Internet information services iis for windows

From Wikipedia, the free encyclopedia

Screenshot of IIS Manager console of Internet Information Services 8.5
Developer(s)	Microsoft
Initial release	May 30, 1995; 28 years ago
Stable release	10.0 v1809  / 2 October 2018
Written in	C++[1]
Operating system	Windows NT
Available in	Same languages as Windows
Type	Web server
License	Part of Windows NT (same license)
Website	www.iis.net

Internet Information Services (IIS, 2S) is an extensible web server created by Microsoft for use with the Windows NT family.^[2] IIS supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NNTP. It has been an integral part of the Windows NT family since Windows NT 4.0, though it may be absent from some editions (e.g. Windows XP Home edition), and is not active by default.

History[edit]

The first Microsoft web server was a research project at the European Microsoft Windows NT Academic Centre (EMWAC), part of the University of Edinburgh in Scotland, and was distributed as freeware.^[3] However, since the EMWAC server was unable to handle the volume of traffic going to Microsoft.com, Microsoft was forced to develop its own web server, IIS.^[4]

Almost every version of IIS was released either alongside or with a version of Microsoft Windows:

• IIS 1.0 was initially released as a free add-on for Windows NT 3.51.
• IIS 2.0 was included with Windows NT 4.0.
• IIS 3.0, which was included with Service Pack 2 of Windows NT 4.0, introduced the Active Server Pages dynamic scripting environment.^[5]
• IIS 4.0 was released as part of the «Option Pack» for Windows NT 4.0. It introduced the new MMC-based administration application and also was the first version where multiple instances of web and FTP servers can run, differentiating them by port number and/or hostname. It was also the first version to run application pools.
• IIS 5.0 shipped with Windows 2000 and introduced additional authentication methods, support for the WebDAV protocol, and enhancements to ASP.^[6] IIS 5.0 also dropped support for the Gopher protocol.^[7] IIS 5.0 added HTTP.SYS.
• IIS 5.1 was shipped with Windows XP Professional and was nearly identical to IIS 5.0 on Windows 2000.
• IIS 6.0 included with Windows Server 2003 and Windows XP Professional x64 Edition, added support for IPv6 and included a new worker process model that increased security as well as reliability.^[8] HTTP.sys was introduced in IIS 6.0 as an HTTP-specific protocol listener for HTTP requests.^[9] Also each component (like for example Server Side Includes or ASP) now has to be explicitly installed, because in earlier versions often hackers entered sites by using security bugs of components that were not even in use by the hacked site, improving security.
• IIS 7.0 was a complete redesign and rewrite of IIS and was shipped with Windows Vista and Windows Server 2008. IIS 7.0 included a new modular design that allowed for a reduced attack surface and increased performance. It also introduced a hierarchical configuration system allowing for simpler site deploys, a new Windows Forms-based management application, new command-line management options and increased support for the .NET Framework.^[10] IIS 7.0 on Vista does not limit the number of allowed connections as IIS on XP did, but limits concurrent requests to 10 (Windows Vista Ultimate, Business, and Enterprise Editions) or 3 (Vista Home Premium). Additional requests are queued, which hampers performance, but they are not rejected as with XP.
• IIS 7.5 was included in Windows 7 (but it must be turned on in the side panel of Programs and Features) and Windows Server 2008 R2. IIS 7.5 improved WebDAV and FTP modules as well as command-line administration in PowerShell. It also introduced TLS 1.1 and TLS 1.2 support and the Best Practices Analyzer tool and process isolation for application pools.^[11]
• IIS 8.0 is only available in Windows Server 2012 and Windows 8. IIS 8.0 includes SNI (binding SSL to hostnames rather than IP addresses), Application Initialization, centralized SSL certificate support, and multicore scaling on NUMA hardware, among other new features.
• IIS 8.5 is included in Windows Server 2012 R2 and Windows 8.1. This version includes Idle worker-Process page-out, Dynamic Site Activation, Enhanced Logging, ETW logging, and Automatic Certificate Rebind.
• IIS 10.0 version 1607 a.k.a. version 10.0.14393 is included in Windows Server 2016 released 2016-09-26 and Windows 10 Anniversary Update released 2016-08-02. This version includes support for HTTP/2,^[12] running IIS in Windows containers on Nano Server, a new Rest management API and corresponding web-based management GUI, and Wildcard Host Headers.^[13]
• IIS 10.0 version 1709 is included in Windows Server, version 1709 (Semi-Annual Channel) and Windows 10 Fall Creators Update both released 2017-10-17. This version adds support for HSTS, container enhancements, new site binding PowerShell cmdlets, and 4 new server variables prefixed with «CRYPT_».^[14]
• IIS 10.0 version 1809 a.k.a. version 10.0.17763 is included in Windows Server 2019 and Windows 10 October Update released 2018-10-02. This version added flags for control of HTTP/2 and OCSP Stapling per site, a compression API and implementing module supporting both gzip and brotli schemes, and a UI for configuring HSTS.^[15]

All versions of IIS prior to 7.0 running on client operating systems supported only 10 simultaneous connections and a single website.

Microsoft was criticized by vendors of other web server software, including O’Reilly & Associates and Netscape, for its licensing of early versions of Windows NT; the «Workstation» edition of the OS permitted only ten simultaneous TCP/IP connections, whereas the more expensive «Server» edition, which otherwise had few additional features, permitted unlimited connections but bundled IIS. It was implied that this was intended to discourage consumers from running alternative web server packages on the cheaper edition.^[16] Netscape wrote an open letter to the Antitrust Division of the U.S. Department of Justice regarding this distinction in product licensing, which it asserted had no technical merit.^[17] O’Reilly showed that the user could remove the enforced limits meant to cripple NT 4.0 Workstation as a web server with two registry key changes and other trivial configuration file tweaking.

Features[edit]

IIS 6.0 and higher support the following authentication mechanisms:^[18]

• Anonymous authentication
• Basic access authentication
• Digest access authentication
• Integrated Windows Authentication
• UNC authentication
• .NET Passport Authentication (Removed in Windows Server 2008 and IIS 7.0)^[19]
• Certificate authentication

IIS 7.0 has a modular architecture. Modules, also called extensions, can be added or removed individually so that only modules required for specific functionality have to be installed. IIS 7 includes native modules as part of the full installation. These modules are individual features that the server uses to process requests.^[20]

IIS 7.5 includes the following additional or enhanced security features:^[21]

• Client certificate mapping
• IP security
• Request filtering
• URL authorization

Authentication changed slightly between IIS 6.0 and IIS 7, most notably in that the anonymous user which was named «IUSR_{machinename}» is a built-in account in Vista and future operating systems and named «IUSR». Notably, in IIS 7, each authentication mechanism is isolated into its own module and can be installed or uninstalled.^[19]

IIS 8.0 offers new features targeted at performance and easier administration. The new features are:

• Application Initialization: a feature that allows an administrator to configure certain applications to start automatically with server startup. This reduces the wait time experienced by users who access the site for the first time after a server reboot.^[22]
• Splash page during application initialization: the administrator can configure a splash page to be displayed to the site visitor during an application initialization.^[22]
• ASP.NET 4.5 support: With IIS 8.0, ASP.NET 4.5 is included by default, and IIS also offers several configuration options for running it side by side with ASP.NET 3.5.^[23]
• Centralized SSL certificate support: a feature that makes managing certificates easier by allowing the administrator to store and access the certificates on a file share.^[24]
• Multicore scaling on NUMA hardware: IIS 8.0 provides several configuration options that optimize performance on systems that run NUMA, such as running several worker processes under one application pool, using soft or hard affinity and more.^[25]
• WebSocket Protocol Support^[26]
• Server Name Indication (SNI): SNI is an extension to Transport Layer Security, which allows the binding of multiple websites with different hostnames to one IP address (similar to how Host Headers are used for non-SSL sites).^[27]
• Dynamic IP Address Restrictions: a feature that enables an administrator to dynamically block IPs or IP ranges that hit the server with a large number of requests^[28]
• CPU Throttling: a set of controls that allow the server administrator to control CPU usage by each application pool in order to optimize performance in a multi-tenant environment^[29]

IIS 8.5 has several improvements related to performance in large-scale scenarios, such as those used by commercial hosting providers and Microsoft’s own cloud offerings. It also has several added features related to logging and troubleshooting. The new features are:

• Idle worker-Process page-out: a function to suspend idle sites to reduce the memory footprint of idle sites^[30]
• Dynamic Site Activation: a feature that registers listening queues only to sites that have received requests^[31]
• Enhanced Logging: a feature to allow the collection of Server variables, request headers and response headers in the IIS logs^[32]
• ETW logging: an ETW provider which allows collecting real-time logs using various Event-tracing tools^[33]
• Automatic Certificate Rebind: a feature that detects when a site certificate has been renewed and automatically rebinds the site to it^[34]

