The process for migrating a Web site hosted on IIS 4.0 consists of preparing for and performing the migration. During the preparation phase, you gather information about your existing server running Windows NT Server 4.0 and about the Web site that you are going to migrate to IIS 6.0. This information will be used as input when you run the IIS 6.0 Migration Tool. Then, you perform the migration with the IIS 6.0 Migration tool. After the migration is complete, you must change several settings in the IIS metabase. You can also enhance security by further configuring your server after migration.
The procedure for migrating one of your existing Web sites from IIS 4.0 to IIS 6.0, as described in this chapter, is based on the following assumptions:
Your existing server is a dedicated Web server . A dedicated Web server is a server that is being used only as a Web server and not for other purposes, such as a file server configured to run the File Transfer Protocol (FTP), a mail server configured to run the Simple Mail Transfer Protocol (SMTP), or a database server running Microsoft SQL Server .
In many small and medium- sized organizations, a single server supports multiple roles. For example, combining a Web server with a file or print server is a common scenario. If your Web server will also function as a file or print server, you should still be able to migrate your IIS 4.0 Web site by using the process described in this chapter. For more information about migrating a file or print server, see Migrating File and Print Servers to Windows Server 2003 in this book.
The Web site that you want to migrate to IIS 6.0 is a public Internet site that is configured for Anonymous authentication only, using the IUSR_ computername account.
The Web site that you want to migrate to IIS 6.0 runs correctly on IIS 4.0.
The Web site that you want to migrate to IIS 6.0 contains mostly static content (or files that have .htm or .html file name extensions), with some dynamic content, which can include ASP.
The Web site that you want to migrate to IIS 6.0 uses FrontPage Server Extensions from Microsoft.
The content of the Web site that you want to migrate to IIS 6.0 is stored in one of two locations:
The home directory and subdirectories of the Web site
A virtual directory
The Web site that you want to migrate to IIS 6.0 does not contain any third-party or custom applications, such as an e-commerce application.
If the Web site uses Secure Sockets Layer (SSL), one certificate is assigned to the Web site.
If your Web server and site do not meet these requirements, you cannot perform the Web site migration process as described in this chapter. For more information about migrating Web sites to IIS 6.0, see Migrating IIS Web Sites to IIS 6.0 in Deploying Internet Information Services (IIS) 6.0 of the Microsoft Windows Server 2003 Deployment Kit (or see Chapter 6: Migrating IIS Web Sites to IIS 6.0 on the http://www.microsoft.com/reskit).
The following quick-start guide shows the steps of the Web site migration process. You can use this guide to identify the steps for which you need to gather additional information to complete, and then you can skip the information with which you are already familiar.
Determine hardware compatibility with Windows Server2003.
Gather the following information about your server and Web site:
The name of the source server
The friendly name of the Web site
Whether the Web site is compatible with worker process isolation mode
Whether the Web site content requires Inetinfo.exe
Whether ASP pages use relative parent paths
Before running the IIS 6.0 Migration Tool, identify the following:
Tasks that are automated by the migration tool
Subsequent tasks that must be performed manually
Install and configure Windows Server2003.
Install and configure IIS 6.0.
Verify connectivity between the source server and the target server.
Install the IIS 6.0 Migration Tool.
Verify that clients are not accessing the Web site.
Run the migration tool.
Verify that the migration tool ran successfully.
Modify IIS 6.0 metabase properties that refer to the location where Windows is installed.
Enable ASP and FrontPage Server Extensions.
If applicable for the Web site, migrate server certificates for SSL.
Migrate Microsoft FrontPage users and roles.
Verify that the Web site migrated successfully.
Back up the target server.
Enable client access.
Further reduce the attack surface of the Web server by configuring Windows Server 2003 security settings:
Disable and rename the Administrator account.
Convert all disk volumes to the NTFS file system.
Remove NTFS permissions that are granted to the Everyone group on the root folder of all disk volumes.
Remove any compilers or development environments.
Disable NetBIOS over TCP/IP.
Prevent unauthorized access to the Web site by doing the following:
Store Web site content on a dedicated disk volume that does not contain the operating system.
Set IIS Web site permissions.
Set NTFS file system permissions.
Maintain Web site security by doing the following:
Obtain and apply current security patches.
Enable Windows Server 2003 security logs.
Enable file access auditing for Web site content.
Configure IIS logs.
Enable IIS logging.
Review security policies, processes, and procedures.
All of the step-by-step procedures that are required to complete the Web site migration process are documented in this chapter. Each procedure has been carefully developed and tested to help you complete the Web site migration process as quickly and simply as possible.
You must be a member of the Administrators group on both the source server and the target server to perform the procedures in this chapter.
IIS Manager is a Microsoft Management Console (MMC) snap-in. This graphical interface serves as a portal for configuring and managing IIS 6.0. With IIS Manager, you can configure IIS security, performance, and reliability features. Some of the specific tasks that you can complete from IIS Manager include adding or deleting Web sites; starting, stopping, and pausing Web sites; backing up and restoring server configurations; and creating virtual directories for better content management. In IIS 4.0, this tool was called the Internet Service Manager.
To start IIS Manager
From the Start menu, point to Administrative Tools , and then click Internet Information Services (IIS) Manager .
To start IIS Manager from the Run dialog box
From the Start menu, click Run .
In the Open dialog box, type inetmgr , and then click OK .
As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type the following: runas / user :administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc .