allows Web browsers to install the Certificate Authority (CA) certificates.
• Generates a certificate request file' to submit to another CA if the Non-Root CA option was selected. In this case, a self-signed root certificate is not generated and stored in the Shared Folder as previously described.
• Writes the Certificate Server's configuration file, CertSrv.txt to the Shared Folder.
• Adds the Certificate Authority service to the system services.
• Performs necessary additions to the system registry.

Unless the Non-Root CA option was selected in the Choose Certificate Authority Hierarchy step, the following message is displayed when setup is complete:

If the Non-Root CA option was selected in the Choose Certificate Authority Hierarchy step so that a Certificate Authority hierarchy can be installed, then the following message (referencing the specified Shared Folder) is displayed instead.

Installing a Certificate Hierarchy

1. During Certificate Server setup, you must ensure that the Non-Root CA option was selected in the Choose Certificate Authority Hierarchy step of the Configuration Wizard to create a request file for obtaining a Certificate Authority (CA) signature certificate. If this was not done, you need to reinstall Certificate Server with this option selected.
2. Use the request file to obtain a signed CA certificate. The CA certificate must have a .crt extension and the same basename as the request file.
3. Store the CA certificate in the Shared Folder location.
4. Run the CertHier utility by clicking Start, Programs, Windows NT 4.0 Option Pack, and Microsoft Certificate Server. Then click the "Certificate Server Hierarchy Configuration" shortcut.

On successful configuration of the CA hierarchy, Certificate Server setup is complete and the following message is displayed:

Enabling Certificates with Internet Information Server 4.0

Now that you've installed both Certificate Server and Internet Information Server 4.0, you need to get the certificate information into Internet Information Server. This is done using the Internet Explorer 4.0 user interface and a tool called IISCA.

1. Open Internet Explorer 4.0 and go to http://myserver/CertSrv/CertEnroll/CACerts.htm.
2. Click the highlighted link to the certificate. This is a pointer to the .crt file in the shared folder you set when installing Certificate Server.
3. Select Open this file from its current location.
4. You are now being offered a new site certificate. You probably want to stay with the defaults, so click OK.

   The next dialog gives you information about the certificate, double-check that it is the certificate you want to trust. If it is, then click Yes, otherwise click No. If you say Yes, then you are essentially saying "I trust all communication with any server signed by this Certificate Authority."

   IISCA

   Today there is no user interface into the certificate store other than through Internet Explorer. Hence you set up your certificate information in Internet Explorer and IISCA copies the data to the store that IIS uses.

   Now that we have loaded the certificate information into Internet Explorer, we must get into Internet Information Server. To do this, go to the Command prompt and type:

   • %SystemRoot%\system32\inetsrv\iisca to update the registry
   • Net Stop IISAdmin /y to stop the Internet Information Server process
   • Net Start W3Svc to restart the Internet Information Server process
5. The Certificate Server certificate is loaded into Internet Information Server.

Note Refer to Encryption under the Internet Information Server section for information about generating a certificate for Internet Information Server. This is used to uniquely identify the server.

Issuing Certificates to Clients

Microsoft Certificate Server includes support for client certificate enrollment using Microsoft Internet Explorer version 3.0 or later and Netscape Navigator version 3.0 or later. When certificate server is loaded, it sets up a Certificate Enrollment page. This page provides a mechanism for users to request a certificate from your certificate authority (CA).

A client needs to follow these instructions when requesting a certificate:

1. Access the Certificate Enrollment Tools Web Page. By default, this is installed at <ServerName>/CertSrv/CertEnroll/default.htm.
2. Select Request A Client Authentication Certificate to access the Enrollment Form. (Your browser type is detected automatically.)
3. Fill out the fields in the form with your personal information.
4. Click Submit when ready to submit the certificate request. The Credentials Enrollment Wizard is displayed.
5. Read the information in the wizard and click Next when ready to continue. You are prompted for the name of your private key.
6. Enter the name you want for your private key and click Finish when done. The certificate request is now sent to the certificate server.
7. If the request is accepted and the certificate is issued, the Certificate Download Web page is displayed.
8. Click Accept and the client certificate is downloaded to your system and installed. An Acceptance notification message is displayed.
9. Click OK to dismiss the notification.

Tuning Internet Information Server 4.0 for Large Web Sites

This section has some general guidelines for optimizing the performance of Internet Information Server 4.0 and provides information on other available resources. This section also provides some best practices for evaluating the performance of your Web site before deployment.

Building for Performance

It is critical to the success and scalability of your Web sites and Web-based applications to design them with performance in mind. Building Web sites and Web-based applications is different than developing desktop applications. Desktop applications are designed with one user in mind, while Web sites and applications need to be designed with multiple users in mind. Therefore, it is critical to take the following steps to ensure your Web site and/or application is built to handle the task you've designed it for.

Types of Content

Static – Usually text and graphics based

ISAPI – A set of C level APIs for extending IIS

ASP – An easy way to develop and deploy dynamic Web pages and Web-based applications by combining HTML with scripting and components.

CGI – A way to link out of process applications with the Web

Planning for Performance

• Hardware—It is important to understand how hardware impacts the performance of your site. For instance, is a single processor or single server enough? Does adding more memory increase the performance?
• Content—It's important that you understand the different types of content and the performance implications associated with each type.
• Workload—This represents the number of pages being requested and the distribution patter. For example, a site with 10 pages being requested is going to respond differently than a site with 10,000 pages being requested.
• Web Sites (Virtual Servers)—It's important to understand if the Web server is used to host a single site or many different sites.

Since every Web site and/or Web-based application is different, the performance characteristics differ as well. The following chart represents a single Web server operating in different environments.

• Hardware—Compaq Proliant 7000, 1P and 2P, 256 MB, and 512 MB
• Content—70% Static HTML and 30% ASP
• Workload—The workload consists of approximately 200 static objects ranging from 256 Bytes to 64KB

  Measuring Performance

  • Testing with a browser is NOT enough
  • If anything is slow everything is slow
  • Set goals (i.e. 20 requests per second, 30% CPU load, <10s response time)
  • Measure performance under maximum load
  • Remember Active Server Pages are server applications

    

• Sites—Single site, 50 sites, 500 sites with only 50 sites receiving requests

Measuring Performance

It's very important to confirm your intuition about how your site will perform. Don't just build it and connect it to the Internet and expect it to handle the demand. This is especially important if you are deploying a high-profile site.

There are tools available for simulating a load. Although this guide doesn't cover using tools to test your Web server performance, more information is available in the Internet Information Server Resource Kit, including WCAT, a Web server testing tool.

Monitoring Performance

Performance Monitor is a tool provided in Windows NT Server for monitoring performance. Using this tool, you can monitor the performance of you Web server, individual Web sites, and Web-based applications. See the Internet Information Server Resource Kit for more information on monitoring Web server performance.

Tuning Guidelines

The following table provides a list of general tuning guidelines for Internet Information Server 4.0. Again since every Web site is different, we recommend that you test your site before making these changes permanent.