Express[edit]

IIS Express, a lightweight (4.5–6.6 MB) version of IIS, is available as a standalone freeware server and may be installed on Windows XP with Service Pack 3 and subsequent versions of Microsoft Windows. IIS 7.5 Express supports only the HTTP and HTTPS protocols. It is portable, stores its configuration on a per-user basis, does not require administrative privileges and attempts to avoid conflicting with existing web servers on the same machine.^[35] IIS Express can be downloaded separately^[36] or as a part of WebMatrix^[37] or Visual Studio 2012 and later.^[38] (In Visual Studio 2010 and earlier, web developers developing ASP.NET apps used ASP.NET Development Server, codenamed «Cassini».)^[39] By default, IIS Express only serves local traffic.^[40][38]

Extensions[edit]

IIS releases new feature modules between major version release to add new functionality. The following extensions are available for IIS 7.5:

• FTP Publishing Service: Lets Web content creators publish content securely to IIS 7 Web servers with SSL-based authentication and data transfer.^[41]
• Administration Pack: Adds administration UI support for management features in IIS 7, including ASP.NET authorization, custom errors, FastCGI configuration, and request filtering.^[42]
• Application Request Routing: Provides a proxy-based routing module that forwards HTTP requests to content servers based on HTTP headers, server variables, and load balance algorithms.^[43]
• Database Manager: Allows easy management of local and remote databases from within IIS Manager.^[44]
• Media Services: Integrates a media delivery platform with IIS to manage and administer the delivery of rich media and other Web content.^[45]
• URL Rewrite Module: Provides a rule-based rewriting mechanism for changing request URLs before they are processed by the Web server.^[46]
• WebDAV: Lets Web authors publish content securely to IIS 7 Web servers, and lets Web administrators and hosters manage WebDAV settings using IIS 7 management and configuration tools.^[47]
• Web Deployment Tool: Synchronizes IIS 6.0 and IIS 7 servers, migrates an IIS 6.0 server to IIS 7, and deploys Web applications to an IIS 7 server.^[48]

Usage[edit]

According to Netcraft, in February 2014, IIS had a «market share of all sites» of 32.80%, making it the second most popular web server in the world, behind Apache HTTP Server at 38.22%. Netcraft showed a rising trend in market share for IIS, since 2012.^[49] On 14 February 2014, however, the W3Techs shows different results. According to W3Techs, IIS is the third most used web server behind Apache HTTP Server (1st place) and Nginx. Furthermore, it shows a consistently falling trend for IIS use since February 2013.^[50]

Netcraft data in February 2017 indicates IIS had a «market share of the top million busiest sites» of 10.19%, making it the third most popular web server in the world, behind Apache at 41.41% and nginx at 28.34%.^[51]

Security[edit]

IIS 4 and IIS 5 were affected by the CA-2001-13 security vulnerability which led to the infamous Code Red attack;^[52][53] however, both versions 6.0 and 7.0 have no reported issues with this specific vulnerability.^[54] In IIS 6.0 Microsoft opted to change the behaviour of pre-installed ISAPI handlers,^[55] many of which were culprits in the vulnerabilities of 4.0 and 5.0, thus reducing the attack surface of IIS.^[53] In addition, IIS 6.0 added a feature called «Web Service Extensions» that prevents IIS from launching any program without explicit permission by an administrator.

By default IIS 5.1 and earlier run websites in a single process running the context of the System account,^[56] a Windows account with administrative rights. Under 6.0 all request handling processes run in the context of the Network Service account, which has significantly fewer privileges, so should there be a vulnerability in a feature or custom code it won’t necessarily compromise the entire system given the sandboxed environment these worker processes run in.^[57] IIS 6.0 also contained a new kernel HTTP stack (http.sys) with a stricter HTTP request parser and response cache for both static and dynamic content.^[58]

According to Secunia, as of June 2011, IIS 7 had a total of six resolved vulnerabilities while^[54] IIS 6 had a total of eleven vulnerabilities, out of which one was still unpatched. The unpatched security advisory has a severity rating of 2 out of 5.^[54]

In June 2007, a Google study of 80 million domains concluded that while the IIS market share was 23% at the time, IIS servers hosted 49% of the world’s malware, the same as Apache servers whose market share was 66%. The study also observed the geographical location of these dirty servers and suggested that the cause of this could be the use of unlicensed copies of Windows that could not obtain security updates from Microsoft.^[59] In a blog post on 28 April 2009, Microsoft noted that it supplies security updates to everyone without genuine verification.^[60][61]

The 2013 mass surveillance disclosures made it more widely known that IIS is particularly bad in supporting perfect forward secrecy (PFS), especially when used in conjunction with Internet Explorer. Possessing one of the long term asymmetric secret keys used to establish a HTTPS session should not make it easier to derive the short term session key to then decrypt the conversation, even at a later time. Diffie–Hellman key exchange (DHE) and elliptic curve Diffie–Hellman key exchange (ECDHE) are in 2013 the only ones known to have that property. Only 30% of Firefox, Opera, and Chromium Browser sessions use it, and nearly 0% of Apple’s Safari and Microsoft Internet Explorer sessions.^[62]

See also[edit]

• IIS Metabase
• Logparser
• Microsoft Personal Web Server
• Windows Activation Services
• Comparison of web servers
• List of mail servers

References[edit]

External links[edit]

• Official website

Internet Information Services (IIS) is a web server that satisfies requested HTML files or pages. It is offered as an optional feature in Windows that allows you to host and manage websites locally on your computer.

If you are a developer and wish to test out a website before publishing it, or want to run an internal Content Management System (CMS) for an organization, then you need to enable IIS on the server to host it.

This post shows you how to enable or disable the feature if needed, how to check its version, and for whom it is useful.

What is Internet Information Services (IIS)

As we mentioned, IIS is used to host HTML websites or static pages that can be accessed from the internet or the intranet. An IIS web server accepts requests from remote computers and then returns the appropriate response using ASP.NET.

IIS works through different protocols and languages. HTML is used to create the elements, which include text, placement holders, actionable buttons, hyperlinks, etc.

The ASP.NET Core framework is the latest generation of Active Server Pages (ASP), which is a server-side script engine that produces interactive webpages. When a request comes to the IIS server from the internet, it forwards it to the ASP.NET Core application, which in turn processes the request and sends its response back to the IIS server and the client who initially originated the request.

IIS has been released with different versions for the different operating systems. So, to check which version is on your PC, you must first install it. However, the table below lists which IIS version is shipped with which operating system.

How to Enable IIS on Windows

Perform the following steps to enable IIS on a Windows PC:

1. Open Windows Features by typing in optionalfeatures in the Run Command box.

   

2. From the Windows Features window, scroll down and expand Internet Information Services. Then check the boxes below it to enable the selective IIS features.

   

3. Once done, click Ok. The wizard will now attempt to apply the changes.

4. Once completed, click Close.

   

IIS will now be installed on your PC.

If you no longer require it in the future, disabling it is just as easy. Simply open the Windows Features again and uncheck the IIS options.

How to Check if IIS is Installed

To confirm that IIS is installed on your computer, open any web browser, paste the following in the address bar, and then hit Enter.

http://localhost/

You should now see a screen somewhat like the one below.

Note: The display can be different depending upon which version of IIS is running on your PC.

How to Check IIS Version

From Internet Information Services (IIS) Manager

To check which IIS version has been installed on your PC, perform the following:

1. Search for “IIS Manager” from the Search box in the taskbar and open it.

   

2. From the manager, click Help from the top ribbon menu, then click About Internet Information Services.

   

3. You will now find the complete IIS version in the pop-up window.

   

   From Registry Editor

   You can also determine the IIS version from Windows Registry. Here is how:

   Note: Misconfiguration of critical values in the system’s registry could be fatal for your operating system. Therefore, we insist that you create a system restore point before proceeding forward with the process.

   1. Open the Registry Editor by typing in regedit in the Run Command box.

      

   2. Now paste the following into the address bar at the top for quick navigation:

      Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp

      

   3. You can now see the IIS version in front of the VersionString value in the right pane of the Editor.

From PowerShell

To obtain the IIS version using Windows PowerShell, run the following cmdlet in an elevated PowerShell instance:

Get-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp\ | Select-Object

You should then be able to see the IIS version in the data listed below the command.

Closing Words

Not everyone needs to enable IIS on their computers. We recommend you disable it if you do not need it.

IIS is only required if you plan to host a website or static HTML page on your computer. That said, enabling or disabling it is a piece of cake thanks to the Windows interface.

Maybe you like to know What does IIS stand for? The term IIS server is known as the Internet Information Services Server. It is a window server that is based upon the web application. In addition, the primary purpose of this server is to send the web content across the internet to the users. Moreover, it is essential to know: what is IIS server? Once you know the definition, it will be easier for you to understand the whole concept.

