From Wikipedia, the free encyclopedia

Internet Information Services
Screenshot of IIS 7's management console
Developer	Microsoft
Latest release	7.0
OS	Microsoft Windows
Genre	Server
License	Proprietary
Website	Microsoft Internet Information Services homepage

Microsoft Internet Information Services (IIS, formerly called Internet Information Server) is a set of Internet-based services for servers using Microsoft Windows. It is the world's second most popular web server in terms of overall websites, behind Apache HTTP Server. As of October 2007 it served 37.13% of all websites and 38.23% of all active websites according to Netcraft.^[1] The servers currently include FTP, SMTP, NNTP, and HTTP/HTTPS.

Contents 1 Versions 2 History of IIS 3 Security 4 Authentication mechanisms 5 Internet Information Services 7.0 6 See also 7 References 8 External links

• IIS 1.0, Windows NT 3.51 available as a free add-on
• IIS 2.0, Windows NT 4.0
• IIS 3.0, Windows NT 4.0 Service Pack 3
• IIS 4.0, Windows NT 4.0 Option Pack
• IIS 5.0, Windows 2000
• IIS 5.1, Windows XP Professional
• IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
• IIS 7.0, Windows Vista and Windows Server 2008

IIS was initially released as an additional set of Internet based services for Windows NT 3.51. IIS 2.0 followed adding support for the Windows NT 4.0 operating system and IIS 3.0 introduced the Active Server Pages dynamic scripting environment.

IIS 4.0 dropped support for the Gopher protocol and was bundled with Windows NT as a separate "Option Pack" CD-ROM.

The current shipping version of IIS is 7.0 for Windows Vista, 6.0 for Windows Server 2003 and IIS 5.1 for Windows XP Professional. Windows XP has a restricted version of IIS 5.1 that supports only 10 simultaneous connections and a single web site.^[2] IIS 6.0 added support for IPv6. A FastCGI module is also available for IIS5.1, IIS6^[3] and IIS7.^[4]

Windows Vista does not install IIS 7.0 by default, but it can be selected among the list of optionally installed components. IIS 7.0 on Vista does not limit the number of connections allowed but restricts performance based on active concurrent requests.

Earlier versions of IIS were hit with a spate of vulnerabilities, chief among them CA-2001-19 which led to the infamous Code Red worm; however, version 7.0 currently has no reported issues that affect it. In perspective, as of 11 September 2007, the free software Apache web server has one unpatched reported issue,^[5] affecting only MS Windows systems, and rated "less critical". In IIS 6.0, Microsoft has opted to change the behavior of pre-installed ISAPI handlers,^[6] many of which were culprits in the vulnerabilities on 4.0 and 5.0, thus reducing the attack surface of IIS. In addition, IIS 6.0 added a feature called "Web Service Extensions" that prevents IIS from launching any program without explicit permission by an administrator. With the current release, IIS 7.0, the components were modularized, so that only the required components have to be installed, thus further reducing the attack surface. In addition, security features such as URLFiltering were added that rejects suspicious URLs based on a user defined rule set.

In IIS 5.1 and lower, by default all websites were run in-process and under the System account,^[7] a default Windows account with elevated rights. Under 6.0 all request handling processes have been brought under a Network Services account which has significantly fewer privileges. In particular this means that if there is an exploit in a feature or custom code, it wouldn't necessarily compromise the entire system given the sandboxed environment the worker processes run in. IIS 6.0 also contained a new kernel HTTP stack (http.sys) with a stricter HTTP request parser and response cache for both static and dynamic content.

IIS 5.0 and higher support the following authentication mechanisms:

• Basic access authentication
• Digest access authentication
• Integrated Windows Authentication
• .NET Passport Authentication

Debuting with Windows Vista, and also to be included in Windows Server 2008, IIS 7.0 features a modular architecture. Instead of a monolithic server which features all services, IIS 7 has a core web server engine. Modules offering specific functionality can be added to the engine to enable its features. The advantage of having this architecture is that only the features required can be enabled and that the functionalities can be extended by using custom modules.

IIS 7 will ship with a handful of modules, but Microsoft will make other modules available online.^[8] The following sets of modules are slated to ship with the server:

1. HTTP Modules
2. Security Modules
3. Content Modules
4. Compression Modules
5. Caching Modules
6. Logging and Diagnostics Modules

Writing extensions to IIS 7 using ISAPI has been deprecated in favor of the module API, which allows modules can plug in anywhere in the request processing pipeline. Much of IIS's own functionality is built on this API, and as such, developers will have much more control over a request process than was possible in prior versions. Modules can be written using C++ or using the IHttpModule class of the .NET Framework language. Modules can be loaded globally where the services provided by the module can effect all sites, or loaded on a per-site basis. IIS 7 has an integrated mode application pool where .NET modules are loaded into the pipeline using the module API, rather than ISAPI. As a result ASP.NET code can be used with all requests to the server.^[9] For applications requiring strict IIS 6.0 compatibility, the Classic application pool mode loads asp.NET as an ISAPI.

A significant change from previous versions of IIS is that all web server configuration information is stored solely in XML configuration files, instead of in the metabase. The server has a global configuration file that provides defaults, and each virtual web's document root (and any subdirectory thereof) may contain a web.config containing settings that augment or override the defaults. Changes to these files take effect immediately. This marks a significant departure from previous versions whereby web interfaces, or machine administrator access, were required to change simple settings such as default document, active modules and security/authentication. It also eliminates the need to perform metabase synchronization between multiple servers in a farm of web servers.

