As an IIS administrator it sometimes gets downright annoying to have to fend off all the insults from Apache admins who claim innate server superiority.
Generally, the discussion about Web administration starts with all the various security holes that plague IIS and the negative press the platform has garnered over the last year. Then it invariably moves to a discussion about how Netcraft and other stats sites show Apache as the dominant server on the Web, how a certain big site uses Apache, or how there are so many cool modules to add to Apache.
Pointing out that scads of non-identified corporate in-house servers run IIS; that it, too, is a free server (as it comes with the operating system); or that there are in fact plenty of cool add-ons for IIS (including many that provide source code) does little to dissuade these server chauvinists from their opinion.
Rather than whining about rude Apache admins, however, I thought a more useful response might be to simply to write down some of the methods I’ve found to improve IIS. So, without further delay, here are my top ten tips for making the most of your IIS.
Tip 10: Customize Your Error Pages
Although this is quite simple to do, few people seem to take advantage of error page customization. Just select the “Custom Errors” tab in MMC and map each error, such as 404, to the appropriate HTML or ASP template. Full details can be found here. If you want an even easier solution — or if you want to let developers handle the mapping without giving them access to the MMC — use a product like CustomError.
Tip 9: Dive Into the MetaBase
If you think Apache is powerful because it has a config file, then take a look at the MetaBase. You can do just about anything you want with IIS by editing the MetaBase. For example, you can create virtual directories and servers; stop, start and pause Websites; and create, delete, enable and disable applications.
Microsoft provides a GUI utility called MetaEdit, which is somewhat similar to RegEdit, to help you read from and write to the MetaBase. Download the latest version here. But to really impress those UNIX admins — and to take full advantage of the MetaBase by learning how to manipulate it programmatically — you’ll want to try out the command-line interface, officially called the IIS Administration Script Utility. Its short name is adsutil.vbs and you’ll find it in C:inetpubadminscripts, or in %SystemRoot%system32inetsrvadminsamples, together with a host of other useful administrative scripts.
A word of caution though: just like Apache conf files, the MetaBase is pretty crucial to the functioning of your Web server, so don’t ruin it. Back it up first.
Tip 8: Add Spell Checking to Your URLs
Apache folks always brag about cool little tricks that Apache is capable of — especially because of the wealth of modules that can extend the server’s basic functionality. Among the coolest of these is the ability to fix URL typos using a module called mod_speling.
Well, thanks to Port80 Software, it now appears that IIS admins can do this trick too, using an ISAPI filter called URLSpellCheck. You can check it out right on their site, by trying URLs like www.urlspellcheck.com/fak.htm, www.urlspellcheck.com/faq1.htm — or any other simple typo you care to make.
Tip 7: Rewrite Your URLs
Cleaning your URLs has all sorts of benefits — it can improve the security of your site, ease migration woes, and provide an extra layer of abstraction to your Web applications. Moving from ColdFusion to an ASP-based site, for example, is no big deal if you can remap the URLs.
Apache users have long bragged about the huge power of mod_rewrite — the standard Apache module for URL rewriting. Well, there are now literally a dozen versions of this type of product for IIS — many of them quite a bit easier to use than mod_rewrite, which tends to presume familiarity with regular _expression arcana. Check out, for example, IIS ReWrite or ISAPI ReWrite. So brag no more, Apache partisans!
Tip 6: Add Browser Detection
There are many ways to build Websites, but to assume that everybody has a certain browser or screen size is just plain stupid. Simple _JavaScript sniff-scripts exist for client-side browser detection, but if you’re an IIS user you can do better with a product called BrowserHawk from CyScape. The Apache world doesn’t really have something comparable to this popular, mature and well-supported product.
Speaking of CyScape, they’ve recently added an interesting-looking related product called CountryHawk that helps with location detection, but so far I haven’t had the language- or location-sensitive content to warrant trying it out.
Tip 5: Gzip Site Content
Browsers can handle Gzipped and deflated content and decompress it on the fly. While IIS 5 had a gzip feature built-in, it’s pretty much broken. Enter products like Pipeboost that give us better functionality — similar to what Apache users have enjoyed with mod_gzip. Don’t waste your bandwidth — even Google encodes its content, and their pages are tiny.
Tip 4: Cache Your Content
While I’m on the topic of improving performance, remember to make your site cache-friendly. You can set expiration headers for different files or directories right from the MMC. Just right click on an item via the IIS MMC, flip to the “HTTP Headers” tab, and away you go. If you want to set cache control headers programmatically — or even better, let your site developers do it — use something like CacheRight. If you want to go further and add reverse proxy caching, particularly for generated content, use a product like XCache — which also throws in compression.
