IIS 6.0 Gotchas
Well, Howdy! I'm back and I've
accumulated some stuff during my travels with IIS 6.0. Man, this thing
is faster'n a one-armed paper hanger!
I checked on getting IIS
compression to work on Windows Server 2003. If you follow the directions
from Redmond, you'll get compression enabled, but it will still be "non-working".
There are a couple more items to know that they don't provide any information
1. You must permit the compression ISAPI to
run. IIS 6's security
setup prohibits ISAPI DLLs from running by default, so you need to tell
IIS 6.0 that it's OK to let the compression ISAPI
DLL run. (That's not the only thing you need to enable - same with just
about everything else!).
Open the IIS admin tool, dive down into your server, and right-click
Service Extensions". Choose "Add a new web service extension".
For the extension name, use whatever you want to identify it in the list
. You'll need to add the single required
file, which is \Windows\System32\inetsrv\gzip.dll. This
is the ISAPI DLL responsible for gzip and deflate compression. Check
extension status to allowed" and click OK. You should have a new
web service extension in your list called "Whatever you named it",
and it should show a status of "Allowed".
2. Next, you also need to select the compressible content:
IIS 6's compression system only compresses a limited set of content.
You need to enable compression for the appropriate file extensions (specifically,
.aspx / .asmx / .ascx files for your ASP.NET pages, and any static content
you want compressed as well - .htm, etc.).
You're going to edit the Metabase. There is an option in the IIS6
admin (right click at the _computer_ level) which allows you to edit
the metabase, and it just reloads it for you, like web.config, or ---
you can first shut
down IIS. In the IIS admin tool, right click on your server name in the
left panel, and choose All Tasks -> Restart IIS. On the restart dialog,
choose "Stop internet services" and click OK. When IIS is shut
down, you'll need to edit \Windows\System32\inetsrv\MetaBase.xml (ALWAYS
make a backup first - same with Machine.config, although most of it is
not used with IIS 6.0). Search for "IIsCompressionScheme".
There will be two XML elements, one for deflate and one for gzip. Both
have properties called HcFileExtensions and HcScriptFileExtensions.
These contain a space-delimited list of file extension for compressible
At a minimum, you'll need to add aspx to the HcScriptFileExtensions
list. Note that if the properties are left blank, then all content,
regardless of file extension, will be compressed. That's it!
IIS 6.0 Isolation Modes:
IIS 6.0 is a much different anamule than IIS 5.0, period! While there
appear to be a number of surface - level similarities, the whole thing
is different, from the way it runs to the way its administered. I'll
leave the technical specs to others, but if you start out your journey
kind of respect
creature, I suspect it may help to lessen some of the confusion.
In order to separate and protect ASP.NET applications that run simultaneously,
Internet Information Services (IIS) 6.0 provides two different application
isolation modes. By default, worker process isolation mode is used. However,
IIS 5.0 isolation mode is also provided for backward compatibility. The
following describes the two application isolation modes and how
to set the mode. If you did an UPGRADE install of Windows Server 2003,
you are running in IIS 5.0 mode!
Worker Process Isolation Mode
The default application isolation mode in IIS 6.0 is worker process isolation
mode. In this mode, the process model built into ASP.NET is disabled,
and the worker process isolation architecture of IIS 6.0 is used instead.
Any configuration settings that are specified in the <processModel> element
of the Machine.config file are disregarded, except for the following
To specify values for other process model attributes, you must use the
appropriate application pool setting. For information about setting the
appropriate application pool settings, read up on "Application Pool Settings
for Worker Process Isolation Mode" in the MSDN online or your IIS documentation.
IIS 5.0 Isolation Mode
When IIS 6.0 is in IIS 5.0 isolation mode, the worker process isolation
architecture of IIS 6.0 is disabled and the process model build into
ASP.NET is used for all ASP.NET applications on the computer. In this
mode, the process model settings are specified through the <processModel> element
of the Machine.config file.
For more information on configuring the process model settings when
using IIS 5.0 isolation mode, search for "ASP.NET Configuration" in help.
Setting the Application Isolation Mode
When using IIS 6.0, you can select either worker process isolation mode
or IIS 5.0 isolation mode. The application isolation mode applies globally
to the IIS service and affects all Web applications on the computer.
You cannot apply an application isolation mode to individual applications.
Example: Selecting the application isolation mode in IIS 6.0
Open the IIS management console and expand the local computer by clicking
the plus sign.
Right-click the Web Sites folder, click Properties, and then click the
Under Isolation mode, select or clear the Run Web service in IIS 5.0
isolation mode check box to select either IIS 5.0 isolation mode or worker
process isolation mode, respectively.
Service tab of the Web Sites Properties dialog box
Worker Process Isolation Modes
The identity application pool settings allow you to specify the account
that the worker process uses. By default, the worker process uses the
Network Service account. However, you can override this and specify a
different Windows identity. The following sections describe how to specify
the identity application pool settings.
Example: Specifying Identity Application Pool Settings
The recycling application pool settings are specified on the Identity
tab of an application pool's properties dialog box.
