IIS 7 builds upon IIS 6's excellent performance and security record, adding sweeping changes inside and out. The major new IIS 7 features include:
Granular, modular design and components
Reduced default install footprint
Replaced metadata config file with XML
New Admin tools
New troubleshooting and diagnostic tools
Integrated URL string filtering (you no longer need URLScan)
Hidden namespaces (you can hide folders from being accessed)
New authentication methods
Integrated form-based authentication
Authentication can be redirected to external sources (for example, SQL, Oracle)
Integrated ASP.NET and IIS authentication
Microsoft passport authentication is removed
Easier for Web site to run directly using worker process identity
Per Web site or application admin delegation
IUSR_computername (i.e., the IIS anonymous account) is deprecated, although it is now a built-in account with a well-known SID
IIS_IUSRS is a new built-in IIS group with a well-known SID for anonymous connections
IIS_WPG group is deprecated (although it will still appear on many installations)
Many new additional security features
These new features will be covered in more detail in the material that follows.