IIS 7 also features a completely rewritten administration interface that takes advantage of modern MMC features such as task panes and asynchronous operation. Configuration of ASP.NET is more fully integrated into the administrative interface.

Other changes:

• PICS content ratings, support for Microsoft Passport, and server-side image maps are no longer included.
• Executing commands via server-side includes is no longer permitted.
• IISRESET -reboot has been removed.
• The CONVLOG tool, which converts IIS log files into NCSA format, has been removed.
• Support for enabling a folder for "Web Sharing" via the Windows Explorer interface has been removed.
• IIS Media Pack, which allows IIS to be used as a bare-bones media server, without using Windows Media Services.^[10]
• New FTP module, that integrates with the new configuration store, as well as the new management environment.^[11]

• List of FTP servers
• List of mail servers
• Comparison of web servers
• WISA
• Metabase
• ASP.NET

• Microsoft Internet Information Services product page
• IIS.net - Microsoft Internet Information Services technical home page
• IIS 7.0 Technical Reference — Microsoft TechNet
• IIS Installation for XP — Microsoft
• Security Guidance for IIS — Microsoft TechNet

v • d • e Windows components
Core	Aero · ClearType · Desktop Window Manager · DirectX · Windows Explorer · Taskbar · Start menu · Windows Shell (Shell namespace · Special Folders · File associations) · Windows Search (Saved search, iFilters) · Graphics Device Interface · Windows Imaging Format · Next Generation TCP/IP stack · .NET Framework · Audio · Printing (XML Paper Specification) · Windows Script Host (VBScript, JScript) · COM (OLE, OLE Automation, DCOM, ActiveX, Structured storage)
Applications and tools	Backup and Restore Center · Calculator · Calendar · Character Map · Cmd.exe · Contacts · Control Panel (Applets) · Device Manager · Disk Cleanup · Disk Defragmenter · DVD Maker · Event Viewer · Fax and Scan · Internet Explorer · Mail · Magnifier · Management Console · Media Center · Meeting Space · Mobile Device Center · Mobility Center · Movie Maker · Narrator · Notepad · Paint · Photo Gallery · PowerShell · Private Character Editor · Problem Reports and Solutions · Remote Assistance · Sidebar · Snipping Tool · Sound Recorder · Sysprep · System Configuration · System File Checker · System Restore · Unix subsystem · Windows Installer · Windows Media Player · Windows Speech Recognition · Task Manager · Windows Update · WordPad · WinSAT
Kernel	Ntoskrnl.exe · hal.dll · System idle process · Svchost.exe · Registry · Windows service · Service Control Manager · WOW/WOW64 · DLL · EXE · NTLDR/Boot Manager · Winlogon · Recovery Console · I/O · WinRE · WinPE · Kernel Patch Protection
Services	AutoPlay · BITS · Task Scheduler · Wireless Zero Configuration · Shadow Copy · Windows Error Reporting · Multimedia Class Scheduler · CLFS
File systems	NTFS (Junction point, Mount Point, Reparse point, Symbolic link, TxF, EFS) · FAT32 · FAT16 · FAT12 · exFAT · CDFS · UDF · DFS · IFS
Server	Domains · Active Directory · DNS · Group Policy · Roaming user profiles · Distributed Transaction Coordinator · SharePoint Services · Windows Media Services · Rights Management Services · IIS · Terminal Services · WSUS · Network Access Protection · DFS Replication
Architecture	NT series architecture · Object Manager · Startup process (Vista) · I/O RP · Kernel Transaction Manager · Logical Disk Manager · Security Accounts Manager · Windows Resource Protection · LSASS · CSRSS · SMSS
Security	UAC · BitLocker · Defender · DEP · Protected Media Path · Mandatory Integrity Control · UIPI · Windows Firewall · Security Center
Games	Chess Titans · FreeCell · Hearts · Hold 'Em · InkBall · Mahjong Titans · Minesweeper · Purble Place · Solitaire · Spider Solitaire
PowerToys	Tweak UI · SyncToy · PowerCalc

v • d • e Microsoft
Desktop software	Windows (components) · Office · Visual Studio · Expression · Silverlight · Dynamics · Money · Encarta · Student · Works
Server software	Windows Server · SQL Server · IIS · Exchange · BizTalk · Commerce · ISA Server · Systems Management · System Center · Licensing Services
Technology	Active Directory · DirectX · .NET · Windows Media · PlaysForSure
Web properties	Windows Live · Office Live · MSNBC · msnbc.com · ninemsn · MSN · Hotmail · Live Messenger · Spaces · Groups · Live ID · Ignition · CodePlex · HealthVault
Gaming	Microsoft Game Studios · Zone · XNA · Xbox · Xbox 360 · Xbox Live (Arcade, Marketplace) · Games for Windows (LIVE, Tray and Play) · Live Anywhere
Hardware	Surface · Zune (4, 8, 30, 80) · MSN TV · Natural Keyboard · Keyboard · Mouse · LifeCam · LifeChat · SideWinder · Ultra-Mobile PC · Fingerprint · Audio System · Cordless Phone · Pocket PC · RoundTable · Response Point
Education and recognition	MCPs · MSDN · MSDNAA · MSCA · Microsoft Press · Microsoft MVP · Microsoft Student Partners
Licensing	Client Access License · Shared Source
Board of directors	Ballmer · Cash · Dublon · Gates · Gilmartin · Hastings · Marquardt · Noski · Panke · Shirley