To set the identity application pool settings
Open the IIS management console and expand the local computer by clicking
the plus sign.
Expand the Application Pools folder by clicking the plus sign.
Right-click the appropriate application pool and then click Properties.
The application pool's properties dialog box appears.
Click the Identity tab, and then set the appropriate application pool
Identity tab of application pool Properties dialog box
UserName and Password
UserName and Password are the equivalent application pool setting for
the username and password ASP.NET process model settings, respectively.
These settings are used together to make the worker process run using
the specified Windows identity. By default, the worker process uses
the Network Service account. However, if the Configurable radio button
is selected and the UserName and Password text boxes contain valid
values, the worker process will use the specified Windows identity.
In addition, you must add the Windows identity to the IIS_WPG
To add the Windows identity to the IIS_WPG user group
- On the Start menu, right-click My Computer, and then click Manage.
- Expand the Local Users and Groups node by clicking the plus sign.
- Click the Groups folder. A list of all groups defined on the computer
is listed in the right pane.
- Right-click IIS_WPG and then click Add to group.
- Click the Add button and enter the account you want to use for
the worker process.
The most important thing to remember is that IIS_WPG is a Group,
not a user!
Consequently, identities that IIS is configured to run under must be added
If your application is impersonating via <identity impersonate="true"/>,
the identity will be the anonymous user (typically IUSR_MACHINENAME)
or the authenticated request user. In IIS6 native mode, ASP.Net
uses process model and related configuration from IIS6 (vs in
IIS5 Compatibility Mode, ASP.Net does use its machine.config,
as it does on IIS5). The key to letting IIS6 read that file is to give the IIS_WPG group list access and the exact identity of the
You may be wondering where IIS_WPG comes from
and why you need to set ACLs for two identities instead of one with IIS6.
basically a security change because IIS is no longer "Local System",
which has all privileges on the machine. Now, IIS itself is restricted
to a much less-privileged identity inside of the IIS_WPG
so you can view IIS_WPG as "the realm of resources accessible to
IIS". You have
to set ACLs for the other identity because that's for the user actually
accessing the resource. IIS needs distinct access to the resource
for some other non-user-specific tasks, such as change-monitoring
(for file caching).
I know all the above sounds confusing, because I collected it from KB's
and newsgroup posts from confused people, and I was confused when I read
it. I'm less confused now, and after a couple more Martinis I'll probably
normal... Ain't technology grand?
||Here are some tips to help stop those annoying junk emails:
1-Set your filters. Use an Internet service provider (ISP) with advanced
junk-mail filters to keep out spam while helping to ensure you don't
lose important messages. Look for ISPs that offer easy-to-use, customizable
settings that allow you to choose your level of protection.
2-Be careful about disclosing your e-mail address. Junk mail gets to
your inbox several ways. Some spammers send e-mail to random variations
of e-mail addresses. Others buy address lists from Web sites where you
registered or entered a contest that required you to give your e-mail
address. Spammers can obtain your address from Internet white pages listings,
guest books, newsgroups, resume postings, and chat rooms, too.
3-Help protect your privacy. If you plan to register at a Web site or
If the Web site doesn't explain how they use your information, reconsider
registering your e-mail address and sharing other personal information.
4-Don't reply. Answering spam, even to "unsubscribe," just
confirms your e-mail address is valid. Spammers usually ignore your wish
to unsubscribe and add your e-mail address to their list. Then they send
more spam and/or sell their list, creating more junk mail. Your best
bet is to simply delete the spam messages from your inbox.
5-Forward spam to the originating ISP. Check the e-mail header information
to see what Internet domain the spam came from. If it came from msn.com,
forward the entire e-mail, with headers, to firstname.lastname@example.org. If the spam
originated from another ISP, forward it directly to the postmaster or
abuse alias at that ISP.
6-Stay updated. Learn about the latest news, software, and legislation
related to controlling spam online. TRUSTe http://www.truste.org is an
independent organization dedicated to building consumer trust and confidence
in the Internet. Or visit CAUCE, http://www.cauce.org/ the Coalition
Against Unsolicited Commercial Email.
While there isn't a way to totally stop receiving spam in your mailbox,
by following these tips you can better control the e-mail messages that
you do receive.
A little SQL Squeak
This little gem is one I found at our friends over on SQLServerCentral.com.
You gotta just love this! You look all over the web about how to get
a random record out of a SQL Server table. There's sixteen different
techniques and they all involve at least 20 lines of T-Sql! And then
you find this:
Select Top 1 <Whatever your whole query is> order by newId()
That's IT! Am I talking Greek? That's the WHOLE THING! Try it and weep!
Thanks, guys! Cya!
Dr. Dexter Dotnetsky is the alter-ego of the Eggheadcafe.com forums, where he often pitches in to help answer particularly difficult questions and make snide comments. Dr. Dotnetsky holds no certifications, and does not have a resume. Always the consummate gentleman, Dr. Dotnetsky can be reached at email@example.com. Dr. Dotnetsky's motto: "If we were all meant to get along, there would be no people who wait for all the groceries to be rung up before starting to look for their damn checkbook."