Schema Master: It controls all the updates and modifications that relate to schema of the Active Directory. It is the duty of the Schema Master to ensure that the latest schema has been replicated across all Domain Controllers in the directory. The role is forest-wide and there can be only one Schema Master in a forest.

Domain Naming Master: It controls the addition and deletion of domains in the forest. The role is once again forest-wide and there can be only one Domain Naming Master in a forest.

RID Master: Stands for Relative ID and is responsible for processing RID requests from all Domain Controllers in a particular domain. For example, if we create a user in Active Directory, a unique Security Identifier (SID) is created which identifies it in the domain. Along with this SID a Relative ID (RID) that is unique to the SID is also generated from a pool that is allocated. The main role of RID Master is to ensure that each DC has got enough RID pool and if not then process the request for the pool from the unallocated RID pool. The role is Domain specific and there can be only one Domain Controller handling this role.

Infrastructure Master: When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference. The role is Domain specific and there can be only one Domain Controller handling this role.

PDC Emulator: It seems to be a backward compatible role that has been handed over as a legacy from Windows NT 4.0 and is mainly used for syncing time in the Enterprise. The W32Time service that we see in the Services MMC has a very important role to play: synchronize time across the enterprise to that Kerberos Authentication works smoothly. After all, password changes, authentication, account lockout, etc. all depends on this. The role is Domain specific and there can be only one Domain Controller handling this role.

So why does an administrator need to know which Domain Controller is holding which role? Well, normally there is always a single machine that carries all the five FSMO roles, but there can be scenarios where an administrator would have moved one or more FSMO roles. To know why, read this KB article from Microsoft. With a better understanding of which server holds which role, the administrator can plan better for disaster recovery or scheduled maintenance. There are many ways to find out which DC holds which role, but here is one that uses NTDSUtil – a command line tool.

A word of caution before we proceed: If you do not know what you are doing and have no idea about how Active Directory works or even worse – what Active Directory is – please refrain from doing this practically. Doing this incorrectly or messing with this command can cause your Active Directory to crash and lose functionality.

Step #1: On any Domain Controller, click Start. In the Run command type CMD and hit Enter. You will be taken to the good old command prompt window (DOS were the days). Type ntdsutil and hit Enter.

Step #2: You shall see the screen with ntdsutil: prompt. Since we want to find out the roles, type roles and hit Enter. Notice that the prompt now changes to show fsmo maintenance:. Now is a good time to get more HELP on the list of available commands.

Step #3: On the fsmo maintenance: prompt, type ? and hit Enter. Right-click in the Window, mark and copy them. Paste the clipboard in to Notepad for easy reference.

Step #4: Type connection and press Enter. This will show a prompt with server connections:. Type connect to server <servername> (replace <servername with actual name> and press Enter.

Step #5: Once we are connected to the Domain Controller, type q to return back to the fsmo maintenance prompt. Now type, select operation target and then press Enter. Notice that the prompt changes to select operation target:.

Step #6: At the select operation target prompt, type list roles for connected server and press Enter. This would list all the FSMO roles for that Domain Controller. To get out of the ntdsutil, type q until you are back to the good old DOS prompt.

For those who are looking at ready solution rather than going through this process, check out DUMPFSMOS.CMD in the Resource Kit (Windows 2000/2003). This tool is a one-click utility that does the same trick.

The main idea is to make the URL more simple and SEO friendly. Normally, when you setup PermaLinks in IIS, we get something like this:

http://www.yourwordpresssite.com/index.php/2009/08/02/your-blog-post/

This means that each link to the post carries index.php in the URL which is not good. Outlined below are steps that can help to achieve the same results for a WordPress site on a Windows Server running IIS.

STEP: 1

Get the URL rewriting component on the Windows Server hosting your WordPress site. If you are not in control of the server or are not the server administrator, you can request the setup of the component from them. Click here to download the component from the vendor’s site. The component is absolutely free and distributed under GNU General Public License.

STEP: 2

Once the component is downloaded, copy the wp-url-rewriting.dll file to the Windows Server’s SYSTEM32 directory. Register the component so that it is available to IIS by using the REGSVR32 WP-URL-REWRITING.DLL command from the command prompt.

Note: You may get an error that the DLL entry point was not found, but let that not bother you.

STEP: 3

Once the DLL is registered, login to your WordPress admin area and navigate to PermaLinks and change the common setting to use Custom Structure. Add /%category%/%postname%/ as the choice and Save Changes.

