IIS Answers tm                                                                                          
Support Central for Internet Information Server 4 and 5   

IIS Answers Top 10 FAQ
How to Correctly Install IIS 4.0

Ultimate IIS
hands-on, fast track, up-to-date training on IIS 4 and 5

IIS Lists
moderated email discussions on IIS related topics

About Brett Hill

Contact Information

IIS Administrator Newsletter
published by Windows 2000 magazine. See IIS Informant articles.
There is a lot of misinformation about this topic. That's understandable since IIS has been around for quite a long time and has been through a few changes. As a result, there are quite a few opinions about the 'best' technique for doing a clean install. There are several choice points along the way that all seem to lead to stable installations. However, one misstep and you're back to square one.

This procedure will give you the latest and greatest of the various components that go into using and supporting IIS. It does not cover installing with or on an Exchange or SQL server.

Step 1: Install NT4.

We can all agree that this is required. If it's not NT then you're only going to be able to install Personal Web server. During the NT install, you will be asked if you want to install IIS. If you do, IIS 2.0 will be loaded. Should you or shoudn't you? It doesn't seem to matter either way.

Before you launch headlong into the installation, give some thought to optimizing your system through thoughtful partitioning. Many IIS servers are setup with NT and the Option Pack programs on the C: partition, IIS webs, ftp sites, and supporting software and files on D:, and if you have a database, that can go on still another partition. In this way, you have a clearly defined area on you D drive where web users are reading files and your C drive is reserved primarily for System access. There are exceptions of course where users will need access to the C drive (Frontpage Server extension programs come to mind),  but that that by in large should be limited to NTFS (R)ead and e(X)exute permissions.

Where possible, you may want to install anything related to IIS on the D drive to group all those services together. 

Also, give some thought to where you want your log files. You may want them on a different drive than your system and off your D drive for efficiency and security. 

One recommendation I've heard is to put logs on a mirrored disk set and the Web contents on a strip set. 

I haven't done any benchmarking on logging overheard. When the logging cache gets full, the cache gets flushed to disk. You can't control how often that occurs and logs must be on the local drives as they may be written out under the security context of the system account which can't access the network. Some people think logging is adds neglible overhead. (See Technet Chats). Others think you need to think about optimizing logs for writing to mitigate the performance hit.

The point is, think about how you want to setup your server before you start accepting the defaults.

A word on the NT role. If you install IIS on a domain controller, consider making it a unique domain. It is not generally recommended to install an IIS server on an active domain controller. The IUSR account, in that case, is a member of Domain Users. Furthermore it exposes the services on the domain contoller which you rely on for authentication of working users, to failures caused by or through IIS. If your web server is connected to the internet, it should have the absolute minimum connection to your internal network as possible.  

If you make recovery disks during the install, it's imperative they be updated after it's all over, otherwise you'll be an very unhappy sysadmin should you have to restore from your very downlevel recovery disks.

Finally, consider well the name you give your server. It may not make that much difference, but once you install IIS, you can't simply change the name of the server.  The server's name is in the IIS Metabase and changing the name of the server via TCP/IP properties doesn't update the Metabase. There can be problems with unspecified operations that relate the computer name if this is changed after IIS is installed.

Step 2: Install Internet Explore 4.01, service pack 1 or  2

IE 4.01 SP1 is what is installed from the Option Pack 4 CD. It is evidently not absolutely essential to install SP2 for IE4.01, but the 4.01 Service Pack 2 is recommended. Do the standard install. Do not install Active Desktop.

 Step 3: Install Service Pack 3

Now why not install SP 4,5,6 etc. ? You can, but this is the official recommendation. In fact, in the instructions for installing Site Server, it expressly states not to install anything but SP3, but they don't say why. I have installed IIS doing SP6a instead of SP3 and it seems to work fine, but if you want to do it by the book, you can find SP3 here: http://www.microsoft.com/ntserver/nts/downloads/archive/NT4SvcPk3/default.asp. If you installed IIS during the NT install, SP3 will upgrade you to IIS 3.