Parameter	Settings	Impact

General Tuning Parameters

Set Windows NT Server to Application Server.	· On the desktop, right-click Network Neighborhood and select Properties. · Under the Services tab, double-click the Server service. · Make sure that Network Applications is selected.	Internet Information Server 4.0 has grown in size and page faults more under the File Server setting. The App Server setting tells Windows NT to trim the file cache more aggressively.
Replace w3svc.dll and remove irrelevant mappings.	· Download and run the hotfix utility from ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/proxy iis/iis-public/fixes/usa/proxy . You need to choose the appropriate platform (Intel or Alpha). · Using the Microsoft Management Console, navigate to the Web sites (virtual servers) under the Internet Information Server snap-in. · Right-click the Default Web Site and/or any other Web site(s) where your content exists and select properties. · Select on the Home Directory property sheet. · Click the Configuration button under the Application Settings section. · Remove all unused mappings, leaving at least one mapping in place. The server requires at least one mapping. Microsoft recommends leaving the .asp extension in place if no other mappings are being used.	To make it easier for customers to upgrade to Internet Information Server 4.0, Internet Information Server 4.0 checks the extension of each file, even in a read-only directory (that is a directory that has scripting disabled). This is additional overhead that can be eliminated. By design, the server requires at least one script mapping, so leave the .asp mapping in place.
For high volume sites, or benchmark testing, set the Performance bar to More than 100,000.	· Using the Microsoft Management Console, navigate to the Web sites (virtual servers) under the Internet Information Server snap-in. · Right-click the Default Web Site and/or any other Web site(s) where your content exists and select Properties. · Select on the Performance property sheet. · Move the slider bar all the way to the right to the More than 100,000.	This controls the amount of resources available to Internet Information Server. Since Internet Information Server expects heavy usage, which is common with most benchmarks, Internet Information Server keeps additional resources around even if they are not in use. Note Only set this for high-volume sites. For low volume sites, this should be minimized.
Disable performance boost for foreground applications.	· Open the Control Panel. · Double-click the System icon and select the Performance property sheet. · Move the Application Performance slider to "None."	Since high-volume sites are usually built on dedicated Web servers, it's important to give the Web server the maximum amount of system resources. This setting maximizes the number of CPU cycles available to the Web server process.

Logging Tuning Parameters

Disable logging when not needed.	· Using the Microsoft Management Console, navigate to the Web sites (virtual servers) under the Internet Information Server snap-in. · Right-click the Default Web Site and/or any other Web site(s) where your content exists and select Properties. · From the Web Site property page, uncheck Enable Logging to disable logging. · Click OK.	Frees up system resources, thus providing better performance.
If logging is enabled, log to a striped partition with a controller that allows write-back caching, especially if you see heavy usage on the log disk.	· Using the Microsoft Management Console, navigate to the Web sites (virtual servers) under the Internet Information Server snap-in. · Right-click the Default Web Site and/or any other Web site(s) where your content exists and select Properties. · Select the Web Site property sheet. · Click the Properties button under the logging section. · Make sure the path maps to a stripped partition.	Busy sites can see the log disk become a bottleneck since it is a point of contention.

Networking Tuning Parameters

Set receive buffers for the Network Interface Card (NIC) to maximum. If this is in a controlled environment or for a benchmark test, set it on both the client and server.	· See the documentation for you NIC for details. This parameter can often be set using the properties of the NIC under the Network Control Panel.	Dropped packets on the receiving end cause TCP to retransmit. This minimizes the number of dropped packets on the receiving end, thus, increasing performance.
Set TCP parameters in registry:	· Using Regedt32, navigate to HKLM\CurrentControlSet\Services\TCPIP Parameters. · Add value MaxUserPort if it's not already there and set to 0xfffe. · Add valueTcpWindowSize if it's not already there and set to 0x4470.	This is to ensure that the server doesn't run out of user ports. Also, a large window size works better for high- speed networks (TCP stops when the window fills up).

SMP Tuning Parameters

Control number of active Internet Information Server threads.

· Monitor the Processor Queue Depth object under System in Windows NT Performance Monitor to see if you have too many threads active. · If you have N processors in your system, a queue depth between N and 3N is good. Leave values at the default if you are not sure. · For static workloads, you can set MaxPoolThreads to 1 and PoolThreadLimit to the number of processors in your system. (These values are set in the Windows NT Registry using regedt32.exe. See the following sections for details on setting these parameters.)

There should be enough threads in the system that incoming request don't block. However, each thread uses system resources and can potentially cause unnecessary context switches. The goal is to maximize the number of threads Internet Information Server uses without causing excess context switches. Doing so ensures better performance on SMP hardware.

Optimizing for Static Workloads

Set Object Cache Time to Live (TTL) appropriately. Default: 30 Seconds	· Using Regedt32, navigate to HKEY_LOCAL_MACHINE\System \CurrentControlSet \Services\InetInfo\Parameters. · Add value ObjectCacheTTL if it's not already there. · Set to desired value. If you do not know how long you want Internet Information Server to keep an unused file open, leave ObjectCacheTTL at its default value.	This changes the frequency with which the cache scavenger runs. If your content fits in memory and is largely static, you may even disable the scavenger by setting it to 0xffffffff. A high ObjectCacheTTL works best for sites with a small number of "popular" files. If the number of "popular" files is large, a high ObjectCacheTTL may not help. Setting this entry high tells Internet Information Server to try and keep unused files open longer. This is useful if you expect these files to be reused within the TTL period. If you do not expect the files to be reused often, or the system appears low on resources, use a lower ObjectCacheTTL to conserve resources. You can also use OpenFilesInCache to limit the number of files Internet Information Server keeps open.
Set OpenFileInCache to a value large enough to cache all the open handles. Default: 1000 for every 32 MB of physical memory	· Using Regedt32, navigate to HKEY_LOCAL_MACHINE\System \CurrentControlSet \Services\InetInfo\Parameters. · Add value OpenFileInCache if it's not already there. · Set to desired value. The value depends on the amount of memory you want to make available for the Internet Information Server cache and the number of file handles you want cached.	Large Web sites need to keep more file handles open for maximum performance. If the content on your site is static, you can greatly increase the performance of your Web server by maximizing the number of files that are served from RAM as opposed from disk. You can monitor the number of cached file handles using the Cached File Handles counter under Internet Information Service Global in the Windows NT Performance Monitor.

Optimizing Active Server Pages (ASP) Performance

Set ProcessorThreadMax to a low value.	· Using Regedt32, navigate to HKEY_LOCAL_MACHINE\SYSTEM \CurrentControlSet \Services\W3SVC\ASP\Parameters. · Add value ProcessorThreadMax if it's not already there. · Decrease the value and monitor performance. If performance decreases, revert to previous value.	This changes the number of threads per CPU that Internet Information Server allocates for Microsoft Transaction Server. For well-written scripts, low numbers are better. This lowers the amount of contention.
Set the AspScriptEngineCacheMax property to ProcessorThreadMax * the number of processors in the system. Default: 30	· Configuration information related to Web sites, directories, and pages are stored in the Internet Information Server configuration data store (metabase). · Internet Information Server 4.0 includes a number of scripts that let you change settings in the MetaBase. · From the SystemRoot, navigate to /System32/inetsrv/adminisamples. · Type adsutil.vbs Set w3svc/AspScriptEngineCacheMax to ProcessorThreadMax * the number of processors in the system.	Allows each ASP thread to cache a script engine, which results in processing ASP pages more efficiently.
Enable buffering for ASP applications	· Using the Microsoft Management Console, navigate to the Web sites or ASP application name spaces under the Internet Information Server snap-in. · Right-click the site or application and select Properties. · Select the Home/Virtual Directory property sheet · Click the Configuration button under the Application Settings section. · Click the App Options property sheet · Click the Enable Buffering option. · Click OK then OK again	Setting this option buffers ASP output to the browser. This allows the server to deliver the entire response to the client as opposed to delivering the content as the server generates it.
Minimize the Session Timeout value.	· Using the Microsoft Management Console, navigate to the Web sites (virtual servers) under the Internet Information Server snap-in. · Right-click the Default Web Site and/or any other Web site(s) where your content exists and select properties. · Select the Home Directory property sheet. · Click the Configuration button under the Application Settings section. · Click the App Options property sheet. · Set Session Timeout to the minimum amount of time you need to maintain the session state of a user.	Maintaining session using the Session object in ASP requires system resources. Imagine that there are 1000 users connected at any given time. This means that the server needs to allocate resources to maintain the session state for each user. The longer the server needs to maintain the session state, the longer the resources are tied up. Therefore minimizing the Session Timeout value optimizes the server's resources and improves performance.