What is internet information services?
The IIS server or Internet information services (formerly Internet Information Server) is a flexible web server. It belongs to Microsoft, which operates on Windows systems. It serves the HTML pages or files which are requested.

The webserver accepts or takes the requests from the remote client computers and sends back the valid and accurate response. It is an essential function of it which permits a web server for sharing and delivering the information. This information is provided across the LAN (Local area networks), including corporate intranets and WAN (Wide area networks) that consists of the internet.

There are numerous forms of web server; it sends information to the users. These forms include static web pages that are coded in HTML via file exchanges. Not only this but image files, text documents are also part of it.

suggest you read our article about what is windows hosting

How IIS Works?

When the person first heard the term what internet information services are, numerous questions strike in it. These questions are like the purpose of IIS, What is IIS used for, and so on. The most common question is: what is an IIS and how it works?

So here is the list of some vital information related to the working criteria of internet information services.

The working criteria of IIS depend upon the numerous standards of protocols and languages. Moreover, HTML is used to create the elements. These elements include text, image placements, buttons, and so on. Hypertext Transfer Protocol is also named HTTP. It is an essential communication protocol that is preferred for exchanging information between web servers and users. (In the case you want to know What is Windows Server 2022? , this article can help you!)



In addition to it, encrypting the communication and adding the security HTTPS—HTTP over Secure Sockets Layer (SSL)—uses the Transport Layer Security or SSL. The files can transfer via the FTP or its secure variant FTPS. The term FTP stands for the File Transfer Protocol. The SMTP supports sending and receiving the email, whereas the Network News Transfer Protocol delivers the articles on Usenet.

suggest you read our article about how to redirect http to https

Features of IIS Web Server

The IIS server is a central server that uses the widespread. It offers numerous features, but it is also a fruitful tool for several IT administrators. The primary use of IIS is for the hosting of ASP.NET status websites and web applications. Apart from it, here is the list of IIS features, which helps you clear the concept of what is IIS Server?

1- Authentication

Authentication is an essential feature of the IIS server (internet information services), which includes several options. These options are Windows auth, ASP.NET, and Basic. For the Windows Active Directory, Windows auth is fruitful. This is because of letting the user sign into the web applications automatically through a domain account.

2- Security

This server also has security features such as biding so SFTP and HTTPS can manage the TLS certificates and filter the request. Due to it, the users can easily allow and block the traffic.

3- Remote Management

The feature of remote management permits what is an IIS for manning via either the CLI or PowerShell. In addition to it, the user can create the script yourself.

These are some features that make this webserver versatile and highly configurable. You can easily create a stable, effective, and flexible Windows IIS Server if you extend it.



If you aim to learn What is Windows 11 , this post can help you!

IIS Works With The Asp.net Core

The ASP.NET Core framework is categorized as the latest generation of ASP. The term ASP is an Active Server Page, which is a server-side script engine. It begets the interactive web pages. Moreover, the web sends the IIS server request that delivers the request to the ASP.NET Core Application. Further, it starts processing the request and has its response to the IIS server after that again.

If you are interested to know how does a web server work , don’t miss this post!

It sends the request back to the IIS server and to those users who established the request. In addition to it, developers have the opportunity to produce the IIS website with several tools. These tools include WebDAV. It can help create and publish web content. Moreover, they can also prefer the integrated development tools. When it comes to the integrated development tools, then they have the option of Microsoft Visual Studio.

The information mentioned above will clear all your queries about what is internet information services and how it works. Moreover, there are various versions of IIS available. After getting the information about what is IIS Server is, let’s discuss its features.

Available IIS Versions

Here is the list of numerous available versions of IIS.

• First and foremost is IIS 6 or Window Server 2003. It is the oldest version of Internet information services. It added support to IPv6. However, there is not any update related to the previous version.
• The IIS7 is a compatible version of IIS with Windows Vista. Moreover, IIS7 enhanced security and offered support measures for the .NET framework.
• The next version of IIS is IIS 7.5. This IIS version is available on Windows 7, including the added support to TLS 1.1 and 1.2.
• After that, IIS 8 consists of the support for SNL. In addition to that, Windows Web Server 2012 comes with the available support offering, which is available unless 2023.
• The IIS 8.5 is generally for Windows 8.1 and has the extra login capabilities and the utility of activating the dynamic site.
• The IIS 10 does not only have support for Windows PowerShell 5.0 but also for HTTP/2.

If you are interested to know what is web hosting in php , don’t miss this post!

How to install IIS?

Now that you know what is iis and how it works, Follow the instructions below to install IIS on a server running Microsoft Windows.

The following are the instructions for installing IIS (Internet Information Service):

1. First, open the control panel.

2. Search for “Applications” from the available options below and select them.

3. Now click on the Turn Windows feature on and off option, possibly under “Programs and Features,” as shown in the image below.

4. Clicking “Turn Windows features on and off” opens a command like the following:

When the request is open, search for “Internet Information Services” among the options given below and check it to expand the other option.

5. Now click on option 3, “World Wide Services”.

Double-click on the first option, “Application Development Features,” under “World Wide Services”.

Check the “CGI” option, and you can also select several other options if needed.

6. Click the Ok button and wait for the changes to take effect.

After completing the changes, it may request a system reboot, so just let it go and complete the installation. You can now use Internet Information Services by typing “IIS” in the Windows search box.

Instructions for installing Internet information services using PowerShell:

Type “PowerShell” in the window search box and click “Windows PowerShell.”

After opening PowerShell, type the following command:

<Install WindowsFeature -name Web Server? IncludeManagementTools>

Now press “Enter”.

How IIS Processes Requests

A typical web server can use two main processing models. It can process requests according to a single-string model or create a new string for each request. The thread system is a model request IIS uses, which accesses a thread pool and takes a unique series for each request.

Requests are usually processed based on a simple request-response. The customer sends a request, and a response is sent. The Internet connection between the client and the webserver is usually made via the HTTP protocol.

IIS uses its processing engine and processing architecture with two layers or modes: kernel mode and user mode.

Kernel mode: When kernel mode is used, the code can execute any command and has full access to the connected equipment. This mode is mainly used when it is a reliable process and is primarily invulnerable. Any failure in the kernel-mode can cause a lot of damage to the system itself. Kernel mode is also where you will find HTTP.SYS.

User mode: User mode is more limited. In this case, the executed code can not access the hardware or reference memory and provides a more secure working environment. If a mistake is made, the consequences are unlikely to be as devastating as if the error had occurred in the kernel state. Code executed in user mode instructs APIs to communicate with equipment and reference memory, which is much more secure than kernel mode. You will find IIS management services, application pools, and virtual directories in user mode.

The purpose of kernel-mode is to use HTTP.SYS to accept incoming client requests to send them to the application pool. This process begins when the customer or end-user enters the website URL. This is the customer requesting access to the page. HTTP.SYS receives this request.

When the application pool receives the request from HTTP, SYS, the ISAPI filter is loaded by the IIS worker process or w3wp.exe. If it is an ASPX page, it also opens the worker process HttpRuntime.ProcessRequest and sometimes aspnet_isapi.dll. HttpRuntime creates a set of HttpApplication objects. These are sent over HTTP, and HTTP modules are continuously excited until the HTTP controller requests the ASP.NET page. When the HTTP route request is complete, the page starts and loads.

Differences between IIS and Apache

IIS is only available for Windows, but Apache can be used on various operating systems such as Mac, Linux, and Windows. And it is a good alternative.

IIS has its troubleshooting desk, but in the case of Apache, almost all of its support is provided by the user community.

Internet information services can also integrate with multiple generations or Microsoft languages, such as the ASPX programming language.

IIS security features are more reliable than the Apache web server, making it a better option than the Apache.

Conclusion

In the end, this information is all about the what is an IIS Server or what is internet information services and its working criteria. The essential features make it flexible and popular. You must have an understanding of ports for working with the IIS server. If you need more help check this article out!

Frequently Asked Questions

What Does the Internet Information Services (IIS) Role Do?

It is one of the common questions among users. It is good to know that it makes the server act as a web server.

what language is iis written in?

internet information services written in C++ language.


Suggest you read our article about windows server 2019 features

Websites are the most common type of internet content today. But to ensure that your website is visible to the widest possible audience, you’ll need to host your website on a web server. How? Consider turning to Windows Internet Information Services (Windows IIS), a popular choice for web hosting.

Not a reader? Watch this related video tutorial!

Not seeing the video? Make sure your ad blocker is disabled.

In this tutorial, you’ll learn the basics of getting started with Windows IIS for web application management via the GUI or command-line environment!

Read on and level up your manage your web applications with Windows IIS!

