Controlling Access with Microsoft IIS

Microsoft’s Internet Information Services (IIS) is a web service that is shipped as part of the Windows NT 4, 2000, and XP operating systems. It is a full-featured web server that does just about anything that you could possibly want (other than run on Unix, that is).

Installing IIS

To install IIS, follow these steps:

  1. Open the “Add/Remove Programs” control panel.

  2. Select “Add/Remove Windows Components.”

  3. Check “Internet Information Services.”

  4. Click “Next.”

IIS installs the following directories on your system:


Root directory for your web server


Root document directory for the web server


Help files


Program files

The directories containing user content will remain on your system after you completely uninstall IIS.


As soon as you install IIS, be sure that you go to the Microsoft Windows Update web site and download all relevant patches for IIS before you start the server. If possible, download the patches from behind a firewall. If you fail to install the IIS patches, your Windows server will almost certainly be broken into and compromised. This is true even if you are behind a corporate firewall or are otherwise “protected.”

Downloading and Installing the IIS Patches

To install the patches, follow these steps:

  1. Log into your Windows system using an account that has Administrator access.

  2. Using Microsoft’s Internet Explorer, open the URL On most ...

Get Web Security, Privacy & Commerce, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.