Application Services

The Windows NT Option Pack provides a platform for building the next generation of scalable server applications including Web-based applications for the Internet or intranet. Web-based applications can be delivered as a combination of Web pages that provide the user interface to the application and COM components that encapsulate business logic and provide access to the databases where critical business information is stored. With Active Server Pages, you can create HTML pages with embedded scripts that are processed by the Web server instead of by the browser. With Microsoft Transaction Server, you can easily create distributed applications that support transactions. With Internet Information Server, you can deploy your applications on a fast, easy-to-administer, and secure Web server.

This section focuses on Web-based applications based on the following technologies in Windows NT Server:

• Active Server Pages
• Microsoft Transaction Server
• Microsoft Message Queue Server

Architecture

The Windows Distributed interNet Applications Architecture (Windows DNA) is Microsoft's framework for building a new generation of n-tier computing solutions. Windows DNA defines a framework for delivering solutions that meet the requirements of corporate computing, the Internet and intranets, and global electronic commerce, while reducing overall costs of development.

The heart of Windows DNA is the Component Object Model (COM). Windows DNA architecture uses a common set of services, including HTML and Dynamic HTML, ActiveX controls, COM components and services, messaging, client-side and server-side scripting, transactions, security and directory services, database and data access, systems management and HTML, and component authoring environments. These services are exposed in a unified way through COM, which enables applications to interoperate and share components easily.

Multitier Architecture using Windows NT Server

Setup and Configuration of Microsoft Transaction Server

Why Use Microsoft Transaction Server?

Developers use Microsoft Transaction Server to build and deploy component-based applications on Windows NT Server. Using Microsoft Transaction Server, developers can focus on solving business problems instead of on the programming application infrastructure. Microsoft Transaction Server delivers the "plumbing," including transactions, security, scalability services, connection management, and point-and-click administration—providing developers with the easiest way to build and deploy scalable server applications for business and the Internet.

Setup

Microsoft Transaction Server installs as part of the Windows NT Option Pack typical and standard setup.

Configuration

Before you start deploying and administering packages, set your Microsoft Transaction Server up for deployment by doing the following:

• Configuring roles and package identity on the System package.
• Setting up computers to administer.

You must map the System package Administrator role to the appropriate user to safely deploy and manage Microsoft Transaction Server packages. When Microsoft Transaction Server is installed, the System package does not have any users mapped to the administrator role. Therefore, security on the System package is disabled and any user can use the Microsoft Transaction Server Explorer to modify package configuration on that computer. If you map users to System package roles, Microsoft Transaction Server checks roles when a user attempts to modify packages in the Microsoft Transaction Server Explorer.

By default, the System package has an Administrator role and a Reader role. Users mapped to the Administrator role of the System package can use any Microsoft Transaction Server Explorer function. Users that are mapped to the Reader role can view all objects in the Microsoft Transaction Server Explorer hierarchy, but cannot install, create, change, or delete any objects, shut down server processes, or export packages. For example, if you map your Windows NT domain user name to the System package Administrator role, you can add, modify, or delete any package in the Microsoft Transaction Server Explorer. If Microsoft Transaction Server is installed on a domain controller, a user must be a domain administrator to manage packages in the Microsoft Transaction Server Explorer.

To assign users to roles:

1. In the left pane of the Explorer, select the package that contains the component to which you want to assign roles.
2. Open the Roles folder.
3. Double-click the role to which you want to assign users.
4. Open the Users folder.
5. On the Action menu, click New. You can also select the Users folder and click the Create new object button, or right-click the Users folder and select New and then Users.
6. In the dialog box that appears, add user names or groups to the role. You can use the Show Users and Search buttons to locate a user account.
7. Click OK.

You can also set up new roles for the System package. For example, you can configure a Developer role that users can use to install and run packages, but not delete or export them. The Windows NT–based user accounts or groups that you map to that role can test installation of packages on that computer without having full administrative privileges over the computer.

To create a new role:

1. In the left pane of the Explorer, select the package that includes the role.
2. Open the Roles folder.
3. On the Action menu, click New. You can also select the Roles folder and click the Create new object button or right-click the Roles folder and select New and then Role.
4. In the dialog box that appears, type the name of the new role.
5. Click OK.

Caution Package security is not enabled unless you map a valid user to a package role.

Once you have configured roles for your computer's System package, enable authorization checking by selecting the check box in the Package Security property sheet. See the Enabling Security on Packages section below.

By default, the computer on which you install Microsoft Transaction Server is managed in the Microsoft Transaction Server Explorer as "My Computer." You can also use the Microsoft Transaction Server Explorer to manage other computers. Add any new computers that you need to administer to the Computers folder in the Explorer by selecting the Computer icon and doing one of the following:

• Selecting New from the Action menu.
• Clicking the Create a new object icon on the Microsoft Transaction Server Explorer toolbar.
• Right-clicking My Computer and choosing New and then Computer.

Then enter a computer name in your Windows NT domain in the dialog box to add the remote computer as a top-level folder. You must be mapped to the Administrator role on the remote computer.

Enabling Security on Packages

Microsoft Transaction Server offers two types of package security:

• Programmatic security—Provides interfaces that you can use to create customized security within your application logic. See the MTS Programmer's Guide for more information about using programmatic security.
• Declarative security—Allows you to define roles and assign Windows NT–based users or groups of users to roles using the Microsoft Transaction Server Explorer.

Important Library packages do not support role checking. To enable security, you must change the activation setting to a server package.

Administrators use declarative security to secure packages, ensuring that only clients with access privileges can run the package. Access is granted through the Explorer using Microsoft Transaction Server roles and Windows NT–based user and group accounts. Note that since declarative security uses Windows NT–based accounts for authentication, you cannot use declarative security for a package running on a Windows 95–based computer.

To set up declarative security for a package, perform the following steps:

1. Define roles at the package level using the New Role dialog box.

   

2. Map users to roles using the Add New Users to Roles dialog box. Note that a package with no valid users in any Role cannot be called.

3. Assign the role that you defined to the Role Membership folder of a component or interface if you want to restrict access to a specific component or interface.
4. Enable security for the package on the Security tab of the package property sheets.

If you do not map the user account you're currently using to the Administrator role before enabling System package security, you will be refused access to Microsoft Transaction Server Explorer functions that modify configuration (such as adding users to roles). If this happens, you need to log on as a user that has been mapped to the Administrator role. To protect administrators from being locked out of the System package, the Microsoft Transaction Server Explorer displays an error message if you try to:

• Enable security for the System package when no users are mapped to the administrator role.
• Delete the last user from the Administrator role when security has been enabled for the System package.

If you do not enable security for the package, then Microsoft Transaction Server does not check roles for the component or interface. In addition, if you do not have security enabled for a component, Microsoft Transaction Server does not check roles for the component's interface.

Note Turning off declarative security for individual components or the package is useful when debugging packages.

Microsoft Message Queue Server (MSMQ)

What is MSMQ?

Microsoft Message Queue Server (MSMQ) is a fast store-and-forward service for Windows NT Server that enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline. Applications send messages to MSMQ, and MSMQ uses queues of messages to ensure that the messages eventually reach their destination. MSMQ provides guaranteed message delivery, efficient routing, security, and priority-based messaging.

Why Use MSMQ?

Most distributed computing applications today use synchronous communication technologies such as remote procedure calls. Communications are synchronous when the sender of a request must wait for a response from the receiver of the request before it can proceed on to performing other tasks. The time that the sender must wait is completely dependent on the time it takes for the receiver to process the request and return a response. If the receiver is not running at the same time as the sender, then synchronous communications fail.

With asynchronous communications, senders make requests to receivers via message queues and can move on to other tasks immediately. If a response is expected back from the receiver, it is up to the original sender to decide when to actually look for and process the response. Most important, there is no guarantee that receivers process requests within any particular timeframe. In fact, with asynchronous communications, there are no requirements that receivers be running in order for a sender to initiate a request.

MSMQ makes it easy for application programs to communicate with other application programs quickly, reliably, and asynchronously by sending and receiving messages. MSMQ offers a wide range of powerful and innovative features that are tightly integrated with the Windows 95 and Windows NT operating systems. MSMQ also offers interoperability with other key platforms and applications, such as IBM's CICS and MQSeries, via products from Level 8 Systems.

Setup

MSMQ uses Microsoft SQL Server for storing configuration information, NOT for storing messages. Express mode and Reliable mode messages are held in RAM or in a memory-mapped file on disk, respectively.

Note SQL Server is required only on Site Controllers, a subset of MSMQ servers, which use the information for routing and administrative operations.

Note You cannot replace SQL Server with another relational database management system (RDBMS) to store the MQIS. However, this does not mean that another RDBMS cannot participate in an application that uses the queuing system.

Note Microsoft SQL Server 6.5 Service Pack 2 is not compatible with Microsoft Message Queue Server (MSMQ). If you attempt to run MSMQ with this version of SQL Server, you receive error messages during the installation or you receive an error message logged in the Windows NT Event Log when you try to run the MSMQ service.

The requirement to use SQL Server is temporary. It is planned that in the future, the MQIS information will be stored in one of the planned native Windows NT functions, eliminating the SQL Server requirement. As an interim solution, a limited version of SQL Server is provided with Windows NT Server 4.0 Enterprise Edition for the purpose of installing Message Queue Server on that platform. You can configure the limited version of SQL Server for automatic fail over in a Windows NT Server 4.0 Enterprise Edition Cluster.

Note The limited SQL Server is for installation on Windows NT Server Enterprise Edition only. On the Windows NT Server 4.0 platform, you would need to install a separately licensed copy of SQL Server 6.5 to implement a Message Queue Server Site Controller.

MSMQ uses four server types to control message queuing:

• Primary enterprise controller (PEC)
• Primary site controller (PSC)
• Backup site controller (BSC)
• MSMQ server

For best performance, do not install MSMQ servers on a domain controller (PDC or BDC), because PDCs and BDCs maintain and replicate the network accounts database and perform network login authentications, which are resource-intensive tasks. However, if you have a very small network in which account information rarely changes, and in which users do not log on and off frequently, you can use the same server as a domain controller and an MSMQ server.

You must install a PEC before you can install any other MSMQ servers or clients.

MSMQ controller servers (PEC, PSCs, and BSCs) use a Microsoft SQL Server version 6.5 database to store the MSMQ information store (MQIS). The Windows NT 4.0 Option Pack does not include SQL Server version 6.5 for use with MSMQ. To use MSMQ with the Windows NT 4.0 Option Pack, you must do one of the following:

• Install an MSMQ server (not a PEC, PSC, or BSC), independent client, or dependent client, and rely on an existing MQIS server on your network.
• Install the evaluation version of SQL Server 6.5. This version of SQL Server is provided on the Windows NT 4.0 Option Pack CD and can only be used for 90 days.
• Install the retail release of SQL Workstation 6.5. This release of SQL Server is intended for use in development environments and is limited to 15 concurrent connections.
• Install the retail release of SQL Server 6.5.

For more information on setting up MSMQ, refer to the deployment section of the MSMQ documentation.

Web-Based Applications

A Web-based application is a multiuser server application. Unlike a desktop application, a server application requires a sophisticated infrastructure and needs to deliver a higher level of reliability. Internet Information Server 4.0 offers a number of new technologies that enhance the reliability of the Web server and Web-based applications.

Deploying ASP Web-Based Applications

In its simplest form, an ASP-based application consists of all the HTML and script files stored within an application boundary. Before any sessions are created, the application initializes, instantiates application-scope components, and imports type-library declarations. From that point on, each connected user has a separate and distinct session, with its own values and component instances.

Application Boundaries

An ASP-based application consists of all the files in its root virtual directory and in any subdirectories. An application defines a namespace (also called the application root) that begins at the root directory and includes all files, directories, virtual directories contained within—except those that are application roots themselves or ancestors of another application root. For example, if a virtual directory "Applications" and its subdirectory "Isolated Applications" are both application roots, then URLs that contain only "/Application" are part of one application, and URLs that contain "/Application/Isolated Application" are part of the other. The figure to the left illustrates how this looks in the Internet Service Manager.

Application name space for Web-based applications

Creating a Web-Based Application

To create an application, you designate a directory as the starting point for the application. You can then set properties for the application. Each application can have a friendly name. This name appears in Internet Service Manager and gives you a way to distinguish between applications. The application name is not used anywhere else.

To create an application:

1. In Internet Service Manager, select the directory that is the application starting point. You can designate the home directory of a Web site as an application starting point.
2. Open the directory's property sheets and then click the Home Directory, Virtual Directory, or Directory tab.
3. In the Name text box, type a name for your application.
4. Click the Create button.

Isolating Applications

You can isolate server applications, which means they run in a process separate from the Web server process. If an isolated application fails, it won't affect the running of the server (or of other applications, except for those that work as a unit with the failed application). Isolating an application can also be described as running it in a separate memory space.

Generally during Web development, it is a good idea to isolate applications until they are proven; slightly more memory is used and less performance is achieved, but the server is less likely to fail if an application fails.

1. In Internet Service Manager, select the Web site or the starting point directory of an application.
2. Open the directory's property sheets and then click the Home Directory, Virtual Directory, or Directory tab.

   You should be in the property sheets for the directory listed as the Starting Point directory. The Application Name box should be filled in.

3. Make sure that the Run in Separate Memory Space (Isolated Process) check box is selected.
4. Click OK.

The Web server finishes processing any current requests for the application, then creates a separate process for the application. At the next request for the application, it runs in a separate memory space.

Enabling ASP Debugging

One of the new features in Internet Information Server 4.0 is script debugging. You can use Microsoft Script Debugger to look for errors in your ASP scripts. To use the debugger on your Web server, you must first configure the server for debugging as below. For information on using the debugger to examine your scripts, see Debugging ASP Scripts and the Help system for Script Debugger in the Option Pack documentation.

To enable ASP debugging:

1. In Internet Service Manager, select the Web site or the starting point directory of an application.
2. Open the directory's property sheets and then click the Home Directory, Virtual Directory, or Directory tab.
3. Click Configuration, then click the App Debugging tab.
4. To enable debugging, select Enable ASP Server-Side Script Debugging. The debugger is started when an error is generated from a script or when ASP encounters a breakpoint in a script.

Note Debugging is only available on the local computer. You should only enable debugging during the development stages of the applications. When deploying your ASP application on your production server, make sure to disable ASP debugging.

Accessing a Database

ActiveX Data Objects (ADO) are an easy-to-use yet extensible technology for adding database access to your Web pages. You can use ADO to write compact and scalable scripts for connecting to Open Database Connectivity (ODBC) compliant databases (such as Microsoft Access, Microsoft SQL Server, and Oracle) and OLE-DB compliant data sources.

Creating an ODBC Data Source Name File

Before creating database scripts, you need to provide a way for ADO to locate, identify, and communicate with your database. Database drivers—programs that pass information from your Web application to a database—use a Data Source Name (DSN) to locate and identify a particular ODBC compliant database. Typically, the DSN contains database configuration, user security, and location information, and can take the form of an entry in the Windows NT registry or a text file.

With ODBC, you can create three types of DSNs: User, System, or File. The User and System DSN reside in the Windows NT registry. The System DSN enables all users logged on to a particular server to access a database, while the User DSN limits database connectivity to a specific user with appropriate security credentials. The File DSN, which takes the form of text file, provides access to multiple users and is easily transferable from one server to another by copying DSN files. For these reasons, the examples shown here use the File DSN.

You can create a file-based DSN by opening Control Panel from the Windows Start menu. Double-click the ODBC icon, and then select the File DSN property sheet. Click Add, choose your database's driver, and then click Next. Follow these instructions for configuring a DSN for your particular database software.

To configure a Microsoft Access Database File DSN:

1. In the Create New Data Source dialog box, select Microsoft Access Driver from the list box, then click Next.
2. Type in a name for your DSN file, then click Next.
3. Click Finish to create the data source.
4. On the ODBC Microsoft Access 97 Setup dialog box, click Select. Choose a Microsoft Access database file (*.mdb), then click OK.

Note For performance and reliability reasons, it is strongly recommend that you use a client/server database engine for the deployment of data-driven Web applications that require high-demand access from more than 10 concurrent users. Although Active Server Pages works with any ODBC-compliant database, it has been extensively tested and is designed to work with client/server databases such as Microsoft SQL Server or Oracle.

On some occasions, users may experience problems connecting to an Access database through an ASP page using ODBC. This is due to the way the Jet ODBC driver pools threads when used with Internet Information Server. In short, the thread processing the work takes on the security context of Internet Information Server (localsystem), which cannot access a remote computer. The Jet team is looking into the issue.

ASP supports shared file databases (Microsoft Access or Microsoft FoxPro® database) as valid data sources, but it is recommended that these types of database engines be used only for development purposes or limited deployment scenarios. Shared file databases may not be as well suited as client/server databases for very high-demand, production-quality Web-based applications.

To configure a SQL Server Database File DSN:

Note If the database resides on a remote server, contact the server administrator for additional configuration information; the following procedure uses the ODBC default settings for SQL Server, which may not work for your hardware configuration.

1. On the Create New Data Source dialog box, select SQL Server from the list box, then click Next.
2. Type in a name for your DSN file, then click Next.
3. Click Finish to create the data source.
4. Type in the name of the server running SQL Server, your login ID, and your password.
5. On the Create a New Data Source to SQL Server dialog box, type the name of the server containing the SQL Server database in the Server list box, then click Next.
6. Select a method for verifying Login ID authenticity.
7. If you choose SQL Server authentication, enter a login ID and password, then click Next.
8. In the Create a New Data Source to SQL Server dialog box, set your default database, driver stored procedure settings, and ANSI identifiers, then click Next. (For more information, click Help.)
9. In the dialog box (also named Create a New Data Source to SQL Server), choose a character translation method, then click Next. (For more information, click Help.)
10. In the next dialog box (also named Create a New Data Source to SQL Server), select logging options.

    Note Typically, you should only use logging for debugging database access problems.

11. On the ODBC Microsoft SQL Server Setup dialog box, click Test Data Source. If the DSN was created correctly, the Test Results dialog box indicates that testing was completed successfully.

Note To improve performance when connecting to a remote database, use TCP/IP Sockets.

Note If you use SQL Server Integrated or Mixed security features, and the SQL Server database resides on a remote server, you cannot use Windows NT Challenge/Response authentication. Specifically, you cannot forward Windows NT Challenge/Response credentials to the remote computer. This means that you may have to use Basic authentication, which relies on the user to provide user name and password information.

To configure an Oracle Database File DSN:

Make sure that the Oracle client software is correctly installed on the computer where you intend to create the DSN. Consult your server administrator and database software documentation for more information.

1. On the Create New Data Source dialog box, select Microsoft ODBC for Oracle from the list box, then click Next.
2. Type in a name for your DSN file, then click Next.
3. Click Finish to create the data source.
4. Enter a user name, password, and server name, then click OK.

Note DSN files have a .dsn extension and reside in the \Programs\Common Files\ODBC\Data Sources directory.

For more information about creating a DSN file, visit the Microsoft ODBC Web site at http://microsoft.com/odbc/ .

Web Site Analysis Tools

Microsoft Site Server Express allows Web site administrators to analyze server log files, visualize and crawl a Web site to map content and check for broken links, and easily publish content from a browser to an Internet Information Server. Site Server Express offers a subset of functionality found in Microsoft Site Server. It includes Content Analyzer, Usage Import and Report Writer, and Posting Acceptor.

Installation Requirements

The recommended hardware and software requirements for Site Server Express are as follows:

• Microsoft Windows NT Server 4.0 with Windows NT 4.0 Service Pack 3
• Microsoft Internet Explorer 4.01
• Intel-based systems: 90 MHz Pentium processor; 32 to 64 MB of RAM
• 44 MB hard-disk space for a full installation

Site Server Express vs. Site Server

Site Server Express contains the following components:

• Content Analyzer: Provides comprehensive site visualization, content analysis, link management, and reporting capabilities for managing Web sites.
• Usage Import and Report Writer: Lets you collect and analyze Internet Information Server log files from a single server. There are 21 predefined reports that give you insight into the actual requests, users, and organizations that interact with your site.
• Posting Acceptor: A server add-on tool that Web content providers can use to publish their content using HTTP Post (RFC 1867). After installing Posting Acceptor on your Web server, you can provide a hosting service for users wanting to post Web content to your server.

Site Server contains the functionality of Site Server Express, plus the following components:

• Personalization System—Lets you deliver targeted content by using Active Server Pages to generate Web pages based on user preferences.
• Microsoft Visual InterDev—An integrated development system for building Web-based applications. It includes wizards, content creation tools, and seamless connectivity to any ODBC-based databases.
• Content Replication System (CRS)—Enables the implementation of site staging and mirror servers and the connection of departmental Web sites into a corporate backbone.

Site Server vs. Site Server Enterprise Edition

All of the functionality of Microsoft Site Server (content deployment, personalization, Visual InterDev, usage analysis, and site analysis) is included in the Site Server Enterprise Edition with the addition of commerce and advanced usage analysis features such as the ability to create custom reports.

Setting Up and Using Usage Import and Report Writer

What Is Usage Import and Report Writer?

Each time a user interacts with your Internet site, your server software records information about the interaction, commonly referred to as a hit, in a single line of a log file. Microsoft Site Server Express includes two usage analysis components, Usage Import and Report Writer, that work with the data contained in the log file. The Usage Import component reads your log files and puts them in a relational database. The Report Writer component produces your analysis reports.

When Do I Use Usage Import and Report Writer?

Use Usage Import and Report Writer to extract trend and usage information from your log file data. These tools provide you with valuable insights for making informed Internet business decisions.

Setting Up Usage Import

1. Locate the Internet server log file on the local computer.
2. Start Usage Import by selecting Start, Programs, Windows NT 4.0 Option Pack Microsoft Site Server Express 2.0, Usage Import. The first time you import data, Usage Import tells you that no sites are configured and it walks you through the configuration process.

   

3. Identify the log file format of your log data source by selecting your log file format from the list. (If a site has already been configured, Usage Import does not walk you through this wizard. In that case, go to the menu and select File, then Server manager. Right-click the Log data sources icon.) When finished, select OK.

   

4. Specify the server properties by selecting the server type (WWW, FTP, Gopher, or RealAudio, etc.) on the Server Properties panel. Under Server configuration, type the name of any directory index files and the IP address of the server. Under Hosting facility, select the local time zone and type in the domain of your host. This lets you distinguish between internal and external hits. When finished, select OK.

5. Once you've configured the server and site, the Usage Import brings up the Log file manager. Type in the complete path for your log file in the text box or select Browse and locate it in the file system.

6. Click the green Start import button. Usage Import processes your log file and notifies you when it's complete.

Using Report Writer

1. Start the Report Writer by selecting Start, Programs, Windows NT 4.0 Option Pack Microsoft Site Server Express 2.0, Report Writer.
2. Choose to create a report from the catalog. You have the option of creating a report from scratch, but it is recommended that the first time through you use one from the standard catalog.

   

3. From the Report Writer catalog, select one of the Report Writer reports from the analysis catalog, then select Next.

4. Select the date-range to analyze (default is every request) and then click Next.

5. Add custom filters to include or exclude data for analysis. Boolean expressions are allowed. When finished, select Finish.

6. Click the green Create Analysis Report button.

7. View the analysis report.

If you produced an HTML file, your Web browser opens automatically, and the filename you specified for the analysis report is displayed. If you created a Microsoft Word file, start Microsoft Word and open the file you specified. If you specified a text file, start a text editor such as Notepad and open the filename you specified.

Setting Up and Using Content Analyzer

What Is Content Analyzer?

Webmasters, content authors, and Web-server administrators can use Content Analyzer to find broken links, analyze site structure and object properties, manage local and remote sites, and perform a variety of other Web site management tasks. With Content Analyzer, you have the option of viewing your site in several different ways. The Tree view provides a linear hierarchical view of the map. The Cyberbolic view depicts the map items in a web-like structure that emphasizes their interconnected nature. Below is an example WebMap of a Web site presented in the tree and Cyberbolic view.

When Do I Use Content Analyzer?

Use Content Analyzer to visualize how your site is laid out and to create HTML reports to detail the type of content on the site. Reports you generate can include information such as: not found objects (server error 404), broken onsite links, and offsite links from external Web sites.

Setting Up Content Analyzer

When you double-click an object in a WebMap, Content Analyzer launches your Web browser (if necessary) and displays the corresponding object in your browser. Your Content Analyzer default browser configuration determines which browser is launched. When you install Content Analyzer, your most recently installed browser is configured as the default. If you have more than one Web browser on your computer, you can change the default to the browser of your choice.

To set up a default browser:

1. From within Content Analyzer, choose Program Options from the View menu, then choose the General tab in the Program Options dialog box.

2. In the Browser box, enter (or browse for) the path and name of the browser you want to use as the default.
3. Be sure that the Synchronize WebMap to Browser Location check box is selected if you want the pages you navigate to in the browser to be simultaneously selected in the map. If you don't want the map to synchronize with your browser selections, clear the check box.
4. Select OK.

You can launch helper applications that work side-by-side with Content Analyzer. Helper applications include Web browsers and source file editors such as HTML editors, word processors, graphics programs, sound editors, and so on.

For each object type in a WebMap, you can start any of the configured helper applications for that object type. For example, if you want to change a graphic image, you can click the appropriate image icon in the WebMap and open the corresponding GIF file in a configured graphics program.

To configure helper applications:

Helper applications include Web browsers and source file editors such as HTML editors, word processors, graphics programs, sound editors, and so on. You can configure up to nine helper applications for each type of object in a map.

1. Choose Program Options from the View menu.
2. In the Program Options dialog box, choose the Helpers tab.

3. In the Object Type list, choose the type of object for which you want to configure a helper application. A list of the currently configured applications for the selected object type appears in the Helper Applications list.
4. Click Add. The Add Helper Application dialog box appears.

   

5. Specify the executable file of the application that you want to configure. You can use the Browse button to select the application.
6. Click OK to return to the Helpers tab.

   In the Menu Text box, type the name as you want it to appear in the Launch Helper App menu (on the Tools menu or the right-click menu).

   • For example, if you want to use different graphic editors for JPEG and GIF format files, you could list one in the submenu as JPEG Editor and the other as GIF Editor.
7. In the Parameters box, specify the file information and/or other parameters required by the application. For a list of file-related variables that you can choose from, click the File Param button. The variable you select replaces the current contents of the Parameters box. If you want it appended to the end of the current contents instead, clear the contents of the Parameters box before adding the variable.
8. Click Apply or OK.

Using Content Analyzer with a Proxy Server

Note If you're using the WINSOCK proxy, you don't need to do anything at all. Microsoft Analyst automatically recognizes the WINSOCK proxy, so don't fill in any information on the Proxy tab.

1. Obtain your proxy address.
2. Choose Program Options from the View menu. The Program Options dialog box appears.
3. Select the Proxy tab.

4. Select Custom Proxy Configuration.
5. Enter the IP address or host name and the Port number.
6. Click Apply or OK. Content Analyzer verifies the existence of the proxy server and now recognizes the proxy server address.

You must bypass the proxy server if it is located outside the firewall and you're working inside the firewall on internal Web resources. (You may also want to bypass the proxy server if both the server and the site are internal.) To do this, you must enter the addresses that you want the proxy server to bypass.

To bypass the proxy server:

1. Ask your system administrator for the IP address or host name and port number of the computer(s) you want to bypass.
2. Choose Program Options from the View menu. The Program Options dialog box appears.
3. Select the Proxy tab.
4. Select Custom Proxy Configuration.
5. Click the Add button. The Add Proxy Bypass dialog box appears.
6. Enter the IP address or host name of the computer, then enter the port number.

7. Click Add.
8. When you've finished adding IP addresses, click Close. The addresses appear in the Bypass Proxy On list.
9. Click OK.

When you don't want to access the Internet with a proxy server (for example, when you want to work only inside the firewall), you can disable the proxy service. If you do, the existing settings in the dialog box remain intact, but appear disabled.

To disable the proxy server, select disable proxy services from the above dialog box.

If your site has password protected areas

If you've protected any of your site's areas with passwords, you'll need to inform Content Analyzer about them. If you don't, Content Analyzer won't be able to map any of the pages in those areas. Here's what to do:

1. Choose Program Options from the View menu.
2. Select the Passwords tab. (If you've already configured any passwords, you'll see them listed by domain, realm, and User ID.)

   

3. Click Add. The Add dialog box appears.

For each password-protected area, you'll need to enter the domain, realm (often this is the same as the server name; usually a realm is the name of a protected resource or area on the server), user ID, and password. If several pages share the same information (for example, a set of pages in a single protected area), you only need to enter it once. You can modify password information at any time. Just click Modify instead of Add on the Passwords tab. If you want to delete a password, select it and click Delete.

