Remote Administration

Our final topic for the chapter is using a standard Web browser like Microsoft Internet Explorer for remote administration of IIS sites, servers, and services. Until now we've used only the IIS console for IIS administration. However, IIS requires a remote procedure call (RPC)-based connection and is thus intended primarily for administration on the internal network of a company. By using ISM (HTML), however, administrators can manage most (but not all) aspects of IIS from remote locations, even over an nonsecure connection over the Internet and through a proxy server or firewall (if configured properly). This section looks briefly at ISM (HTML) and how to use it.

The Administration Web Site

ISM (HTML) is an optional component of IIS that is installed by default when you install Windows 2000 Server. Once this component is installed, a new Web site appears in the console tree of the IIS console window. This new Web site is called the Administration Web Site and is basically an ASP application that allows administrators to manage IIS using any Web browser that supports JavaScript.

Enabling Remote Administration

To be able to use ISM (HTML), administrators need only to be able to connect to the Administration Web Site. To make this possible, you need to perform this procedure first:

1. Open the Properties window for the Administration Web Site in the IIS console.
2. On the Web Site tab, find the TCP port number assigned to this site and write it down. (A random port number between 2000 and 9999 is assigned to the site during installation of the component, and you need to know this number to be able to connect to the site using a Web browser.)
3. Switch to the Directory Security tab and open the IP Address And Domain Name Restrictions dialog box. By default, only the local host computer (127.0.0.1) is allowed access to the Administration Web Site: all other IP addresses are denied.
4. Add to the Granted list the IP address of any machines from which you want to be able to remotely administer the server. (Remote clients need to have static IP addresses.)
5. Apply the changes by closing the Properties window for the Administration Web Site. You're ready to go.

Testing Remote Administration

To test your configuration of the Administration Web Site, start Internet Explorer on the machine whose IP address you have granted access and open the URL http://Server_Name:Admin_Port, where Server_Name is the IP address or DNS name of the IIS server, and Admin_Port is the TCP port number you noted down for remote administration.

A dialog box appears requesting your credentials (user name, password, and Windows 2000 domain), after which you will be informed that you are using an nonsecure connection for performing remote administration. (You can configure SSL on the Administration Web Site just as for any other Web site if you prefer more security.)

At this point (if you've done everything correctly), ISM (HTML) should be functional and you should be connected to the Administration Web Site with your browser (Figure 28-29). You can perform most administration tasks using ISM (HTML), but not all. For example, you can't configure certificate mapping using ISM (HTML) because to do so requires coordination with other Windows 2000 services that aren't accessible from a Web browser.

Figure 28-29. The opening page of ISM (HTML) as seen in Internet Explorer 5.