Administration of Microsoft Personal Web Service

Personal Web Server Administration

This section provides information about administering and configuring your Web site.

Restricting access to your Web site

You can use Internet Services Administrator, which comes with Personal Web Server, to restrict access to your Web site by restricting access to individual users or groups, and specifying password encryption methods for your Web site.

Requiring a username and password

You can also require users to supply a valid Windows NT username and password. You can have the password sent by using either basic authentication or Windows NT challenge/response authentication.

With both basic authentication and Windows NT authentication, no access is permitted to secure folders unless a valid username and password is supplied. Password authentication is useful if you want only authorized individuals to use your server. You can have both anonymous access and authenticated access enabled at the same time.

Note

Windows NT challenge/response authentication does not work with local security.

Basic authentication

Basic authentication does not encrypt your username and password before transmission. Basic authentication is encoded only by using base64 encoding, and can be decoded easily by anyone with access to your network or to a segment of the Internet that transfers your packets.

Caution

Using basic authentication means that you will send your Windows NT username and password unencrypted over public networks. Intruders could easily learn your username and password.

Windows NT challenge/response authentication

The WWW service also supports the Windows NT challenge/response encrypted-password transmission.

Windows NT authentication encrypts the username and password, providing secure transmission of usernames and passwords over the Internet. It is currently supported only by Microsoft Internet Explorer version 3.0 or later for Windows 95.

Note

Windows NT challenge/response authentication only works over a local area network that has at least one Windows NT domain.

Choose difficult passwords

The easiest way for someone to gain unauthorized access to your system is with a stolen or easily guessed password. Make sure that all passwords used on the system, especially those with administrative rights, have difficult-to-guess passwords.

Limit the membership of the Administrator group

By limiting the members of the Administrator group, you limit the number of users who might choose bad passwords and expose your system.

User lists

If your computer is not set up to use user-level access control, you can control access to your Web site by creating a user list on your computer.

To add users to a user list

In Control Panel, double-click the Personal Web Server icon.
On the Administration tab, click Administration.
On the Internet Services Administrator page, click Local User Administration.
To add users to the user list, click New User.
Type a user name.

Note

When you add users to your user list, you must supply a password for each one. Personal Web Server does not support null passwords at this time.

You can also create groups of users.

To create a group of users

In Control Panel, double-click the Personal Web Server icon.
On the Administration tab, click Administration.
On the Internet Services Administrator page, click Local User Administration.
On the Groups tab, click New Group, and then type the name of the group.

To add users to a group

On the Local User Administration page, click the User/Group tab.
Click a name in the list of users, click a name in the list of groups, and then click Add User To Group.

Notes

If your computer is set up to use user-level or share-level security, you cannot use a user list to restrict access to your Web page.

You can also restrict access to your Personal Web Server folders on a per-folder basis. You can set a folder to be read-only, or allow users to run scripts in that folder, or both.

To restrict access to a folder

In My Computer, right-click the folder you want to restrict access to, and then click Sharing.
Click Shared As, and then click Web Sharing.
Select the Share Folder For HTTP check box.
To make the folder read-only, click Read-Only.
To allow users to run scripts from pages located in that folder, click Execute Scripts.

To restrict access by using Secure Sockets Layer (SSL) and RSA encryption, click SSL. For more information about SSL, see the following section.

Securing Data Transmissions with Secure Sockets Layer (SSL)

Certain protocols use cryptography to secure data transmissions to and from your server. Personal Web Server provides users with a secure communication channel through support for Secure Sockets Layer (SSL) and RSA encryption.

The SSL protocol provides secure data communication through data encryption and decryption. An SSL-enabled server can send and receive private communication across the Internet to SSL-enabled clients (browsers), such as Microsoft Internet Explorer.

SSL is a protocol layer between the TCP/IP layer and the application layer (HTTP). SSL provides:

Server authentication, which assures the client that data is being sent to the correct server and that the server is secure
Encryption, which assures that the data cannot be read by anyone other than the secure target server
Data integrity, which assures that the data being transferred has not been altered

Enabling SSL security on Personal Web Server involves your completing the following steps:

Generate a key pair file and a request file.
Request a certificate from a Certification Authority.
Install the certificate on your server.
Activate SSL security on a Web service directory.

For detailed information about getting a certificate, contact your Certification Authority.

Note

Keep in mind the following points when enabling SSL security:
- You can enable SSL security on the root of your Web home directory ( \Wwwroot by default) or on one or more virtual directories.
- After security is enabled and properly configured, only SSL-enabled clients will be able to communicate with the SSL-enabled Web directories.
- URLs that point to documents on an SSL-enabled Web directory must use HTTPS instead of HTTP protocol. Any hyperlinks using HTTP in the URL will not work on a secure directory.
- SSL security is enabled and disabled by using Internet Service Administrator.

Configuring logging for your Web site

You can track access to your Web site by using log files.

To enable logging

In Control Panel, double-click the Personal Web Server icon.
On the Administration tab, click Administration.
On the Internet Services Administrator page, click WWW Administration.
On the WWW Administration page, click the Logging tab.
Select the Enable Logging check box, and make the changes you want.

The log file is named Inetserver_event.log. If you do not specify a log file directory on the Logging tab, the file is stored in your Windows folder.

To return to the Contents, click here.