That’s it! We are done. WordPress should now show the URL’s without the index.php in it.

I invite everyone to share their experience or any other methods that they might have used.

So why do we need a centralized patch management policy? Well, the answer is simple – the systems are prone to risks and threats when exposed to the Internet or medias like USB pen drives, wireless networks and devices, etc. We all, at some point, might have experienced or read about the havoc caused by Blaster or the Sasser worms. Today software vendors have stepped up the releases of emergency and critical updates in a formalized manner to encounter these threats. Microsoft’s Patch Tuesday is a good example that highlights that. To learn more about this program, click here.

WSUS from Microsoft is a boon to Network and System Administrators in this scenario. WSUS (Windows Server Update Services) is basically designed to run on a company’s network and automate the process of patching. This free product from Microsoft does a fair job of streamlining the overall patch management process of an organization with centralized reporting. For a Network or System Administrator it is just a simple task of installing the WSUS server on a system and then configures all Desktops to use the WSUS server for software updates. This can be easily achieved by creating a group policy and linking the policy to the correct OU using Group Policy Editor. The Desktops would automatically announce their current status to the WSUS server with details like which patches are needed to be installed, which patches have failed to install, which patches have been successfully installed, etc.

In a nutshell, WSUS seems to be a good product especially when there is no price tag attached to it and starting with WSUS 3.0 the reports have also improved over its predecessor.

It is recommended to have 90MB hard disk space for a typical install. To get started, download the latest version of Perl from ActiveState (http://www.activestate.com)

Once the download process has completed, double click on the program to begin the installation process.

Choose Next to continue. You will be presented with the standard license agreement.

Accept the End-User License Agreement and choose Next to continue.

You can change the installation path to match your setup from here. For this example, we have used F:\Perl. You can even choose not to install the Examples files if you want. Once the selections have been done, click Next to continue.

On the next screen in the setup wizard, verify that the following choices are selected:

·  Add Perl to the PATH environment variable

·  Create Perl file extension association

·  Create IIS script mapping for Perl

Click Next to continue to the review screen in the setup wizard.

Click Install to begin the installation process. The installation will take a few minutes and once the installation is done click Finish to complete the installation process. That’s it, Perl has been installed and integrated with IIS.

To verify that the Perl path is set correctly and available to IIS, Right Click on My Computer and select Properties.

Select the Environment Variables from the Advanced tab and verify the path listed under System Variables.

Choose OK to close the current window. We have successfully installed Perl.

To start with, create a folder on the machine that you want to automate this on. I named my folder as “MaintenanceScripts”. The next step was to write the batch file with the content given below and save it as “ChecknDefrag.bat”.

@Echo Off
REM ***************************************************************************
REM *                                                                         *
REM *      AUTOMATED DISK CHECK AND DEFRAGMENTATION SCRIPT                    *
REM *                                                                         *
REM ***************************************************************************

REM chkdsk and defrag automation
REM Read the Drive Letter from the file
for /F "eol= tokens=1 delims=( " %%i in (DriveLetter.txt) do set DrvLtr=%%i& call :dsKchk

:dsKchk
If %DrvLtr% == end goto :eof
echo. >> diskcheck.rtf
echo. >> diskcheck.rtf
echo ******************************************************** >> diskcheck.rtf
echo CHECK DATE and TIME for %DrvLtr% >> diskcheck.rtf
date /t >> diskcheck.rtf
time /t >> diskcheck.rtf
echo ******************************************************** >> diskcheck.rtf
echo. >> diskcheck.rtf
echo. >> diskcheck.rtf
echo RUNNING DISK CHECK ON %DrvLtr% ....
chkdsk %DrvLtr% >> diskcheck.rtf
goto :defrag

:defrag
echo. >> defrag.rtf
echo. >> defrag.rtf
echo ******************************************************** >> defrag.rtf
echo CHECK DATE and TIME for %DrvLtr% >> defrag.rtf
date /t >> defrag.rtf
time /t >> defrag.rtf
echo ******************************************************** >> defrag.rtf
echo. >> defrag.rtf
echo. >> defrag.rtf
echo RUNNING DISK DEFRAGMENTATION ON %DrvLtr% ....
defrag %DrvLtr% -b >> defrag.rtf
defrag %DrvLtr% -f >> defrag.rtf

:EOF

The above batch file checks for a file called “DriveLetter.txt” in the same folder from where the script it going to run from. You can change it to your liking. It also saves the report of the disk check to a file called “diskcheck.rtf” and for defrag to a file called “defrag.rtf”. I choose RTF so that I can open it in MS Word or any other application to see a nice formatted output.

