IIS Manager Details Delegated Administration Configuration System Navigation-based, task-oriented, rich experience Easier to manage 1 or 1000s of sites Manage.NET and IIS7 configuration Extensible Install controls for new IIS 7 features Add functionality to UI Customize Appearance Delegated Administration Specific settings are delegated to web.config Non-administrators can change relevant settings. Use configuration system for granular control Updated UI with a modern look and feel Icons instead of tabs Manage ASP.net settings as well as IIS 7 Context sensitive Actions Provides Features view and Content view Controls Delegated / Remote Administration View currently executing requests IIS 6 UI and high site densities Difficult to manage Not easy to find specific site in long list of sites Can have long startup and shutdown Add / Remove sites can be slow IIS 7 Server Manager Many times faster to create and load sites Sort and filter by name Very fast, even with 1000s of sites. Configure ASP.net and IIS7 settings Add.NET users.NET configuration for use by developers Writes to proper.NET config store Machine.config Global Web.config Site Web.config App Web.config IIS Manager is an extensible platform Built with Windows Forms Add new features to IIS Manager: Configure custom applications New Administration Features View Log File information Manage SQL from in the IIS Manager New IIS Manager capabilities Add Most Recently Used list IIS Manager uses a modular design Settings stored in Administration.config Windows\system32\inetsrv\config Administraton.config specifies UI modules Modules are features with icons in the UI Remove (or add) features globally Remove (or add) entry for in.config Cannot manage global display in the in UI IIS Manager can lock or unlock features Locked features cannot be delegated Non-Admins can control delegated (unlocked) features Administrator delegates to Site owner Web.config located in web root Site owners delegate to application managers Web.config located in app folder under web root Xcopy deploy configuration with content Remember: UI writes configuration to lowest level Example: ASP is not Delegated Read Only in UI The section for asp is locked in applicationhost.config. Syntax is overrideModeDefault= Allow Deny DelegatedDelegated Not Delegated Hidden, and Not Delegated Managed code features are delegated Handlers and Modules delegated by default Cannot be delegated Site, pool, or vdir definitions Global modules cannot loaded from a site Modules written in native code are global Some features not delegated by default: Logging, authentication, filters, error pages Web.config contains both asp.net and IIS7 sections A developer may replace web.config without realizing it can impact IIS 7. If web.config contains a locked section an error is reported. Tip: Be careful about overwriting web.config ! Web.config updates can occur from UNC path Publishing object FTP Replication Note: Remember that IIS will not deliver a web.config file from a URL Specify and apply configuration settings to certain paths under the current configuration file. Delegation unlocks entire feature Finer control can be obtained in.config file Use lock directives, items, elements and attributes to create useful configurations Examples: Delegate Authentication but require Anonymous authentication Delegate Default Document but require Contoso.aspx Lock is added in parent config file and applies to all access in child A namespace container for one or more sections. Container for feature settings Contains one or more settings. May include additional elements. A property. Can be used for directive control. Defines a comma-separated list of elements that are locked. lockElements, lockAllElementsExcept Granular Locking Concepts lockElements, lockAllElementsExcept Defines a comma-separated list of attributes that are locked. Specifies a single attribute that is restricted from being edited. Concepts lockItem Schema is the ultimate settings reference for IIS 7 Use it to: Identify all possible settings for any item Default values Locking semantics supported by a setting Located in system32\inetsrv\config\schema Extend with XML snippets Q: I dont want to delegate anything. Can I remove all delegation capabilities? A: Yes. Keep all settings in applicatonhost.config Q: Can I set which users can manage settings? A: Users that can update web.config can make allowed changes Q: Can anyone look at web.config? A: IIS7 will not deliver it. Prohibited with URLFiltering. 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.