Our final topic for this chapter is using a standard Web browser like Microsoft Internet Explorer for remote administration of IIS sites, servers, and services. Until now we've used only the IIS console for IIS administration. However, IIS requires a remote procedure call (RPC)-based connection and is thus intended primarily for administration on the internal network of a company. By using ISM (HTML), however, administrators can manage most (but not all) aspects of IIS from remote locations, even over a nonsecure connection on the Internet and through a proxy server or firewall (if configured properly). This section looks briefly at ISM (HTML) and how to use it.
Using a Web browser to administer IIS is considerably less secure than using either the IIS console or Terminal Services over an RPC-based connection, so it's best to disable the Web browser capability. If you want to perform remote administration over the Internet, consider establishing a VPN connection to your network and then using the IIS console or Terminal Services.
To be able to use ISM (HTML), administrators need only to be able to connect to the Administration Web Site. To make this possible, you need to perform this procedure first:
You won't be able to remotely administer IIS using the Administration Web Site if you let the IIS Lockdown tool remove the Administration Web Site. Use the IIS console or Terminal Services instead of the Administration Web Site when security is important.
To test your configuration of the Administration Web Site, start Internet Explorer on the machine whose IP address you have granted access and open the URL http://Server_Name:Admin_Port, where Server_Name is the IP address or DNS name of the IIS server, and Admin_Port is the TCP port number you noted for remote administration.
A dialog box appears requesting your credentials (user name, password, and Windows 2000 domain), after which you are informed that you are using a nonsecure connection for performing remote administration. (You can configure SSL on the Administration Web Site just as on any other Web site if you prefer more security.)
At this point (if you've done everything correctly), ISM (HTML) should be functional and you should be connected to the Administration Web Site with your browser (Figure 29-29). You can perform most administration tasks using ISM (HTML), but not all. For example, you can't configure certificate mapping using ISM (HTML) because to do so requires coordination with other Windows 2000 services that aren't accessible from a Web browser.
Figure 29-29. The opening page of ISM (HTML) as seen in Internet Explorer 5.