Alexander’s Blog

By default Internet Information Services (IIS) is installed in c:\Inetpub\wwwroot folder. For security reasons, you should move it to another location, such as a different drive or partition. During installation you are not given the option to move IIS folders to a new location. However, there are a couple of ways of moving IIS to a different location. The first method is not suitable in all cases but is rather simple. The second method is the recommended method because it will update the registry entries appropriately.

METHOD 1
You can create a new folder on a different drive, e.g. E:\MyWebFiles and move all your files there. In IIS Manager simply point to the new location. This method will work for basic HTML code but has its limitation and is not appropriate for all Web sites.

METHOD 2
This is the recommended method. Create an unattend.txt file which will be used to install IIS. For more information on unattended installation of IIS, check out How To Perform an Unattended Installation of IIS 6.0.

Essentially, you need to point to the new path in the unattend.txt file.

[InternetServer]
PathFTPRoot=D:\Inetpub\NewFTProot
PathWWWRoot=D:\Inetpub\NewWWroot

For more information on configuring how to use the unattend.txt file check out the KB article How to Change the Default Installation Paths for FTP and the Web.

Here are some Windows Server 2003 R2 highlights.

1. Windows Server 2003 R2 is an update release of the Windows Server 2003 operating system.

2. R2, built on Windows Server 2003 with Service Pack 1, takes advantage of the stability and security of this proven code base while extending connectivity and control into new areas.

3. R2 offers all the benefits of Windows Server 2003 with SP1 while greatly improving identity and access management, branch server solutions, storage setup and management, and Web platform.

4. Windows Server 2003 R2 is easy to integrate into an existing Windows Server 2003 environment as it has the same application compatibility, manageability, and serviceability as the existing servers with SP1.

5. Windows Server 2003 R2 Microsoft helps customers efficiently extend their business infrastructure over the Web while reducing development and management costs. For the first time with Windows Server 2003 R2 customers get the .NET Framework 2.0 and ASP.NET 2.0, which when combined with Windows SharePoint Services and IIS 6.0, provides a secure, reliable, scalable and easy to manage Web platform.

You can also learn more about R2 on the Microsoft.com Web site:

Launch Page: Launch keynote, demos, web casts
What’s New in R2: High-level overview of Windows Server 2003 R2
Trial software: Download site for Evaluation software
Reviewer’s Guide: Deeper technical Windows Server 2003 R2 content
What’s New in R2 Licensing: Updates to the new R2 licensing model
R2 FAQ: Commonly asked questions
R2 Case Studies: Showcase of customers who have already experienced benefits of R2
Enterprise Edition: Dedicated section to EE
R2 Partners: Showcase of industry partners supporting Windows Server 2003 R2

More info…

Brian Livingston recently addressed the security issue of complete hijacking of your Web site traffic in an article. Here are a couple of excerpts. For the complete article, click on “more details” below.

“If you come to work one morning and find that your company’s traffic from Google has fallen to nothing, a competitor may be redirecting traffic from your site to his. Amazingly, there may be little or nothing you can do to stop this blatant rip-off.

The cause is an obscure HTML command that is interpreted poorly by Google but correctly by Yahoo and some other search engines. Knowing about the trick at least gives you some hope of understanding it — if it happens to you.”

Livingston goes on to say “Yahoo’s solution seems eminently reasonable and workable to me. Rather than experimenting with complex rules to analyze URL hijacking, Google and other search engines should simply adopt the rational 301/302 policy shown above. This problem shouldn’t exist and need not exist. Finding out that your site has suddenly lost most of its traffic because of an HTML trick is a lousy way to start the day.”

More info…

Microsoft is providing a new Clear Cache Feature for Internet Explorer that allows you to clear all Internet Explorer caches. This Internet Explorer add-on serves the same purpose as some other freeware or shareware products, such as ForgetIt.

Clear Cache can be downloaded from Microsoft at no charge here.

We all know that it’s a bad idea to surf the Web on a network server. In fact, it’s not a good idea to surf the Web on any computer where you are logged on as Administrator. A lot of malware causes harm because the user browses the Web while he/she is logged on as an Administrator. Michael Howard has written a tool called “DropMyRights“, which should solve this problem. DropMyRights is a very simple application to help users who must run as an administrator run applications in a much-safer context than that of a non-administrator. It does this by taking the current user’s token, removing various privileges and SIDs from the token, and then using that token to start another process, such as Internet Explorer or Outlook. This tool works just as well with Mozilla’s Firefox, Eudora, or Lotus Notes e-mail.

Simply copy DropMyRights.exe to a folder. Then for each application you want to run in lower privilege, follow the steps described in this article.

More info…