It might involve more time and expense to take full advantage of caching, but when you watch your logs shrink because they don’t contain tons of pointless 304 responses, and your bandwidth consumption drop like a stone — even while your total page views increase over the same period — you’ll start to understand why this particular tip is so important. Cache-friendly sites are quite rare, but there is plenty of information available online about the enormous benefits to be had by doing it right. Check out Brian Davidson’s page, this nifty tutorial from Mark Nottingham, and what AOL has to say on the subject.
Tip 3: Tune Your Server
Tuning IIS is no small topic — whole books and courses are dedicated to it. But some good, basic help is available online, such as this piece from IIS guru Brett Hill, or this Knowledge Base article from Microsoft itself. However, if you don’t feel like getting your hands dirty — or can’t afford the time and expense of turning yourself into an expert — take a look at XTune, from the makers of XCache. Its performance-tuning wizards step you through the process of tuning your IIS environment, and make expert recommendations along the way.
Tip 2: Secure Your Server with Simple Fixes
Sure people are going to attack sites, but you don’t have to be a sitting duck if you’re willing to make even a small effort.
First off, don’t advertise the fact that you run IIS by showing your HTTP server header. Remove or replace it using something like ServerMask — probably the best twenty-five bucks you’ll ever spend. You can go further than this by removing unnecessary file extensions to more effectively camouflage your server environment, and scanning request URLs for signs of exploits.
There are number of commercial products that carry out user input scanning, and Microsoft offers a free tool called URLScan that does the job. URLScan runs in conjunction with IISLockDown, a standard security package that should probably be installed on every IIS server on the planet. These are simple fixes that can pay off big-time, so implement them now!
Tip 1: Patch, Patch, Patch!
Okay, we in the IIS world do have to patch our systems and make hotfixes. However, as a former Solaris admin I had to do the same thing there, so I’m not sure why this is a big surprise. You really need to keep up with the patches. Microsoft is of course the definitive source, but if you can also use the highly-regarded www.cert.org. Simply search on “IIS”.
Well there you have it: 10 tips for IIS admins to improve their servers. Some of the tips might become obsolete once IIS 6 is gold, but, for now at least, W2K and NT IIS admins should apply a few of these today and sleep a little better at night.
Frequently Asked Questions (FAQs) about IIS Tips
What is the purpose of the adsutil.vbs file in IIS?
The adsutil.vbs file is a VBScript program that provides a command-line interface for managing IIS. It is used to create, delete, start, stop, pause, and configure IIS services. This file is typically located in the C:\Inetpub\AdminScripts directory. It is a powerful tool that can be used to automate many administrative tasks in IIS.
How can I find the relative path to the adsutil.vbs file?
The relative path to the adsutil.vbs file can be found by navigating to the C:\Inetpub\AdminScripts directory. If the file is not located in this directory, it may have been moved or deleted. You can search for the file using the Windows search function or by using the command prompt.
What is the function of the IIS 6.0 SDK?
The IIS 6.0 Software Development Kit (SDK) provides tools, documentation, and samples to help you develop IIS applications and extensions. It includes components for developing and testing applications that use IIS and the .NET Framework.
What should I do if the adsutil.vbs file is missing?
If the adsutil.vbs file is missing, it may have been accidentally deleted or moved. You can restore the file from a backup or reinstall IIS to replace the missing file. If you continue to experience issues, you may need to seek assistance from a professional or Microsoft support.
What are some common errors related to the adsutil.vbs file?
Some common errors related to the adsutil.vbs file include “Failed to find adsutil.vbs” and “Operation failed”. These errors typically occur when the file is missing or cannot be accessed. They can often be resolved by locating or restoring the missing file.
How can I resolve errors related to the adsutil.vbs file?
Errors related to the adsutil.vbs file can often be resolved by locating or restoring the missing file. If the file is not missing, the error may be caused by incorrect permissions or a corrupted file. In these cases, you may need to adjust the file permissions or reinstall IIS.
What is the purpose of the C:\Inetpub\AdminScripts directory?
The C:\Inetpub\AdminScripts directory is where IIS stores administrative scripts, including the adsutil.vbs file. These scripts are used to manage and configure IIS services.
How can I use the adsutil.vbs file to manage IIS services?
The adsutil.vbs file can be used to manage IIS services through the command-line interface. You can use it to create, delete, start, stop, pause, and configure IIS services. The specific commands and syntax can be found in the IIS documentation.
What are some common IIS administrative tasks that can be automated using the adsutil.vbs file?
Some common IIS administrative tasks that can be automated using the adsutil.vbs file include creating and deleting websites, starting and stopping services, and configuring server settings. The specific commands and syntax for these tasks can be found in the IIS documentation.
Where can I find more information about using the adsutil.vbs file and managing IIS services?
More information about using the adsutil.vbs file and managing IIS services can be found in the IIS documentation. You can also find helpful information and tutorials on the Microsoft website and in various online forums and communities.
Matt FoleyMatt is a former Solaris sysadmin who was turned to the "dark side" and is now works for a large southern California hosting and Web agency. He quite likes Windows now, in spite of himself.