Prerequisites

This tutorial will be a hands-on demonstration. If you’d like to follow along, be sure you have:

• A Windows machine – This tutorial uses Windows Server 2012 since it’s stable and available at a low cost (or free). But you can also use Windows 10 for this tutorial.
• Visual C++ distribution installed on your Windows machine. IIS requires Visual C++ to render PHP pages correctly.

Installing Windows IIS on a Windows Server

IIS Web Server offers rich functionality and scalability for hosting websites and services on Windows operating systems. But before using IIS, you must first install this tool on your Windows machine.

To install Windows IIS on a Windows Server:

1. Press Ctrl+R to open the Run box In, type ServerManager, and press Enter.

This action opens up the Server Manager Dashboard. IT admin uses this GUI dashboard for various day-to-day tasks related to server administration.

2. On Server Manager, click the Add Roles and Features link to open a wizard, where you can add role services and features to your local server.

3. Next, read the information on the Before you begin page and click Next.

You can also tick on the Skip this page by default option so you won’t see this page again the next time you add roles and features.

4. Now, on the Installation Type page, select the first option (Role-based or feature-based installation), and click Next.

This option is recommended in most cases, which walks you through adding specific roles, role services, and features in a standard way.

If you choose the second option (Remote Desktop Services installation), you have to manually select the required roles, services, and features for installation.

5. Select your server from the server pool, and click Next.

You can also select multiple servers for a distributed installation, but that’s outside the scope of this tutorial.

6. Next, tick the Web Server(IIS) check box on the Server Roles page for a scalable Web application infrastructure, and click Next.

7. Leave the defaults selected, and click Next. This action tells Windows to install all required sub-features for the IIS server role, including ASP.NET, Static Content, and Default Document.

8. Review more information about the Web Server Role (IIS), and click Next.

9. On the Role Services page, leave the default selections, but expand the Application Development node, select the CGI check box, and click Next.

This option installs support for the Common Gateway Interface (CGI), a standard way of interfacing external applications with web servers.

10. After configuring the installation settings, click the Install button to install the selected roles and features.

11. Once the installation completes, as shown below, click Close to finish and exit the wizard.

And there it is! You’ve successfully installed Windows IIS on your server.

12. Finally, open your favorite web browser, and navigate to http://localhost/.

If all goes well, you’ll see the default IIS page like the one below, which confirms your web server is up and running.

Installing PHP and Configuring IIS to Handle PHP Requests

You’ve successfully installed Windows IIS on your server, but you still need a way to deploy pages on your server. And for this tutorial, you’ll install PHP and configure IIS to handle PHP requests.

To install PHP on your server:

1. Navigate to the PHP release download page. At the time of this writing, the latest stable release is PHP 8.1.

Download the Non Thread Safe (NTS) ZIP package since IIS uses a single thread to handle each request. The Thread Safe(TS) package is for IIS FastCGI, which enables PHP to run in a multithreaded environment.

2. Unzip the downloaded PHP archive to the PHP directory (C:\PHP\) on your server.

After unzipping the archive, you’ll have to install and configure IIS so you can manage and deploy web applications.

3. Open your Server Manager, select Dashboard → Tools → Internet Information Services (IIS) Manager. This action opens the IIS Manager console, where you can configure IIS settings, create and manage websites, and deploy web applications.

4. Now, select your localhost (Connections panel), and double-click on Handler Mappings to access the list of handler mappings available.

5. On the Handler Mappings page, click on Add Module Mapping (right panel), which opens the Add Module Mapping dialog box.

6. Next, configure the new mapping with the following:

• Request path – Type in *.php to tell IIS to forward all requests ending with .php to the PHP processor module. The wildcard symbol (*) lets you save time since you don’t have to add a handler mapping for each PHP file.

• Module – Choose FastCgiModule to specify that the FastCGI module should handle the requests.

• Executable – Enter the full path to the php-cgi.exe file. In this example, the path is C:\PHP\php-cgi.exe.

• Name – Provide a unique module mapping name, but this tutorial uses PHP_FastCGI.

• Click on Request Restrictions to configure request restrictions.

7. Tick the checkbox, and choose the File or Folder option. This option ensures the handler mapping only applies to files on the server.

8. Navigate to the Verbs tab, and choose the All verbs option. This option tells IIS to forward all types of HTTP requests, such as GET, POST, and HEAD, to the PHP processor module.

9. Now on the Access tab, choose the Script option, and click OK. This option tells IIS that the PHP pages are scripts to be executed rather than static files to be served directly.

10. Back to the Add Module Mapping, click OK to add the new module mapping.

11. Finally, open PowerShell as admin, and run the IISRESET command to restart Windows IIS. This action is necessary for the new handler mapping to take effect.

Deploying Your First Website

Now that you have PHP installed and IIS configured, the most exciting part comes — deploying your website. But first, you need a website to deploy. You’ll create and deploy a basic PHP page to your IIS server in this example.

1. Create a new index.php file in your favorite text editor in the website’s root directory. In this example, the website’s root directory is C:\inetpub\wwwroot\.

The .php extension tells IIS that the index.php file is a PHP page to be processed by the PHP processor module.

2. Next, add the following code to your new index.php file, save your changes and close the file.

The code below tells IIS to display a simple “Hello World” message on a PHP page in your browser.

<?php
header('Content-Type: text/html; charset=UTF-8');
echo '<html><head><title>Hello World</title></head><body>Hello world!</body></html>';

3. Lastly, open a new tab on your web browser, and navigate to http://localhost/index.php to request your index.php page from the local IIS server. Doing so lets you test if your website deployment works.

If all goes well, you’ll see the Hello world! message on the index.php page, as shown below.

Managing Windows IIS via Command Line Environment

Big fan of using CLI? No problem! Apart from the GUI, IIS can also be managed using the command prompt. With this tool, you can manage almost all aspects of IIS, including sites, applications, virtual directories, application pools, etc.

In this tutorial, you’ll touch on some of the basic commands to manage IIS. But for a complete list of all the available AppCmd.exe commands, check out the official Microsoft documentation.

1. Open command prompt as administrator, and run the below commands to list all the websites (site) available in your IIS server.

%systemroot%\system32\inetsrv\APPCMD list sites

You will see a list of all the sites currently running on your server and some basic information about each site, such as the ID, state, etc.

Too generic? No problem! You can also use AppCmd.exe to query about a specific website in the following step to drill down on the information you’re interested in.

2. Run the below command to get all information about the Default Web Site.

%systemroot%\system32\inetsrv\APPCMD list site "Default Web Site"

3. Next, run the following commands to stop a specific website and list all stopped websites (/state:Stopped).

You can replace the stopped state with other site states, such as starting, running, or unknown.

%systemroot%\system32\inetsrv\APPCMD stop sites "Default Web Site"
%systemroot%\system32\inetsrv\APPCMD list sites /state:Stopped

4. Now, run the below command, combining multiple criteria separated by a space, to filter down the results further.

The command below lists all sites that are in a stopped state (/state:Stopped) and have server-level autostart enabled (/serverAutoStart:true).

%systemroot%\system32\inetsrv\APPCMD list sites /serverAutoStart:true /state:Stopped

5. Lastly, run the command below to start the website you stopped in step three (“Default Web Site”).

Conclusion

You’ve seen how Windows IIS lets you manage your websites. And in this tutorial, you’ve learned to install and configure IIS on a Windows Server to deploy and test a basic PHP website. Windows IIS is a versatile tool that lets you manage your websites via GUI and a command-line environment.

With this newfound knowledge, you’re ready to start building your websites and applications on IIS! Why not learn how to create a WordPress site on IIS next?

IIS (Internet Information Services) or Windows Web Server is a web server that hosts websites and web applications. As it stands, IIS is the second most popular Windows web server in the world (second only to Apache HTTP).

Internet Information Services (IIS, formerly Internet Information Server) is a Microsoft web server created for use with the Windows NT family.

Windows Web Server first hit the scene in 1995 and since then there has been a different version of IIS available for almost every Windows operating system on the market.

Here’s our list of the best third-party tools for using with IIS Windows Web Server:

1. SolarWinds Server & Application Monitor EDITOR’S CHOICE Monitors servers and the applications that run on them, including IIS sites. This monitor will track the availability of IIS servers and websites – statuses are shown live on the system dashboard and can also be sent as alerts when problems arise. The system monitors CPU usage, memory usage, response time, disk usage, and other key server statuses.
2. ManageEngine Applications Manager (FREE TRIAL) A server and application monitoring system that includes specialized screens for IIS monitoring. Runs on Windows Server and Linux.
3. Datadog Infrastructure with IIS integration (FREE TRIAL) This is a cloud-based monitoring system that tracks the connections between applications and services and includes specialized IIS monitoring.
4. ManageEngine EventLog Analyzer (FREE TRIAL) This package of log management and analysis services creates a SIEM for protecting many applications, including IIS. Runs on Windows Server and Linux.
5. Paessler PRTG Network Monitor (FREE TRIAL) This monitoring system is ideal for IIS management because it monitors network and server statuses as well as application performance.
6. Dynatrace A cloud-based monitoring service that can watch the performance of servers, applications, and services, including IIS.
7. AppDynamics A SaaS package that has excellent fault investigation tools for IIS.
8. IIS Crypto A free extension for IIS that enables you to change IIS statuses, features, and services.
9. G Enterprise Uses external agents to monitor the performance of IIS-based websites.