Note If the site you're dealing with is on a Microsoft Internet Information Server server, the User ID needs to be in the form of Domain\UserName, where Domain is the Windows NT login domain, and UserName is the Windows NT user name.

Using Content Analyzer

With Content Analyzer, you can map local sites, such as those on a local or networked file system or on an internal Web server, and public sites located on the World Wide Web. You can also generate site reports for detailed analysis of a Web site. Content analyzer displays the summary site reports in your Web browser.

Creating a WebMap

Choose New from the File menu and then choose either Map from File or Map from URL from the submenu.

Now, follow one of the next two procedures, depending on whether you're mapping from a URL or a file system.

To map from a file system:

1. Enter the path and filename for the home page (or any other page in the site where you want to start mapping) in the Home Page Path and filename text box.

   In the Domain and Site Root text box, enter the domain and root directory for the site.

   • If you want to start mapping the site from a page other than the site's top home page, add the path to that page after the domain name (but don't include the page's filename).
2. If you have any CGI scripts in your site, and they're not in the disk directory \cgi-bin (where "\" is the site root on disk), enter or browse for their location in the CGI Bin Directory text box. If you don't enter a location, Content Analyzer won't be able to find the scripts, and they'll show up as broken links in the map. For instance, if you've created an alias directory for your CGI scripts called /usr/bin, you'd enter that alias in the CGI BIn Directory box.
3. Click OK.

To map a URL:

1. In the Home Page Address box, enter the URL of the site's home page (or any other page in the site where you want to start mapping).
2. Click OK.

To create an HTML report:

You can generate a report at the same time that you create a WebMap by following these steps:

1. From the File menu, choose New Map from URL.
2. In the Home Page Address box, enter the URL of the site you want to map.
3. Select the Generate Site Reports check box. (See New Map from File dialog box pictured above.)
4. After specifying the mapping options you want to use, click OK.
5. When the Generate Site Reports dialog box appears, specify the location in which to save the report files. Content Analyzer automatically names the files with a prefix based on the domain name of the site you are mapping and appends text that identifies the report file. For example, if you map http://www.microsoft.com/ , the Site Summary Report name is microsoft_summary.html. If the default prefix doesn't suit your needs, you can specify another in the Report Prefix box.
6. To save a copy of the map (for example, "www.microsoft.wmp") with the site reports, select the check box called Save Copy of Map to Report Directory.
7. Click OK.

When Content Analyzer has finished mapping and analyzing your site, the Site Summary Report appears in your browser.

Installation With Other Microsoft Products

Microsoft Proxy Server

Upgrading to Internet Information Server 4.0 with Microsoft Proxy Server 1.0

Microsoft Proxy Server (MPS) 1.0 is not compatible with Internet Information Server 4.0. Before installing Internet Information Server 4.0, you must upgrade from MPS 1.0 to MPS 2.0. You can upgrade and install MPS 2.0 using an in-place upgrade directly over your previous installation of MPS 1.0. There is no need to uninstall MPS 1.0 prior to upgrading. In addition, MPS maintains prior server configuration settings, such as Access Control Lists (ACLs) and other settings, after the upgrade to MPS 2.0 is completed.

Upgrading to Internet Information Server 4.0 with Microsoft Proxy Server 2.0

Once you upgrade to use Internet Information Server 4.0 on a server computer running MPS 2.0 and Internet Information Server 3.0, you need to run MPS 2.0 setup again. This reinstallation is needed, because Internet Information Server 4.0 installs Microsoft Proxy Server as a global ISAPI filter for all Web servers. Repeating MPS 2.0 setup configures Microsoft Proxy Server correctly, as a non-global filter of the Internet Information Server default Web service for the local server computer (or "localhost").

There is no need to uninstall MPS 2.0 prior to upgrading to Internet Information Server 4.0. Also, MPS 2.0 maintains prior settings, such as Access Control Lists (ACLs) and other configuration settings when in-place reinstallation of MPS 2.0 is completed.

Verifying Authentication Settings After Internet Information Server 4.0 Is Installed

After you have upgraded to Internet Information Server 4.0, you should verify that "Password Authentication" settings are maintained and correctly configured as you have chosen to use them in Internet Information Server 3.0.

For Internet Information Server 3.0, "Password Authentication" properties are set using the Internet Service Manager (ISM). To view or modify these settings using ISM, do the following:

1. Double-click the computer name next to the "WWW service."
2. Under "Password Authentication," note which methods are selected for use in authenticating users. The methods that can be optionally set include either "Allow Anonymous," "Basic (Clear Text)," or "Windows NT Challenge/Response."
3. Click OK or Cancel to close this dialog.

For Internet Information Server 4.0, "Password Authentication" properties are set with Microsoft Management Console (MMC).

Microsoft Exchange Server

Internet Information Server 4.0 Active Server components

Internet Information Server 4.0 is not supported by the Exchange Server version 5.0 Active Server Components. Installing them both on the same computer results in error messages, and the Outlook™ Web Access client returns error messages. Exchange Server 5.5 does support Internet Information Server 4.0. To use Exchange with the Outlook Web Access client, you must install Exchange Server 5.5 before installing Internet Information Server 4.0.

SMTP and NNTP

Microsoft SMTP Service included in the Windows NT 4.0 Option Pack is designed to be used as an outbound mailer for mail-enabled applications. It does not provide the POP3 or IMAP4 protocol support necessary for use by electronic mail client software. Mailboxes are not available in Microsoft SMTP Service.

Microsoft NNTP Service is installed as part of Microsoft Internet Information Server 4.0. This service supports any NNTP-compatible client, such as the Microsoft Internet Mail and News component of Microsoft Internet Explorer version 3.02 or 4.0. To enable security, you must use a client that supports secure sockets layer (SSL) or Windows NT Challenge/Response, such as Internet Mail and News.

Microsoft Exchange Server supports a broader variety of messaging and groupware functionality than is offered by the Option Pack. Exchange Server offers messaging and collaboration features as well as supporting such popular Internet protocols as: HTTP, NNTP, POP3, LDAP, SMTP, MIME, X.400, MAPI, TCP/IP, PPP, SLIP, and X.509.

Additional Resources

The Windows NT 4.0 Option Pack makes Windows NT Server the best multipurpose server by adding new Web, application, and communication services to the platform. This guide provided you with information on setting up and deploying the technologies in the Option Pack on your Windows NT Server. The following additional references are also available:

Internet Information Server

The following Web sites contain further information and useful resources for Internet Information Server and the Windows NT 4.0 Option Pack.

http://www.microsoft.com/IIS/

The Internet Information Server product Web site. Among other things, it provides developer news, samples, and updates on Internet Information Server.

http://www.microsoft.com/workshop/

The Active Server Pages area of the Site Builder Network.

http://www.activeserverpages.com/

A good Active Server Pages resource. The site contains ASP-related articles, ASP FAQs, tutorials, tools, and free ASP component downloads.

http://www.microsoft.com/merchant/

Microsoft's Internet commerce Web site, including information on Site Server, Commerce Server, and the Microsoft Wallet.

http://mspress.microsoft.com/

The Microsoft Press® Web site. Microsoft Press publishes a number of books and training materials about Microsoft's products and related technologies.

http://www.microsoft.com/sitebuilder/

The Microsoft Site Builder Network includes tips, tricks, and tools for Web designers, producers, programmers, and more.

Books

Windows NT Server 4.0 Resource Kit (Microsoft Press, 1996–1997).

Network building and maintenance, security issues, Windows NT features that help with information management, and more.

Internet Information Server Resource Kit (Microsoft Press, 1996–1997).