Next, we create a file called “DriveLetter.txt” in the same folder where we saved the Batch File and add all the drive letters that we want the script to check:

C:
end

You can add more disks to the above file by writing the drive letters to the text file – one drive per line.

Run the batch file once and wait for it to finish. Once it finishes its run, you can open the RTF files and see the results. If you are satisfied that everything is working fine with the batch files, you can now move towards scheduling the batch file to run at off-peak hours.

Basically, DDOS means a Distributed Denial of Service attack which are targeted towards a computer, server or a device to make it unavailable on the network. Lot of malicious traffic is directed towards a server or a service which blocks the bandwidth/network. Here are some steps Windows administrators can go through to prevent or fight against it:

- Keep your servers/computers updated with the latest patches, service packs and updates.
- Harden the TCP/IP stack. Here is an article from Microsoft which talk about it: http://support.microsoft.com/default.aspx/kb/324270
- Check with your Data Center to find out what infrastructure security is in place. They may be having a system in place where the DDoS traffic can be routed through a DDoS Mitigation Service. This filters out the attack traffic and allows the legitimate traffic to continue to its original destination.
- If the budget permits, get a good hardware firewall installed in your infrastructure network. If not, then you can also go in for some software based firewall which can filter packets. In the worst case, at least have your Windows Basic Firewall configured.

If you need to use the additional PECL modules then extract the files from the PECL Zip into the C:\PHP\ext directory.

Next locate the file ‘php.ini-recommended’ in C:\PHP and rename it to ‘php.ini’ (without the quotes of course)
 
Open the ‘php.ini’ file and find the line which reads extension_dir = “./” and change it to extension_dir = “C:\PHP\ext”. This tells PHP where the various extensions are located. If you open the default PHP.INI file which ships with the ZIP file you can see that the default path in the ‘php.ini-recommended’ file points to the wrong location, so you need to change it.

You also need to add the location of your PHP directory to the server’s PATH environment variable so that Windows knows where to look for any PHP related executables (such as the PHP extension DLL‘s). To do this Right-click on My Computer, click Properties and on the Advanced tab click Environment Variables. In the Environment Variables dialog box, under System Variables highlight the Path variable and click Edit.

Add ‘;C:\PHP’ (be sure to include the semi-colon separator) as shown here and click OK. You will need to re-boot the server for this change to take effect as system variables are loaded when the server starts up.

If you browse through the ‘php.ini’ file you will see an entry describing the ‘cgi.force_redirect’ property. You will also see a statement telling you that if you are using IIS you ‘MUST’ turn this off. However, this only applies if you are using the CGI version of PHP (i.e. php-cgi.exe) Since we are using the ISAPI version of PHP we can safely ignore this.

Configuring IIS (Only if required)

There are a few simple steps you need to take in order to get PHP working under IIS 6.0

First we need to create and then enable an appropriate Web Service Extension so that IIS will both recognize and allow PHP files to be processed by the appropriate script engine.

You can use the Internet Information Services (IIS) Manager GUI method to perform this task but there is a much quicker way of doing this; namely using the ‘iisext.vbs’ Command-Line Administration Script, which you will find in C:\Windows\system32 by default.

Assuming you are using the same directory structure as I am in this walkthrough you can simply copy and paste the following line of text and execute it at a command prompt from C:\Windows\system32 :

cscript iisext.vbs /AddFile c:\PHP\php5isapi.dll 1 PHPISAPI 1 “PHP ISAPI”

As you can see, this script creates a new Web Service Extension named “PHP ISAPI” with a status of Allowed.
 

The IIS 6.0 Command-Line Administration Scripts are very powerful and flexible tools and I would recommend using them wherever possible.

OK, now we are ready to test our PHP installation. Start by creating a simple PHP test file. Open Notepad on the server and copy the following line into a new text file: <?php phpinfo(); ?>

Save the file as index.php in the root of the test web site. Next create a new default document type of index.php on the test web site (this step is optional but it just makes browsing a bit easier)

Browse the site and you should see the standard PHP configuration details page

However, if you look carefully at the above page you will notice it is indicating that my ‘php.ini’ file is actually located in ‘C:\WINDOWS’ even though there is no such file in my C:\WINDOWS directory. This is because the ‘php5isapi.dll’ file is actually compiled with this location as its default value. A number of existing PHP and IIS tutorials suggest that you should copy the ‘php.ini’ file to the C:\WINDOWS directory – but what if you don’t want to do that?

