Configuring IIS 8 Remote Administration

 IIS, Windows Server 2012  Comments Off on Configuring IIS 8 Remote Administration
Mar 132013
 

Remote Management for IIS 8 on Windows Server 2012 is a great way to connect to your site and accessing IIS features without logging in to the server.  It is straight forward to configure but requires a few steps to get working properly. An alternative scenario would be if you are using a 3rd party for Windows shared hosting and you do not have administrative access to the server. You could then use IIS Manager for Remote Administration on your PC to connect to the site and maintain it.

\r\n

Installing the Management Service on the Server

\r\n

With Windows Server 2012 and IIS 8 there are 2 ways that you can have this service installed. The first way is using the Server Manager and launching the Add Roles and Features Wizard.

\r\n

image

\r\n

 

\r\n

Once the Add Roles and Features Wizard opens scroll down to the Web Server (IIS) role and expand the management tools section. Click the checkbox next to Management Service and then click Next to complete the wizard.

\r\n

image

\r\n

 

\r\n

Once installation completes you will see that it has been added to the IIS Roles and Features in Server Manager.

\r\n

image

\r\n

 

\r\n

Alternatively you can install the Management Service using the Web Platform Installer. Open IIS Manager on the server and click Get New Web Platform Components.

\r\n

image

\r\n

 

\r\n

The Web Platform Installer will open up. You can filter on products named IIS and then sort the name column. In the list you’ll see the IIS Management Service. Click Add then then complete the wizard. It will take just a few moments to complete. The wizard will display a confirmation page upon completion. You can also double check that it has been installed successfully in the IIS Roles and Features in Server Manager as shown above..

\r\n

image

\r\n

\r\n

 

\r\n

Configure IIS for Remote Administration

\r\n

After the remote management service has been installed on the server you need to enable it and then assign user permissions before users can connect remotely. In IIS Manager at the server level scroll down to the Management groupHere you can add IIS Manager Users, check permissions for existing users, control Feature Delegation, and maintain the Management Service settings. Click on Management Service to configure remote administration and enable the service.

\r\n

image

\r\n

 

\r\n

Click Enable remote connections and then select whether or not you want to allow users to access the server using Windows credentials only or allow users with Windows credentials and IIS Manager credentials. Assign the IP address you want the service to be on and the default port 8172. If you have your own certificate you can assign that otherwise there is a default certificate available to be used. For additional security you can implement IP address restrictions. After saving your changes be sure to click Start. If you decide to change any settings later you’ll need to stop the service first before you can make any changes.

\r\n

image

\r\n

\r\n

 

\r\n

Allow Users to Access the Site Remotely

\r\n

User permissions are assigned at the site level. Go to the site you want to allow remote access to and click IIS Manager Permissions.

\r\n

image

\r\n

 

\r\n

Click Allow User.

\r\n

image

\r\n

 

\r\n

To add a Windows user click Select and then enter their name and then click Ok.

\r\n

image

\r\n

Remote administration has now been enabled and configured on the server. You have enabled a user to remotely connect to IIS. At this point the server configuration is complete. The only thing remaining is to install IIS Manager for Remote Administration on your PC.

\r\n

 

\r\n

Configure Client Settings

\r\n

On your PC use the Web Platform Installer to install IIS Manager for Remote Administration.

\r\n

http://www.iis.net/downloads/microsoft/iis-manager

\r\n

image

\r\n

 

\r\n

Once IIS Manager is installed on your PC then you can try connecting to the site. Simply right-click on the globe icon under Connections and then select Connect to a Site.

\r\n

image

\r\n

 

\r\n

Enter the server address where your site is hosted and the site name.

\r\n

image

\r\n

 

\r\n

Enter the username and password for authentication.

\r\n

image

\r\n

 

\r\n

Click Finish and then you’ll see your site in IIS Manager.

\r\n

image

\r\n

 

\r\n

If you look at the bottom right of the window you’ll see that you’ve connected securely to the remote site.

\r\n

image

\r\n

 

\r\n

Summary

\r\n

This walkthrough has covered how to install and configure Remote Administration on IIS 8 as well as using the Web Platform Installer to install the IIS Manager for Remote Administration on your PC.  Check with your Windows shared hosting provider if you have any difficulty connecting to your site. Depending your hosting providers delegation settings certain IIS features may not be enabled for remote administration. Thanks for reading.