Provides detailed information on building and deploying Web sites and Web-based applications.

Security

The following books and Web sites provide additional information relevant to Windows NT Server and Internet Information Server security.

http://www.microsoft.com/security/

The Microsoft Security Advisor Web site.

http://www.microsoft.com/msdn/

The Microsoft Developer Network Web site.

Books

Amoroso, E. Fundamentals of Computer Security Technology (Prentice Hall, 1994).

Amoroso, E. and R. Sharp. PCWeek Intranet & Internet Firewall Strategies (ZD Press, 1996).

Anonymous. Maximum Security: A Hacker's Guide to Protecting your Internet Site and Network (Sams, 1997).

Castano, S., M. Fugini, Martella G., et al. Database Security (Addison Wesley, 1994).

Cheswick W.R., and S.M. Bellovin. Firewalls & Internet Security: Repelling the Wily Hacker (Addison Wesley, 1994).

Davis, P.T., ed. Securing Client/Server Networks (McGraw-Hill, 1996).

Ford, W., and M.S. Baum. Secure Electronic Commerce (Prentice Hall, 1997).

Ford, W. Computer Communications Security (Prentice Hall, 1994).

Garfinkel, S. and G. Spafford. Practical Unix & Internet Security (O'Reilly & Assoc., 1996).

———. Web Security & Commerce (O'Reilly & Assoc., 1997).

———. Practical Unix Security (O'Reilly & Assoc., 1996).

Grimes, Richard. Professional DCOM Programming (WROX Press, 1997).

Hughes, L. Actually Useful Internet Security Techniques (New Riders, 1995).

Jackson, K.M. and J. Hruska. Computer Security Reference Book (CRC, 1992).

Kyas, O. Internet Security—Risk Analysis, Strategies & Firewalls (Thomson, 1996).

Lynch, D.C. and L. Lundquist. Digital Money (Wiley, 1995).

McGraw, G., and E. Felten. Java Security, Hostile Applets, Holes & Antidotes (Wiley, 1996).

Neumann, P. Computer Related Risks (Addison Wesley, 1995).

Rubin A.D., D. Geer, and M.J. Ranum. Web Security Sourcebook (Wiley, 1997).

Russell, D. and G.T. Gangemi. Computer Security Basics (O'Reilly & Assoc., 1991).

Schneier, B. Applied Cryptography. 2nd Edition (Wiley, 1996).

Stallings, W. Protect Your Privacy (Prentice Hall, 1995).

Stoll, C. The Cuckoo's Egg (Pan, 1995).

Web Security—A Matter of Trust (World Wide Web Journal, Vol. No. 3 Summer) (O'Reilly & Assoc., 1997).

Windows NT 4.0 Server Resource Kit, Windows NT Server Internet Guide (Microsoft Press, 1996). Chapter 3, "Server Security on the Internet."

Windows NT 4.0 Server Resource Kit: Supplement 1 (Microsoft Press, 1997). Chapter 1, "Securing Your Web Site."

Performance and Capacity Planning

The following books and Web sites provide additional information relevant to building, testing, and deploying high-performance Web sites.

http://andrew2.andrew.cmu.edu/rfc/rfc1794.html

"Tuning Web Site Performance," an article originally published in Network Magazine.

http://www.nightflight.com/htdocs/web-performance.html

Links to several articles on performance.

http://www.starnine.com/webstar/overview.html

"A Model of Web Server Performance," an article by Louis Slothouber.

NASA paper on optimizing RAID performance with cache.

http://tebbit.eng.umd.edu/nasa/node12.html

Discussion of ATM networking latency.

http://www.canadacomputes.com/tc/Nov96/Cwb.html

Overview of memory types.

http://www.ots.utexas.edu%20:8080/ethernet/gigabit.html

Description of Gigabit Ethernet, with links to other sources of information on Ethernet.

Books

Professional Web Site Optimization (Wrox Press Ltd., 1997).

WebMaster in a Nutshell (O'Reilly and Assoc., 1997).

Web Server Technology: Advanced Guide for World Wide Web Information Providers (Morgan Kaufman Publishers, 1996).

Web-Based Applications

The following books and Web sites provide additional information relevant to developing Web-based applications.

http://www.15seconds.com/

A free resource for developers working with Microsoft Internet solutions. There are four main resources: the 15 Seconds newsletter, Stephen Genusa's Frequently Asked Questions, List Servers, and the Consultant Program. There are also book reviews, how-to articles, and job opportunities that deal with ASP and Microsoft Internet solutions.

http://www.activeserverpages.com/

Contains ASP-related articles, ASP FAQs, tutorials, tools, development discussion, and free ASP component downloads.

http://www.activestate.com/

ActiveState Tool Corporation distributes a free PerlScript engine for Active Scripting platforms, such as ASP and Microsoft Win32®, and an ISAPI implementation of Perl. The Perl samples in this chapter were tested with ActiveState's PerlScript.

http://www.chilisoft.net/

Chilisoft's Chili!ASP brings the power of ASP to servers other than Internet Information Server. Chili!ASP can host ASP pages and components on a variety of Web servers without any changes to code. Includes support for Windows NT–based Netscape Web servers.

http://www.genusa.com/asp/

The premier "unauthorized" support site for ASP. Provides an excellent collection of ASP resources.

http://support.microsoft.com/support/

The Microsoft Knowledge Base (KB) contains many useful articles on Active Server Pages.

http://www.microsoft.com/intranet/

Microsoft and Hewlett Packard have created the Intranet Solutions Center—a comprehensive Web site that has everything you need to plan and build an intranet site. Explore white papers, FAQs, and case studies, or download free intranet solutions written by top Microsoft Solution Providers.

http://www.microsoft.com/iis/

This is the Active Server Pages workshop area of Microsoft's Site Builder Network, a must-see resource.

Books

Official Microsoft Intranet Solutions (Microsoft Press, 1997).

A tools-based approach to intranet site development using Microsoft Office 97 applications and Microsoft FrontPage 97.

Corning, Working with Active Server Pages (Que Corporation, 1997).

Covers design, development, and implementation of ASP pages. Includes examples of database-driven customer scenarios using ASP and ADO.

Hettihewa, Windows NT 4 Web Development (Sams.net Publishing, 1996).

Complete Web site design from client to server.

Homer, Professional Active Server Pages (Wrox Press Ltd., 1997).

A highly recommended and comprehensive tutorial of ASP and ADO. Includes practical techniques for creating n-tier Web-based applications.

Data Access and Transaction

The following books and Web sites provide additional information relevant to Web server data access and transactions.

http://www.apexsc.com/

The definitive source for information on a variety of data-bound grid controls. As a service to DBGrid users everywhere, Apex Software Corporation provides free online help, samples, and downloads.

http://www.microsoft.com/data/

The latest Microsoft Transaction Server news, white papers, and development guides. Find out about the latest news, trends, events, and product information.

Books

Fleet, Warren, Chen, and Stojanovic. Teach Yourself Active Web Database Programming in 21 Days (Sams.net Publishing, 1997). A step-by-step tutorial of ADO and data-centric business object development fundamentals.

© 1998 Microsoft Corporation. All rights reserved.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

Microsoft, ActiveX, Authenticode, BackOffice, the BackOffice logo, FoxPro, FrontPage, JScript, Microsoft Press, Outlook, Visual Basic, Visual InterDev, Win32, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Other product or company names mentioned herein may be the trademarks of their respective owners.

Microsoft Corporation • One Microsoft Way • Redmond, WA 98052-6399 • USA

0398