Version History

Generally speaking, the last version of IIS that is suitable for an enterprise environment is IIS 6 or Microsoft Windows Server 2003. If you try to use any later version of the product you will struggle to function within a fast-paced environment. Below we’ve included a brief breakdown of the version history:

As it stands, IIS 8.5 is the best version in terms of security and features. Once the beta has been completed for IIS 10 then we recommend you make the transition.

How to Install and Configure IIS Server Software

It may surprise you to know that while IIS server does come with Windows it isn’t accessible unless you install it. However, the installation and configuration process is relatively straightforward.

1. To begin, open the Control Panel and click Add or Remove Programs.
2. Next click Add/Remove Windows Components.
3. Check the Internet Information Services (IIS) box and click Next.
4. Click Finish.

As you can see, the basic installation process is swift. Once you’ve installed IIS server it is time to configure it.

If you want to use PowerShell to install IIS Windows server then you can do this by entering the following command:

< PS C:\> Install-WindowsFeature -Name Web-Server -IncludeManagementTools >

See also: Powershell Cheatsheet

How does IIS server work?: IIS Processing Model

As a web server IIS has its own Process Engine that handles all requests from client to server. Essentially a client sends a request to the server and then IIS processes that request and sends a response to the client. The processing architecture of IIS can be separated into two distinct layers:

• Kernel Mode – Executed code has complete access to connected hardware and can execute any command. Kernel Mode is mainly used for trusted processes. Crashes in Kernel Mode are devastating to the overall system. You can find HTTP.SYS within Kernel Mode.
• User Mode – In this mode, any code you execute are commands short of accessing hardware or reference memory. This affords an extra layer of protection against mistakes and can be recovered much more quickly. When you execute code in user mode it delegates APIs to interact with hardware and reference memory instead. In User Mode, you’ll find Web Admin Service, Virtual Directory, and Application Pool.

Kernel Mode has the job of using HTTP.SYS to accept requests from a client and forwarding them on to an application pool. This is initiated when the client clicks on or enters the site URL, and requests access to the page. HTTP.SYS captures these requests and adds a queue for each application pool.

Once a request has been forwarded to the application pool, the Worker Process or w3wp.exe (outlined below) loads the ISAPI filter. Depending on the request, the Worker Process opens HttpRuntime.ProcessRequest and if it is an APSX page loads “aspnet_isapi.dll” as well.

The launch of Http.Runtime.ProcessRequest shows that processing has begun. The HttpRuntime process builds a pool of HttpApplication objects, which are then passed on through HTTP. HTTP Modules continue to be activated until the request reaches the HTTP handler of the ASP.NET page. Once the request has passed on through the HTTP route, the page starts.

As you can see, the Worker Process and the Application Pool are two fundamental concepts in the world of IIS. Below we’re going to look further at what these two concepts actually mean:

Application Pool

On the other hand, the Application Pool acts as a container. It contains the Worker Process and segregates multiple applications from each other. This is true whether they are running on one or multiple servers. One application pool can contain multiple websites. Putting it another way, an application pool is basically a group of URLs that have been served by worker processes. Separating applications from one another simplifies management and ensures that if one application pool experiences an error, the others do not.

Configuring IIS Server Software

1. Locate the My Computer icon on your desktop and click Manage.
2. Click on the Services and Applications option in the Computer Management box.
3. Click on Internet Information Services and then Web Sites.
4. If your default node hasn’t started, right-click on the Default Web Site node.

Configuring IIS Websites and Active Directories

One of the main reasons why people use IIS is to deploy web applications. With IIS and the Advanced Installer utility, you can deploy web applications on multiple servers very quickly. This also has the advantage of eliminating the need to add new configurations for each machine.

The first step when configuring websites is to open the Files and Folders view. From here you can examine your current application files and add new ones. You want to make sure that your application files are placed in their individual directory (The admin panel of the website you connect to will use these later).

Once you’ve done this switch to the IIS Server view and enter your new website name using the New Web Site toolbar.

At this point, you need to configure your website settings for HTTP and HTTPS. You also need new SSL options for your website. In the section below we show you how to configure a website or folder with SSL and HTTPS:

1. Log on to your computer as an Administrator.
2. Press Start and go to Settings. Click Control Panel.
3. Double-click on Administrative Tools and Internet Services Manager.
4. In the left-hand pane select the website you want to configure.
5. Right-click on your website (or folder or file) that you want to configure SSL for and click Properties.
6. Click on the Directory Security tab.
7. Select Edit.
8. To add SSL as a requirement, click Require Secure-Channel (SSL).
9. Next click Require 128bit Encryption.
10. (Optional) If you want users to connect regardless of whether they have a certificate, click Ignore client certificates. If you want to block users without a certificate, select Accept client certificates.

Securing IIS Web Server with Secure Sockets Layer (SSL)

Most enterprise users are naturally going to want to secure their data against unauthorized access. This can be done through the use of SSL. SSL allows you to encrypt all the data that you transmit. This prevents any outside entities from getting access to data they don’t have permission. To use SSL to secure your server, you need to install a server certification on the server machine. The first step to enabling SSL is to create a certificate. This can be achieved by following the steps below:

1. Install Windows Server 2003.
2. Ensure that you have IIS Web server installed and configured.
3. Install Microsoft Certificate Services (this allows you to create authentication certificates).
4. Open Internet Explorer and browse for Microsoft Certificate Services (http://MyCA/certsrv).
5. Click Request a Certificate and click Next.
6. Next click Advanced request.
7. Click Next, then submit a certificate request to this CA using a form. Click Next. This will raise the certificate request form and add the domain name of your server machine.
8. Now click Server Authentication Certificate in the Intended Purpose or Type of Certificate Needed field.
9. Select either Microsoft RSA SChannel Cryptographic Provider, Microsoft Base Crypto Provider version 1.0 or Microsoft Enhanced Cryptographic Provider. (Take extra care not to select Microsoft Strong Cryptographic Provider).
10. Select the Use Local Machine store box and verify that Enable Strong Private Key Protection is unchecked.
11. Click Submit. Now you will either have the certificate installed immediately or you will have to wait for it to be administered by the CA administrator.

Designating an SSL Server Certificate to a website

To add an SSL server certificate to a website:

1. Open IIS Manager, click on Local Computer, and then the Web Sites folder.
2. Look for the website that you want to assign the certificate to and right-click Properties.
3. Next, click the Directory Security section and click Server Certificate. (You’ll find this under Secure Communications).
4. Raise the Web Server Certificate Wizard and press Assign an existing certificate.
5. Complete the Web Server Certificate Wizard process. Once completed, go to the Properties page, select the Directory Security tab and press the View Certificate button (here you can view more information about the certificate).

Virtual Directories

IIS web server not only allows you to create sites and applications but also allows you to create virtual directories. In IIS you specify a name that maps to a physical directory. The direct name provides users with a way to access the content hosted on a server quickly. In many cases, this is another website, but it can be smaller media elements like photos and videos.

In the older IIS 6.0, virtual directories and applications were considered to be separate objects. An application was comprised of the following metabase components:

• AppFriendlyName
• AppRoot
• AppIsolated
• AppPoolID

As of IIS 7.0 and after, virtual directories and applications are still considered as separate objects but they also exist in a hierarchy. For example, one website can contain multiple applications. In turn, one website can contain multiple virtual directories that lead to a physical directory on a computer.

Log Files

Log files are used to record a variety of actions on your server. Loading up the log files will show you everything from the date and time of the event, the IP address involved, and the quantity of data transmitted. Most of the time your log files can be found here:

< %SystemRoot%\system32\Logfiles\ >

On most contemporary versions of IIS Windows server, you can find your IIS log files by performing the following actions:

1. Click Start and Control Panel.
2. Click Administrative Tools and run Internet Information Services (IIS).
3. Look for your website on the left-hand side of the tree and select it.
4. Next, click the Logging icon.
5. Look for the dialog box at the bottom of the screen that says Directory, and click Browse.

If you’re using IIS 6 then:

1. Go back to step 3 of the instructions above.
2. Right-click on your website and click Properties.
3. Find the Website tab and look for the Active Log Format section.
4. Click the Properties button and look at the bottom of the box where the log file directory and log file name are shown.

Ports

Generally speaking, your server will use port 80 for all of your HTTP traffic. However, if this isn’t suitable for your needs, then you can change it as required. You can do this by following the steps below:

1. Open Internet Information Services (IIS Manager).
2. Right-click on your website then press Properties.
3. In the Properties window find the TCP port box and change it to a port of your choice.

Please note that if you change the port from the default setting when you go to open up your website, you will need to enter your domain name and the new port. For example: domainname:80 (type the number of the port you wish to use instead of 80).

Windows 8 and 8.1

On Windows 8.1 there are a couple of differences:

1. Type IIS Manager into the Search Box on the homepage.
2. Select Internet Information Services Manager in the search results.
3. On the left-hand side of the screen you’ll see a navigation tree; click Default Web Site.
4. Next, go to the sidebar on the right-hand of the screen and click Bindings.
5. Highlight http from the main view and click Edit.
6. Enter the new port you want to use in the Port text box.
7. Press Ok and click Close.
8. Go back to the left-hand tree and select the relevant server node.
9. Finally, click Restart Server from the sidebar on the right-hand side.

The Best Third-Party IIS Server Tools

With these selection criteria in mind, we looked for application and server monitoring packages that include specialized IIS integration.

1. SolarWinds Server & Application Monitor (FREE TRIAL)

SolarWinds Server & Application Monitor is an application monitoring platform that can monitor IIS sites. With SolarWinds Server & Application Monitor you can see the availability of IIS servers and websites.

Key Features:

• Application monitoring
• Server resource monitoring
• IIS integration
• SSL certificate management
• Activity alerts

Why do we recommend it?

The SolarWinds Server and Application Monitor deals with IIS under its applications remit. This system is an on-premises package, so it needs to be able to access the server on which the IIS is hosted – it doesn’t need to be resident on the same machine. The tool measures ISS activity and server resource availability.

Key metrics like CPU usage, memory usage, response time, and disk usage can all be monitored with this tool. If there is a problem with a site then you can automatically restart it to try and fix the issue.

Graphs and status buttons drive the monitoring experience. Graphs show you details about resource usage and other information so that you can see how an IIS website or server is performing.

For example, graphs are outlining IIS Average CPU and Memory Usage to show how many resources you have available. This helps you to know whether you need to buy more resources or not.

Security-wise, SolarWinds Server & Application Monitor can monitor SSL certificate expiration. The tool can tell you the dates when your SSL certificates expire and the number of days you have left before that point in time. Having this information on hand makes it easy to manage SSL certificates for multiple sites or servers without running the risk of them expiring.

Who is it recommended for?

This package runs on Windows Server – which is the host of IIS. The package is large and covers a lot of other applications, not just your Web server. This means that it is suited for large organizations that run their own Web servers. The tool includes alerts for performance problems and resource shortages.

As a performance monitoring solution for IIS, SolarWinds Server & Application Monitor has everything you need to manage IIS resources efficiently. It is also competitively priced, starting at $2,995 (£2,308). There is a 30-day free trial available.

2. ManageEngine Applications Manager (FREE TRIAL)

ManageEngine implements IIS monitoring within its Applications Manager software package. This monitoring tool can also track the performance of the Apache Web Server.

Key Features:

• Application dependency mapping
• IIS and Apache Web server integrations
• Performance tuning
• Server resource monitoring

Why do we recommend it?

ManageEngine Applications Manager provides scanning to identify all of your applications and populates the console with a list of what it needs to monitor. The tool also identifies which applications access other applications and also which services and resources support each application. This is great for IIS, which can be a choke point for application delivery.

Live status monitoring for IIS includes Application Pool monitoring. The main screen of the IIS monitor lists all operating application pools with a traffic light system that shows the availability and health of each. The system manager can then drill down into each application pool, should problems be indicated. The structure of the monitoring screens means that managers don’t get trapped by only viewing one part of the system and miss critical problems shown in other data screens.

An alerting system means that technical staff don’t have to sit and watch the Applications Manager screens. They can get on with other tasks – many of which would be supported by analytical and performance tuning utilities included in Applications Manager. Performance thresholds are set at levels that allow time for remedial action should problems arise.

Factors covered in Applications Manager screens for IIS include website uptime and response times recording. Other statistics include transfer speeds, connection statuses, counts of users and anonymous visitors, and page code accesses.

The Applications Manager also monitors physical server performance. So, it gives live feedback on server load and the interactions between IIS and its underlying support services. Key metrics such as disk and memory availability and usage and I/O speed are shown live in the application monitoring screens.

Who is it recommended for?

This monitoring tool can run on Linux or Windows Server – it tracks applications from across a network. It is also available as a service on AWS and Azure. There is a Free edition, which can only monitor five assets and that might not be enough to watch over IIS and its associated services.

The Applications Manager installs on Windows Server and Linux. ManageEngine makes the tool available for a 30-day free trial.

ManageEngine Applications Manager
Download 30-day FREE Trial

3. Datadog Infrastructure with IIS Integration (FREE TRIAL)

Datadog Infrastructure is a cloud-based monitoring system that traces the performance of applications and service that lie behind user-facing interfaces, such as websites.

Key Features:

• SaaS package
• Specialized IIS screens
• Connection monitoring

Why do we recommend it?

Datadog Infrastructure is a cloud-based system and it watches over all of the IT Bassets that support your systems between the user-facing applications and servers. The remit of this tool includes Web servers, such as IIS. The system is provided as a SaaS package. It is also able to monitor serverless functions.

The system, in its bare form, tracks basic services. However, the system can be expanded by integrations. There is an integration for IIS. The benefit of the integration system is that it avoids the dashboard for the system being cluttered with functions that monitor services that the customer doesn’t have. By this strategy, the subscriber adds on integrations for all relevant services when beginning a subscription to the monitoring system. The result of this adaptation process is a tailored monitoring service that focuses on just the applications and services that the subscribing business uses.

The IIS monitor tracks more than 180 metrics about the web server’s operations. The type of data that the monitor collects concerns the proper functioning of the services performed by IIS, such as managing connection and maintaining applications, such as HTTP. The dashboard shows connection counts in terms of requests served, those rejected and the number of connections dropped. The system notes service availability, latency, response times, and function calls.

As well as monitoring the IIS Web server, the Datadog Infrastructure service keeps track of the performance of load balancers and network services.

Who is it recommended for?

The Datadog Infrastructure is priced per host, that is, per physical server, which makes it accessible to all sizes of businesses. The Free edition is particularly appealing to small businesses – it will monitor up to five hosts with a data retention period of just one day. However, it will track the performance of IIS.

Datadog Infrastructure is a subscription service with a rate per month per host, although most customers take the cheaper option of paying annually. There are three editions to the service and the first of these is Free. That option doesn’t get access to the IIS integration and it can only monitor five hosts. The two paid plans are Pro and Enterprise. The higher plan includes machine learning for performance baselining and premium support. You can get a 14-day free trial of the system.

Datadog
Start 14-day FREE Trial

4. ManageEngine EventLog Analyzer (FREE TRIAL)

ManageEngine EventLog Analyzer provides a system-wide SIEM service for security monitoring and it has specific processes for tracking activity in IIS Web Server and IIS FTP Server. The service produces reports that can be viewed on screen. These display the top users of your Web server. You also get Web Server error reports and attack assessments for events such as DDoS attacks, cross-site scripting, and SQL injection.

Key Features: 

• IIS activity reports
• Security breach detection
• Error monitoring

Why do we recommend it?

ManageEngine EventLog Analyzer provides activity monitoring, error reporting, and security monitoring for IIS Web Server and also monitors IIS FTP Server. The package is a log manager and SIEM system so you get system-wide security protection from this system. The tool also includes compliance auditing and reporting functions.

The ManageEngine system operates with data from your IIS logs, so it doesn’t interfere with regular operations of the server – it won’t slow your server down with data gathering routines. The logs are sent to the EventLog Analyzer’s log server, which consolidates those messages with logs derived from other sources so that they can be searched and stored together.

The source of each log message in the collection is tagged and so it is still possible to analyze IIS logs separately. The system’s IIS FTP Server analysis also provides activity reports and error reports. You also get a record of issues such as password changes or other account management actions.

Suspicious actions in both the IIS Web Server and the IIS FTP Server raise alerts and also mark out the user account for further investigations. You can specify that these alerts should be channeled into your Service Desk system for technician attention. It is also possible to set up playbooks for automated remediation. The Evenlog Analyzer can coordinate actions in third-party tools, such as access rights managers and firewalls.

The EventLog Analyzer system provides a threat intelligence feed, which includes an IP address blacklist, so you can block requests from those sources immediately. The package also includes network security monitoring.

Who is it recommended for?

There is a Free edition of the EventLog Analyzer but that only provides log management and won’t give you IIS security monitoring. However, the base package for this system is reasonably priced and accessible for small businesses. There is also a version for multi-site monitoring, so this system is suitable for use by businesses of all sizes.

