Comments (0)

Introduction

In IIS 7.0, you can create sites, applications, and virtual directories to share information with users over the Internet, an intranet, or an extranet. Although these concepts existed in earlier versions of IIS, several changes in IIS 7.0 affect the definition and functionality of these concepts. Most importantly, sites, applications, and virtual directories now work together in a hierarchical relationship as the basic building blocks for hosting online content and providing online services.

 This article provides a quick overview of applications in IIS 6.0 so that you can better understand the differences introduced in IIS 7.0. It then explains the concepts of sites, applications, and virtual directories in IIS 7.0 and introduces the <sites> section in configuration.

 This article contains: 

• About Sites, Applications, and Virtual Directories in IIS 6.0
• About Sites, Applications, and Virtual Directories in IIS 7.0
• Sites
• Applications
• Virtual Directories
• IIS 7.0 Configuration: <sites> Section
• Summary

Read more »

Comments (0)

Here is detail explaination about the IIS 7.0 and IIS 6.0 user and group account from IIS team.

Introduction

In previous versions of IIS, we had a local account created at install time called IUSR_MachineName. The IUSR_MachineName account was the default identity used by IIS whenever anonymous authentication was enabled. This was used by both the FTP and HTTP services. 

There was also had a group called IIS_WPG, used as a container for all the application pool identities. We made sure all the appropriate resources on the system had the correct permissions set for the IIS_WPG group during IIS setup so that an administrator only needed to add their identity to that group when they created a new application pool account.

This model worked well, but had its drawbacks: the IUSR_MachineName account and IIS_WPG group were both local to the system it was created on. Every account and group within Windows is given a unique number called a SID (security identifier) that distinguishes it from other accounts. When an ACL is created only the SID is used. As part of our design in previous versions of IIS, we had included the IUSR_MachineName in the metabase.xml file so that if you tried to copy the metabase.xml from one machine to another, it would not work–the account on the other machine would have a different name.

In addition, you could not just ‘xcopy /o’ ACLs from one machine to another since the SIDs were different machine to machine. A work around was to use domain accounts–but that required adding an active directory to the infrastructure. The IIS_WPG group had similar issues with permissions. If you set ACLs on one machine’s file system for IIS_WPG and tried to ‘xcopy /o’ those over to another machine, it would fail. The IIS team heard this feedback and improved this experience by using a built-in account and group in IIS 7.0.

 A built-in account and group are guaranteed by the operating system to always have a unique SID. IIS 7.0 has taken this further and ensured the actual names used by the new account and group will never be localized. For example, regardless of the language of Windows you install, the IIS account name will always be IUSR and the group name will be IIS_IUSRS.

 In summary, IIS 7.0 offers:

• The IUSR built-in account replaces the IUSR_MachineName account
• The IIS_IUSRS built-in group replaces the IIS_WPG group Read more »