Well, you don’t have to because PHP allows you to actually configure a custom value for the ‘php.ini’ file location. There are a number of ways to do this but perhaps the simplest is to configure the PHPRC environment variable.

To demonstrate how this works I am going to create a new folder called ‘C:\inifile’ and instruct PHP to read its configuration data from the ‘php.ini’ file in this location (in practice you may prefer to leave your ‘php.ini’ file in the C:\PHP directory)

In order to do this I need to create a new System environment variable named ‘PHPRC’ and provide the appropriate values. Right-click on My Computer, click Properties and on the Advanced tab click Environment Variables.

In the Environment Variables dialog box, under System Variables click New. In the New System Variable dialog box type PHPRC for the variable name and then enter the desired path to your ‘php.ini’ file’s location.

Then click OK and you will see that a new System environment variable has been created. In order for this to take effect you need to re-boot the server at this stage.

#Note
As an alternative, you can edit the registry and specify the location of your configuration file. The main benefit of the registry edit method is that it doesn’t require a re-boot – in testing this method I found that any changes made would take effect once the application pool serving the web site was recycled. However, choose whichever method you feel most comfortable with and which fits your requirements.

Now if we browse the site we can see that PHP is indeed looking for its ‘php.ini’ file in the ‘C:\inifile’ location which I specified previously.

And that’s it. You should now have a working installation of PHP running on IIS 6.0.

Searched a lot on the Internet and forums but I could not find a single site which would show how to implement the script in NsClient ++ and how to define the command and service in Nagios. Finally, I managed to crack it and now I would like to share this with everyone who may need some help on this.

Follow these steps to get this working:

[1] Download the script from Nagios Exchange and store it on your hard disk of your server which you need to check for updates. Note down the path to the wsf script for further reference.

[2] Edit your NSC.INI file (NsClient ++) and add this line to it:
check_updates=c:windowssystem32cscript.exe //NoLogo //T:40 C:Scriptscheckupdates.wsf $arg1$
The line above will check for the checkupdates.wsf script under the Scripts folder and run it using cscript. The $arg1$ will return the value back to Nagios.

[3] Next step is to add a command to your Nagios command.cfg file:
#’check_nrpe’ command definition
define command {
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c $ARG1$ -a $ARG2$
}

[4] Now it’s time to define the service. Depending on the way you use templates, I’ll leave it up to you to decide where to place it. Add the following lines:
# Monitor updates in windows machine

Do a pre-flight check of Nagios. If no configuration errors are reported then you are good to go. Restart nagios for the new checks to work.

Hacking a Web Server
With the advent of Windows 2003 and IIS 6.0 there was a sharp turn in the way hosting services were being provided on Windows platform few years back. Today, web servers running on Internet Information Services 6.0 (IIS 6.0) are highly popular worldwide – thanks to the .NET and AJAX revolution for designing web applications. Unfortunately, this also makes IIS web servers a popular target amongst hacking groups and almost every day we read about the new exploits being traced out and patched. That does not mean that Windows is not as secured as Linux. In fact, it’s good that we see so many patches being released for Windows platform as it clearly shows that the vulnerabilities have been identified and blocked.

Many server administrators have a hard time coping up with patch management on multiple servers thus making it easy for hackers to find a vulnerable web server on the Internet. One good way I have found to ensure servers are patched is to use Nagios to run an external script on a remote host, in turn alerting on the big screen which servers need patches and a reboot after the patch has been applied. In other words, it is not a difficult task for an intruder to gain access to a vulnerable server if the web server is not secured and then compromise it further to an extent that there is no option left for the administrator but to do a fresh OS install and restore from backups.
Many tools are available on the Internet which allows an experienced or a beginner hacker to identify an exploit and gain access to a web server. The most common of them are:

IPP (Internet Printing Protocol) – which makes use of the IPP buffer overflow. The hacking application sends out an actual string that overflows the stack and opens up a window to execute custom shell code. It connects the CMD.EXE file to a specified port on the attacker’s side and the hacker is provided with a command shell and system access.

UNICODE and CGI-Decode – where the hacker uses the browser on his or her computer to run malicious scripts on the targeted server. The script is executed using the IUSR_<computername> account also called the “anonymous account” in IIS. Using this type of scripts a directory transversal attack can be performed to gain further access to the system.

