IIS is a bulky and sophisticated suite of programs. Although they're not more difficult than they need to be, considering what they do, they're also not "entry-level" programs. They require forethought and oversight to make them useful and to manage the security risk that comes with global accessibility. Two familiar laws of nature come into play here:
Applied to IIS, these laws mean that you should not install what you don't need. This is not advice to dismiss out of hand! This is a very serious concern: About half of the security problems that were identified in Windows over the last several years were found in IIS and its accessory programs. The problem is that bugs in IIS can let random outside people examineor worse, modifyfiles on your computer. Your PC could be taken over and used to commit fraud, send spam, or distribute pornography. The less of IIS you activate, the less of a chance some not-yet-identified security flaw will catch you by surprise. Enough lecturing, now: What do you need? World Wide WebThe World Wide Web service delivers static and dynamic Web pages and also offers file and document pickup (via Web pages or directory listings), database interactivity, and just about any other sort of information sharing. This is the core of IIS. If you can't or don't want to use a commercial or other hosting service for your pages, or if you want to host Web pages, develop Web applications, or share folders using the Web model, you should install the WWW service. FrontPage 2000 ExtensionsYou should install the FrontPage 2000 Extensions if you want to do any of the following:
The Extensions provide a way for Web-enabled applications to publish, or deliver, the composed HTML file and graphics to the Web server's online folders. Thus, the author doesn't have to manually drag files into the WWW folders or use the evil FTP service to copy them there. FrontPage Extensions also provide HTML Form processing services, in the form of some special CGI (Common Gateway Interface, or Web server extension) programs that can record or email form responses, as well as index or searching services that let Web site viewers search your Web site for keywords or phrases. They also include as standard equipment a CGI-based Web page system to manage your printers. NOTE If you want to learn more information about using the FrontPage Extensions, I recommend that you pick up a copy of Special Edition Using Microsoft FrontPage 2003, published by Que. TIP If you use Microsoft Office 2000 or XP for collaborative projects, you might want to use the Office Server Extensions in addition to or instead of the FrontPage Extensions. The Office Server Extensions provide all the functions of the FrontPage Extensions, with additional services for Office users. You can get them with the Microsoft Office XP Pro SE or Developer editions. For more information visit support.microsoft.com and search the knowledge base for "Q235027". FTPFTP allows remote users to retrieve or deliver files to your computer. FTP, which is one of the original Internet applications, is available on virtually every Internet-connected system, from mainframe to Macintosh to PC, so it's really handy for file transfers between Windows and non-Windows computers. But the decision to install FTP should not be made lightly because FTP can create some severe security risks. FTP permits two types of access: anonymous and authenticated. Anonymous access doesn't require a password and should be used to share folders for file-pickup only; you must never allow users from the Internet at large to write files to your computer (lest you find one day that someone has made your computer one of the Internet's prime repositories and distributors of pornography). You can allow remote users to deliver files to your computer using authenticated access, but FTP doesn't encrypt passwords sent over the Internet, so this method is a security risk. The login name and password used are exposed while they are in transit over the Internet. In most cases, if you only want to distribute files to the general public, you don't need to install FTP. The World Wide Web service can do the job nicely. The only two reasons to install FTP are as follows:
If you decide to install FTP, you must understand the security consequences and take great care configuring the service and the folders it makes public. We'll discuss the risks and configuration issues in excruciating detail later. You might want to read that discussion before you make your decision. SMTP MailThe SMTP Mail service provided with IIS can be used to send email from Web pages, ASP scripts, and FrontPage or Office Server Extensions. However, this is not a good reason to install it. You can configure mail-sending scripts and the Server Extensions to use your company's or ISP's outbound SMTP mail server. The SMTP service doesn't provide you with mailboxes or any of the other user-side services that an email system needs. If you want to host your own email system, you need to purchase a commercial email server such as Microsoft Exchange Server or download a free or shareware mail server system. The only reason to install the SMTP Mail component is if you want to develop and test applications using the Microsoft Message Queueing (MSMQ) Service. Other ComponentsWith the exception of the Visual InterDev RAD Remote Deployment service, the other components of IIS, such as online documentation and the Management Snap-In, are all handy to have. As Martha Stewart would say, "They are good things." I recommend installing them, and we'll go over their use later. The RAD Remote Deployment service is a testing tool that's only useful if you are a Visual InterDev developer. Everyone else should skip installing it. There is also an option for installing a Scripts directory. If you currently use or develop CGI programs or scripts, install the Scripts directory. Otherwise, follow the "if you don't need it, don't install it" rule and leave it out for now. You can always install it later on if you decide you want to develop script programs. |