\r\n

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website

Configuring FTP Over SSL with IIS 8

 IIS, Windows Server 2012  Comments Off on Configuring FTP Over SSL with IIS 8
Feb 092013
 

In 2011 the FTP protocol had it’s 40 birthday. Despite it’s age it is still a widely used file transfer technology however it wasn’t originally designed for encryption. It has been shown to be vulnerable to brute force attacks, packet capture, and spoof attacks as well as a few other attack vectors. Now with IIS 8 on Windows Server 2012 encrypting an FTP session has never been easier. Using the IIS Manager with just a few clicks you can enable FTPS also known as FTP Over SSL on your site and take advantage of encrypted communication. In this walkthrough I am going to configure FTPS on IIS 8 using my personal SSL certificate which I obtained from a 3rd party SSL vendor. I am not going to cover how to install an SSL certificate. To get started launch IIS Manager from the Start Screen.

image

 

Once IIS Manger is open we first need to add FTP Publishing to our site. This is straight forward and can be completed in mere moments. To do this right click on your site and select Add FTP Publishing. The Add FTP Site Publishing wizard will launch taking us through the few remaining steps.

image

 

There are a few options which need to be configured. Select the IP address you want to use for the site. Under the SSL setting, select if you want to allow connections without SSL or force every connection to use it. For the highest level of security you’ll want to select Require SSL. Next pick the SSL certificate that you want to use for the encryption. Click Next to continue.

image

 

Now we’re going to configure the Authentication and Authorization settings. Check Basic Authentication and leave Anonymous Authentication unchecked. Under Authorization you can specify local users and groups that are allowed to access the site. On my test server I have a user called “ftpuser2” and we want Read and Write permissions enabled. Click Finish and then the window will close. FTP Publishing has been added to the site. Next we’ll need to configure the FTP client before we can connect.

image

 

Configuring your FTP client for FTP over SSL is just a matter of changing the protocol type in your client settings.  First I’ll do a test without making any client changes. In the previous step I choose to force all connections to use FTPS so we should get an error of some kind. Sure enough as seen in the FTP log below, the server forcibly closes the connection when it detects that we’re not using FTPS.

image

 

For my FTP client I’m using an old version Cute FTP Pro so depending on which FTP client you are using your menus may look different. Below I am selecting FTP with SSL Explicit.

image

 

Now when I try to reconnect to the server I’m prompted to accept the SSL certificate before I can continue. If I do not accept the certificate then the connection will be closed.

image

 

After clicking Accept we are logged into the FTP site and are files are displayed as expected. Looking at the FTP log we see the SSL session is being established and the session is encrypted.

image

In summary, FTP is a great file transfer technology but is unencrypted in native form. Configuring FTP over SSL with IIS 8 on Windows Server 2012 is an easy and straight forward way encrypt your FTP sessions and increase your security. Thanks for reading.

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website

Jan 302013
 

Configuring and using FTP with IIS 8 on Windows Server 2012 is very easy and straight forward. If you ever used FTP 7 that was released with Windows 2008 then the GUI will be familiar to you. An FTP virtual directory is quite handy when you need to provide an FTP user access to files which are not in their FTP root folder. If you’ve ever created one, then you know the FTP user is usually not able to physically “see” the virtual directory when they login. To get to the new folder they have to manually change the path using their FTP client. I will show you a simple trick so the virtual directory will be visible to the FTP user.

image

 

Open the IIS 8 Manger. Depending on your needs one can have FTP configured in a few different ways. Your server may have FTP publishing configured on each site for example. My test server only has 1 IP address available so I’ve configured a “master” FTP site and have FTP user access configured accordingly for each site that is being hosted. In this example I have “ftpuser2” logging into a folder called c:\domains\domain2.com. As one would expect this is the folder where the user can maintain all their web site files.

image

 

Probably one of the most common requests with web hosting is having access to the web site traffic logs. These logs are typically stored outside of the FTP path somewhere else on the web server.  On my test server they’re stored in the folder C:\wwwlogs and the logs for domain2.com are located in the folder W3SVC3. Ordinarily on a locked down web server no FTP user would ever be able to access this location.

image

 

So let’s walk through how to provide “ftpuser2” FTP access to his site’s traffic logs. In the IIS Manger right-click on the FTP user in question and then right-click again on Add Virtual Directory.

image

 

This will open the Add Virtual Directory window. Enter the Alias you want to use and browse the physical path to which you want to provide FTP access.

image

 

One additional step is to add the FTP user to the folder permissions. That is straight forward so I’m not going to walk through that. So now ftpuser2 has the necessary permissions to read the log files in the W3SVC3 folder and access them using their FTP client. So what happens when we log in via FTP? Well nothing.

image

 

Why don’t we see our new virtual directory with the traffic logs? We can see them if we manually change the path in the FTP client to /wwwlogs. But having to manually change paths is a bit of a pain. And trying to explain that to someone who may not be technical is even more complicated. So what’s the solution?

image

The solution is to create an empty folder in the root of the FTP user’s FTP path that matches the alias of our FTP virtual directory. With this dummy folder in place, when the FTP user logs in and clicks it they will automatically be redirected into the path of the virtual directory and see all the files. What’s really cool about this technique is that works with legacy versions of IIS as well as IIS 7 and IIS 8.

image

So now we’ve created a far more intuitive experience for the FTP user to access files and folders outside of their FTP root anywhere on the server –provided they have permissions to access the folder of course. I hope you’ve enjoyed this walkthrough. Thanks for reading.

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website