Over these years, I’ve seen that most of the time, attacks on a IIS web server result due to poor administration, lack of patch management, bad configuration of security, etc. It is not the OS or the application to blame but the basic configuration of the server is the main culprit. I’ve outlined below a checklist with an explanation to each item. These if followed correctly would help prevent lot of web attacks on an IIS web server.

Secure the Operating System
The first step is to secure the operating system which runs the web server. Ensure that the Windows 2003 Server is running the latest service pack which includes a number of key security enhancements.

Always use NTFS File System
NTFS file system provides granular control over user permissions and lets you give users only access to what they absolutely need on a file or inside a folder.

Remove Unwanted Applications and Services
The more applications and services that you run on a server, the larger the attack surface for a potential intruder. For example, if you do not need File and Printer sharing capabilities on your shared hosting platform, disable that service.

Use Least Privileged Accounts for Service
Always use the local system account for starting services. By default Windows Server 2003 has reduced the need for service accounts in many instances, but they are still necessary for some third-party applications. Use local system accounts in this case rather than using a domain account. Using a local system account means you are containing a breach to a single server.

Rename Administrator and Disable Guest
Ensure that the default account called Guest is disabled even though this is a less privileged account. Moreover, the Administrator account is the favorite targets for hackers and most of the malicious scripts out there use this to exploit and vulnerable server. Rename the administrator account to something else so that the scripts or programs that have a check for these accounts hard-coded fail.

Disable NetBIOS over TCP/IP and SMB
NetBIOS is a broadcast-based, non-routable and insecure protocol, and it scales poorly mostly because it was designed with a flat namespace.  Web servers and Domain Name System (DNS) servers do not require NetBIOS and Server Message Block (SMB). This protocol should be disabled to reduce the threat of user enumeration.
To disable NetBIOS over TCP/IP, right click the network connection facing the Internet and select Properties. Open the Advanced TCP/IP settings and go to the WINS tab. The option for disabling NetBIOS TCP/IP should be visible now. To disable SMB, simply uncheck the File and Print Sharing for Microsoft Networks and Client for Microsoft Networks. A word of caution though – if you are using network shares to store content skip this. Only perform this if you are sure that your Web Server is a stand-alone server.

Schedule Patch Management
Make a plan for patch management and stick to it. Subscribe to Microsoft Security Notification Service (http://www.microsoft.com/technet/security/bulletin/notify.asp)  to stay updated on the latest release of patches and updates from Microsoft. Configure your server’s Automatic Update to notify you on availability of new patches if you would like to review them before installation.

Run MBSA Scan
This is one of the best way to identify security issues on your servers. Download the Microsoft Base Line Security tool and run it on the server. It will give you details of security issues with user accounts, permissions, missing patches and updates and much more.

That’s it to the basic of securing the operating system. There are more fixes which can be performed for further securing the server but they are beyond the scope of this article. Let’s now move on to securing the IIS web server.
IIS 6.0 when setup is secured by default. When we say this, it means that when a fresh installation of IIS is done, it prevents scripts from running on the web server unless specified. When IIS is first installed, it serves only HTML pages and all dynamic content is blocked by default. This means that the web server will not serve or parse dynamic pages like ASP, ASP.NET, etc. Since that is not what a web server is meant to do, the default configuration is changed to allow these extensions.

Listed below are some basic points that guide you to securing the web server further:

• Latest Patches and Updates
  Ensure that the latest patches, updates and service packs have been installed for .NET Framework. These patches and updates fix lot of issues which enhances the security of the web server.
• Isolate Operating System
  Do not run your web server from the default InetPub folder. If you have the option to partition your hard disks then use the C: drive for Operating System files and store all your client web sites on another partition. Relocate web root directories and virtual directories to a non-system partition to help protect against directory traversal attacks.
• IISLockDown Tool
  There are some benefits to this tool and there are some drawbacks, however, so use it cautiously. If your web server interacts with other servers, test the lockdown tool to make sure it is configured so that connectivity to backend services is not lost.
• Permissions for Web Content
  Ensure that Script Source Access is never enabled under a web site’s property. If this option is enabled, users can access source files. If Read is selected, source can be read; if Write is selected, source can be written to. To ensure that it is disabled, open IIS, right click the Websites folder and select Properties. Clear the check box if it is enabled and propagate it to all child websites.
• Enable Only Required Web Server Extensions
  IIS 6.0 by default does not allow any dynamic content to be parsed. To allow a dynamic page to be executed, you need to enable the relevant extension from the Web Service Extensions property page. Always ensure that “All Unknown CGI Extensions” and “All Unknown ISAPI Extensions” are disabled all the time. If WebDAV and Internet Data Connector are not required, disable that too.
• Disable Parent Paths
  This is the worst of all and thanks to Microsoft, it is disabled in IIS 6.0 by default. The Parent Paths option permits programmers to use “..” in calls to functions by allowing paths that are relative to the current directory using the ..\notation. Setting this property to True may constitute a security risk because an include path can access critical or confidential files outside the root directory of the application. Since most of the programmers and third-party readymade applications use this notation, I leave it up to you to decide if this needs to be enabled or disabled. The workaround to Parent Paths is to use the Server.MapPath option in your dynamic scripts.
• Disable Default Web Site
  If not required, stop the Default Web Site which is created when IIS 6.0 is installed or change the property of Default Web Site to run on a specific IP address along with a Host Header. Never keep it running on All Unassigned as most of the ready-made hacking packages identify a vulnerable web server from IP address rather than a domain name. If your Default Web Site is running on All Unassigned, it means that it can serve content over an IP address in the URL rather than the domain name.
• Use Application Isolation
  I like this feature in IIS 6.0 which allows you to isolate applications in application pools. By creating new application pools and assigning web sites and applications to them, you can make your server more efficient and reliable as it ensures that other applications or sites do not get affected due to a faulty application running under that pool.

Summary
All of the aforementioned IIS tips and tools are natively available in Windows. Don’t forget to try just one at a time before you test your Web accessibility. It could be disastrous if all of these were implemented at the same time making you wonder what is causing a problem in case you start having issues.

One final tip: Go to your Web server and Run “netstat –an” (without quotes) at the command line. Observe how many different IP addresses are trying to gain connectivity to your machine, mostly via port 80. If you see that you have IP addresses established at a number of higher ports, then you’ve already got a bit of investigating to do.

Click Next and let the server detect your settings, then choose Custom Configuration and click Next. Choose the Application Server Role from the list and click Next.

Since many applications require ASP.NET today, we’re going to choose to Enable ASP.NET. In addition, we will not choose to enable FrontPage Extensions at this time though.

Note: In order to publish .NET applications from VisualStudio, you may want to enable FrontPage Extensions to start with.

Moving ahead, once we’ve selected what we want, we click Next to set up the role. Just let the wizard run until you see the finish button, then click Finish.

Once you’ve installed the Application Server role to your server, you’ll naturally want to check and see if it works. The Manage Your Server wizard should now show the Application Server role installed, so click on Manage This Application Server.

This brings up the Application Server Management Console (MMC). Expand the Internet Information Services (IIS) Manager, then expand your server (local computer), and then the Web Sites folder. You should see the Default Web Site listed as shown below, and it shouldn’t say “Stopped”. If it does, you need to troubleshoot using the Event Viewer.

For now, ignore the files and folders listed in your default web site, we just want to run a test and ensure that IIS is running and serving a web page. On the server itself, launch Internet Explorer (IE) and browse to http://localhost/. You should see the “Under Construction” web page if the server is running correctly.

Okay, at this point you have a working IIS installation. Go back to the Application Server Management Console and right-click on the Default Web Site. Choose Properties to bring up the web site properties dialog. Then click on the Home Directory tab and ensure that the Default Site is set to the path shown below.

Because of the security enhancements in Windows Server 2003 and IIS 6, ASP pages are not enabled by default. Yes, we did install the server for ASP.NET, but ASP and ASP.NET isn’t the same thing.

In IIS 6, technologies like ASP, ASP.NET and so on are called Web Service Extensions. The same is true of Server Side Includes, PERL/CGI scripting, PHP and a host of other add-ons to web servers. Since many web sites run ASP (Active Server Pages), let’s activate ASP.

In the Application Server Management Console, click on the Web Service Extensions folder underneath the server name. You should see that Active Server Pages are Prohibited, this is the default configuration of IIS.

Simply set the extension to Allowed and the web server will start serving ASP pages. Repeat this for Server Side Includes too. This is required so that client pages parse the <include> variable in a page.

Last but not the least – you may probably want to shift your default web site as well as other web sites that you are going to host on the server off the System Partition (the one where the OS is installed). It’s always a good idea to shift the web site content to a different drive.

That’s it for the basic clean IIS 6.0 installation.