The software for EventLog Analyzer installs on Windows Server or Linux. The SaaS package for this module doesn’t include application log analysis and so won’t give you IIS protection. The on-premises EventLog Analyzer is available for a 30-day free trial.

ManageEngine EventLog Analyzer
Start 30-day FREE Trial

5. Paessler PRTG Network Monitor (FREE TRIAL)

PRTG Network Monitor is a free network monitoring tool that can be used to monitor IIS services. With PRTG Network Monitor you can use the dedicated Windows IIS Application Sensor to monitor sent and received bytes per second, number of sent and received files per second, number of anonymous and known users per second, number of common gateway interface requests per second, and more.

Key Features:

• IIS source code analysis
• Network and application interactions
• Server resource monitoring

Why do we recommend it?

Paessler PRTG Network Monitor doesn’t only monitor networks. It also tracks the performance of networks, applications, and services, including IIS. This flexible package is a bundle of monitoring tools, called “sensors” and you decide which of these to turn on. You can combine IIS monitoring with performance tracking for many other assets.

While monitoring IIS Windows server performance can be challenging, PRTG Network Monitor analyzes performance right down to the application source code. For instance, PRTG Network Monitor measures the loading time of the source code to spot problems as early as possible.

Likewise, alerts can be configured to alert you once a predefined threshold has been crossed. Alerts are sent to your email, SMS, or mobile device (through push notifications) to make sure that you’re always up-to-date.

PRTG Network Monitor can also monitor physical hardware performance. In many instances, the performance of physical hardware will have a tremendous impact on the performance of IIS services. As such, using PRTG Network Monitor’s infrastructure monitoring capabilities to track hardware CPU and memory can catch performance issues in their infancy.

The performance monitoring experience offered by PRTG Network Monitor is perfect for enterprises on a shoestring budget. PRTG Network Monitor is free up to the first 100 sensors.

Who is it recommended for?

The software for PRTG installs on Windows Server and it is also available as a SaaS platform. You pay for an allowance of sensors with the minimum quantity being 500. If you only want 100 sensors, you don’t have to pay anything. This makes PRTG a great tool for small businesses.

However, there are several paid versions available for larger organizations. Paid versions of PRTG Network Monitor start at $1600 (£1,233) for 500 sensors. You can download a 30-day free trial.

Download 30-day FREE trial
Paessler PRTG Network Monitor

6. Dynatrace

Dynatrace is an application monitoring platform that can monitor IIS server performance. Through the dashboard, you can view the availability of existing web servers and delve down into web server process groups.

Key Features:

• Service dependency monitoring
• Response time metrics
• Interactive mapping

Why do we recommend it?

Dynatrace is a SaaS package that has a discovery service at its heart. The system creates a dependency map that shows how services such as IIS fit into the entire IT asset landscape of a business. This enables the package to monitor multiple applications and services simultaneously and generate predictive alerts.

For instance, you can see active services and dependent applications with information like the application version immediately visible. Once you install the Dynatrace Agent you can also see All Requests, Response times, Response sizes, Active threads, CPU usage, and memory usage.

The fast-track configuration capabilities of Dynatrace make it a powerful tool. There is an autodiscovery feature that can automatically detect IIS web servers in your network. All you need to do is install one agent and Dynatrace will do the rest of the work for you. These services are then displayed to you on an interactive map so that you can view your IIS architecture in more detail.

Another great feature is the ability to visualize IIS service requests. On the Service Flow screen, you can view an IIS service from start to finish. Here you are shown a chart that details each service request type. This feature allows you to see what processes contribute to the response time of IIS.

Who is it recommended for?

Dynatrace is suitable for all sizes of businesses. However, those companies that have very many applications to manage would benefit the most from the system. It is able to monitor cloud services as well as on-premises software and servers. The tool isn’t so great at monitoring networks.

For end-to-end IIS monitoring, Dynatrace is one of the top performance monitors on the market. To find out the price of Dynatrace you’ll have to contact the company directly. However, there is a 15-day free trial.

7. AppDynamics

AppDynamics is an application performance monitoring solution that offers a flawless IIS monitoring experience. AppDynamics monitors the throughput, memory usage, Disk I/O, and CPU utilization of IIS web servers. The platform is straightforward to deploy and can be installed in just a few minutes.

Key Features:

• Traffic throughput
• Server resource tracking
• Traffic flow mapping

Why do we recommend it?

AppDynamics is a strong competitor to Dynatrace. Both systems deploy AI and provide predictive alerts. Like Dynatrace, AppDynamics is able to monitor IIS alongside many other applications and it watches all applications and services simultaneously. This tool will also combine the monitoring of cloud and on-premises services in one console.

The user interface is extremely user-friendly. IIS applications are automatically discovered and displayed as part of a flow map. The flow map displays the transactions that are occurring with a web server or application.

If you want to view memory information then clicking the memory tab will show you the real-time memory utilization of your resources. This information is displayed as line graphs so that you can view the change over time.

Where AppDynamics excels as a IIS monitoring solution is in its diagnostic capabilities. The tool automatically provides you with code level data if an application is slow or a bottleneck is detected. By viewing the code execution you can see where the problem originated and find a solution.

Who is it recommended for?

AppDynamics offer a basic plan, called Infrastructure, which will track the performance of your network, servers, and services, such as Web servers and databases, but you don’t get an application dependency map. Nevertheless, this plan is very cheap and a good choice for small businesses that don’t have many applications to track.

The root cause abilities of AppDynamics are essential for those who want a performance monitoring solution. AppDynamics supports Microsoft IIS Express 7.x, Microsoft IIS 6.0, Microsoft 7.0, Microsoft 7.5, and Visual Studio development server. You can download the 15-day day SaaS trial.

8. IIS Crypto

IIS Crypto is an IIS extension that can enable or disable protocols, hashes, and key exchange algorithms. The user interface is easy to use, with six main tabs: sChannel, Cipher Suites, Advanced, Templates, Site Scanner, and About.

Key Features:

• Extension to IIS
• Web server feature management
• Free to use

Why do we recommend it?

IIS Crypto is a free tool and it is more of a management system for IIS than a monitoring system. The tool operates as an add-on to IIS. The system in available as a GUI and also as a command line system. The tool lets you adjust IIS settings and manage TLS.

On the sChannel screen you can enable or disable different features and protocols. There are five lists you can interact with: Server Protocols, Ciphers, Hashes, Key Exchanges, and Client Protocols. On the Cipher suites page you can reorder cipher suites.

The next most notable feature is that of templates. You can create custom protocol templates that can be run on multiple servers. This helps to make managing multiple sites or applications more convenient. However, it is essential to note that you need to have administrator privileges to use IIS crypto.

Who is it recommended for?

Anyone that uses an IIS server will appreciate this tool. It is available for Windows Server versions up to 2022. The system helps those who aren’t top experts in managing IIS because it makes some of the obscure settings easier to find and update. However, can’t monitor IIS with it.

One of the biggest perks of IIS Crypto is that it is completely free. IIS Crypto is available for Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019. The software is available as a GUI or a command line interface. You can download IIS Crypto free of charge.

9. eG Enterprise

eG Enterprise is a performance monitoring platform with IIS monitoring. eG Enterprise monitors the availability and response time of transactions between IIS websites and users. Monitoring the user experience is eG Enterprise’s primary concern with IIS monitoring. The external agent tests the quality of the user experience in different locations by using request emulation and measuring the response time users are experiencing.

Key Features:

• Server-to-user connection tracking
• Response times
• Load monitoring

Why do we recommend it?

eG Enterprise from eG Innovations is a full stack monitoring package with each type of asset covered by its own module. The Infrastructure Monitoring unit includes IIS monitoring. This is a typical performance monitor that looks at throughput metrics and checks for server resource availability.

The internal transaction monitoring of eG Enterprise breaks down the request rate of individual web transactions, average response times, and the number of aborts by web transactions. With this information, you can pinpoint if your site is living up to expectations or needs to be tweaked further.

Who is it recommended for?

This system is available for installation on Windows or Linux and it is also offered as a SaaS platform. You get either option on a subscription and it is possible to buy the on-premises software outright. The price depends on which features you select – you don’t have to take all of the modules.

eG Enterprise can be deployed on-premises or in the cloud as a license or subscription. However, you need to contact the sales team to view a quote. There is a free evaluation version that supports up to five servers as a cloud-deployed platform. You can download a free trial.

Tools for monitoring IIS server

Once you have IIS set up, you will need to keep ahead of any possible problems. Monitoring a complex application, such as IIS takes a lot of resources and you can reduce the amount of staff that you need to dedicate to the task by introducing automated tools.

SolarWinds Microsoft Management Tools (FREE TRIAL)

SolarWinds Microsoft Management Tools can watch out for key attributes in the performance of IIS. You will particularly need the Web Performance Monitor and the Server and Application Monitor to keep IIS running smoothly. Both of these tools are written to a common platform, called Orion. This enables them to connect together into a contiguous tool. Both tools will also help you manage other Microsoft products, including Exchange Server, Sharepoint, and Office 365.

These monitoring systems are not free to use. However, you can get both of them on a 30-day free trial.

SolarWinds Microsoft Management Tools
Download 30-day FREE Trial

Microsoft Extensions

1. UrlScan 3.1

UrlScan 3.1 is a security tool that helps to protect IIS web servers against cyber attacks. There are a number of added protections that you get from using UrlScan 3.1 that you don’t get from the standard version of IIS.

First, this tool can restrict HTTP requests that will be processed by IIS. Blocking some HTTP requests is advantageous because it protects against requests that can be part of a cyber attack.

Also, UrlScan 3.1 can also filter HTTP values and headers to eliminate the risk of SQL injection attacks. This is done by creating deny rules which prohibit certain requests that could be malicious. To make sure that you don’t block out legitimate connections there is also an AlwaysAllowedUrls section where you can specify URLs that should always be permitted.

For further information, UrlScan 3.1 also provides log files that you can use for more sophisticated analysis. In practice, log files help to provide additional information on errors and other problematic activity on IIS. With this information, you can make changes and deliver a more reliable service.

On account of its security features, UrlScan 3.1 is an essential download. It helps to supplement some of the security limitations that come with an unmodified version of IIS. UrlScan 3.1 supports IIS 5.1, IIS, 6.0, and IIS 7.0 for Windows Vista and Windows Server 2008. You can download UrlScan 3.1 for free here.

2. URL Rewrite 2.1

URL Rewrite is another IIS extension that allows the user to create rules to modify URL rewriting behavior. By configuring URL rules the user can change how HTTP headers, responses, or request headers are rewritten.

In the context of an organization, configuring URL rules is useful as an administrator can configure a rule. URLs can be created that are easy for users to remember and simple to index for search engines.

Having URLs that are easy to index on search engines is a valuable step towards making your site or application available to clients. URLs that are search engine-friendly increase the visibility of your site. You don’t have to write your own rules for this either. There are many rule templates included out-of-the-box to help you get started.

URL Rewrite is also an excellent tool because it updates the user interface in IIS Server Manager. Having an integrated tool that allows you to create new rules helps to manage URLs much more effectively. As an extension for IIS, URL Rewrite 2.1 is available for free. You can download this tool here.

3. IIS Manager for Remote Administration 1.2

IIS Manager for Remote Administration 1.2 is vital for any enterprise looking to manage IIS remotely. You can manage IIS remotely on devices with Windows XPand up.

You can perform the majority of the functions you could on the original IIS without being onsite. Administration privileges can be used to restrict access to those employees who require access.

Managing remotely with IIS Manager for Remote Administration 1.2 is also secure, using HTTP over SSL. There are also automatic downloads where features are downloaded on the local IIS Manager that have already been installed on the web server. This simplifies the manual administrative concerns that come with remote updates.

For teams working remotely or looking to share control of web applications across multiple sites, IIS Manager for Remote Administration 1.2 is an absolute must. IIS Manager for Remote Administration 1.2 is available for IIS 7, IIS 7.5, IIS 8, and IIS 8.5. You can download the tool for free via this link here.

10. Web Deploy 3.6

Web Deploy 3.6 or msdeploy is a tool that integrates with IIS to synchronize IISsites, servers, and applications. When synchronizing, Web Deploy 3.6 can detect the difference between two locations and make only the necessary changes to synchronize servers. Using this tool is more efficient because it identifies which data needs to be synchronized rather than attempting to do everything from scratch.

Another use case where Web Deploy 3.6 is very valuable when deploying web applications. The user doesn’t need any user administrative privileges to deploy updates. However, the server administrator still has the control to delegate tasks to lower-ranked users without administrative privileges. In other words, deploying web applications is much easier and less restrictive than it is in the default version of IIS.

For enterprises looking to synchronize IIS sites and deploy web applications, Web Deploy 3.6 is a must have. Web Deploy 3.6 is available for IIS 7, IIS 7.5, IIS 8, IIS 8.5, and IIS 10. You can download Web Deploy 3.6 for free here.

IIS Resources You Should Know

There are many different sources of valuable IIS information. We have listed some of the best below so that you can learn more about IIS works:

1. iis.net
2. microsoft.com
3. Channel 9.msdn.com
4. stackify.com
5. tecadmin.net
6. Accelebrates.com
7. forums.iis.net

1. IIS.net

If you’re looking for information on IIS then this site should be at the top of your list. This is the official Microsoft IIS site that provides downloads news, updates, and guides on how to use Microsoft IIS.

There are almost 30 different Microsoft-supported downloads from the site. These include IIS Compression, Web Platform Installer, IIS CORS Module, HttpPlatformHandler v1.2, IIS Manager for Remote Administration 1.2, WinCache Extension for PHP, Administration Pack, Advanced Logging, and Application Initialization Module for IIS 7.5.

Blog posts on this website include IIS PowerShell Cmdlets, Getting Started with the IIS CORS Module, and Using Azure Activity Log to Check the Progress of Deployment Slots Swap Operation.

2. Microsoft

Another excellent resource for IIS downloads is the Microsoft website itself. The Microsoft website has a range of IIS downloads and an IIS-specific course for you to incorporate to improve your IIS experience. Some of the most helpful downloads are listed below:

• IIS Database Manager – Allows you to manage local and remote databases through IIS Server Manager
• IIS PowerShell Snap-in – Allows you to automate the administration of website creation and configurations
• Administration Pack for IIS 7.0 – Provides a range of tools and extensions with additional administrative capabilities
• IIS Advanced Logging – Adds real-time logging on the client and server side as well as more data collection capabilities

Unfortunately, we could only find one course relating to IIS, but it is still a valuable resource for when you’re starting out with IIS. The course title is 10972B Administering the Web Server (IIS) Role of Windows Server. The course is available over five days in a classroom or provides you with three-months worth of online access if you choose to do it online

3. Channel 9

Channel 9 is a Microsoft-driven website that is led by a group by a group of developers who discuss various technologies. There is a substantial amount of video content on this site relating to IIS, including the IIS show. However, the site also features tutorial-driven content such as the Extending IIS Configuration video. This site is recommended if you want to get a feel for IIS and older versions of IIS (IIS content hasn’t been updated for some time so this is not suitable for later versions of IIS).

11. Stackify

When it comes to technical content on IIS you’ll be hard-pressed to beat Stackify. Stackify is a company that specializes in providing tailor-made tools and content for developers and other IT professionals. There are currently over 100 articles and tutorials on IIS. Live articles include:

• What is IIS Express: How it Works, Tutorials and More
• How to Read and Customize IIS Log Files
• How to Monitor IIS Performance: From the Basics to Advanced IIS Performance Monitoring

12. tecadmin

Techadmin is a tech blog that was started in 2013 by Rahul Kumar. The site has been designed specifically to help Windows and Linux Network Administrators to get the most out of their tools. There are many different IIS articles on the site that offer some of the most accessible guides you’ll find online. Past articles on IIS include:

• How to Install IIS on Windows 8 and Windows 10
• How to Set Default Document in IIS
• How to Create Website in IIS On Windows
• How to Restart IIS via Command Line

13. Accelebrates

Another excellent resource is Accelebrate IIS training. The Accelebrate website has several IIS courses with an average rating of 4.66 out of 5. These courses are based on 60% labs and 40% lectures so that you get the right balance of building your theoretical and practical knowledge. These are paid courses so you’ll need to contact the company directly to request a price. Accelebrate’s IIS courses are as follows:

• IIS 10 Administration
• IIS 8 Administration

In the IIS 10 Administration course students will learn how to plan for and install an IIS installation, as well as building their knowledge of the overall architecture of IIS. You’ll also learn how to perform day-to-day administration tasks by using IIS Manager, PowerShell, and AppCmd.

7. forums.iis.net

While this is technically part of the IIS site the forum deserves its own section based on how useful it is in its own right. Here you can find a vast range of information on IIS and various features. The forum provides information on general IIS issues, extensions, security, configurations, web farms, performance, and troubleshooting. So if you have a question that you need an answer to, taking a trip to the IIS forums will likely include what you need.

IIS is a Windows Web Server at the Top of the Game

That concludes our guide to using IIS. IIS software can be needlessly complicated sometimes, but once you get the basics down like how to configure your website, then you’re well on your way to nailing the learning curve. The key is to keep at it, as learning to use the second-largest Windows web server in the world is more than worth the initial struggle you face when new to the utility.

Remember that an IIS server can be considerably different depending upon the operating system you’re using. If you don’t see the version of IIS you’re using supported in this article then there are plenty of other online resources covering all facets that you can think of. You’ll have to mix and match, but you’ll be able to piece together more specific guidance for your system.

IIS Web Server FAQs