You can find IE 4.01 SP2 here: http://www.microsoft.com/windows/ie/download/all.htm?bShowPage

Internet Explorer 5 is not required and in some cases (Site Server Install) not recommended. Installing IE5 will, for example, keep Posting Acceptor from accepting anonymous accounts.

Step 4: Install the NT 4 Option Pack 

You should always choose to do a custom install.

  • If you are prompted, perform an "Upgrade Plus" installation.
  • Common optional components are Index Server, Windows Scripting Host, News server, and under the IIS options, SMTP server. These options are not installed by default.  You can always go back and add an option later if you miss something. Certificate Server is another option. I'm not going to cover that here as it is covered in another article but don't install it now. Which components you choose depends a lot on the specifics of your situation. If you are installing IIS in a cluster, some services are not compatible. (see Kb articles).
  • Do not install the FrontPage 98 Server Extensions. (The FrontPage Server Extensions are installed later in the process.)
  • Configure MTS for local (not remote) administration.

Step 5: Apply the latest service pack, SP6a as of this writing.

Be advised that there are Option Pack fixes included in SP4 that are not installed. You need to install SP5 or greater to get them. See the SP5 readme for more information.

PLEASE READ THE README FILES on the service packs. There have been major fixes in every service pack for many Option Pack components. Many important fixes are not documented (such as the bug that caused ASP to break with multiple processors. Fixed in SP5, but not documented in the release files). Very important information is also included regarding possible problems with several services including Certificate Server (which will likely break if you installed it during the initial install and then apply a Service Pack greater than 4.

Step 6: Update MDAC (Microsoft Data Access Components).

During the IIS install, if you installed MDAC, you got version 1.5. This will still be1.5 even if you applied service packs. Don't believe me? Then at this point download the  Component Checker tool and check it out. It get's even worse in that if no matter what version of MDAC you had before you added IIS, you likely downgraded it by during the IIS installation (see KB Q247553).

There are several version in use. You can find a list at http://www.microsoft.com/data/mdac21info/manifest_intro.htm.

The latest release 2.6, runs on W2K and NT 4.You can find it at http://www.microsoft.com/data/download_250rtm.htm  

Version 2.12 SP2 is the previous version and is available at http://www.microsoft.com/data/download_21242023.htm

Be advised that upgrading MDAC has been known to break the brain of many a good administrator. On a new install like we are outlining here, the risks are not no great, but if you have a running system and are considering upgrading, *BE SURE* you have a complete restorable image of your drive first and of course, never do this on a production server without testing. Read the online manifests or you might miss something like 

"Customers have reported several major performance issues with the Microsoft Access ODBC driver that ships with MDAC 2.1. Performance drops up to 400% between the Jet 3.5-based ODBC driver and the Jet 4.0-based ODBC driver have been reported."
or the ever popular "known issues":
Known Issue: ODBC Jet driver in multithreaded environments
Component: ODBC Jet driver
When running in a multithreaded or stress environment such as IIS, it is recommended not to use ODBC because of issues with threading in the driver as well as the Jet engine. The recommendation for this situation is to work with the OLE DB provider for Jet. (see: http://www.microsoft.com/data/MDAC21info/MDAC21sp2manifest.htm)

Regardless, you will want one of these two version of MDAC installed after you apply SP6a.

Step 7: Install Frontpage Server Extensions. You will probably want to Frontpage 2000 Server Extensions as they are downward compatible (allegedly). Find them at http://msdn.microsoft.com/workshop/c-frame.htm#/workshop/languages/fp/default.asp.

Be sure to read the FP 2000 Resource kit as FP extensions does strange and unnatural things with permissions. Do not install them unless they are required.

 Be sure to always get the latest and don't forget any relevant hotfixes or service packs.

Step 8: Update ADSI (Active Directory Services Interface)

ADSI is currently at version 2.5, which you can find at http://www.microsoft.com/NTWorkstation/downloads/Other/ADSI25.asp

Step 9: Update WSH (Windows Scripting Host).

WSH can be found at http://www.microsoft.com/msdownload/vbscript/scripting.asp.

 Step 10: Install any remaining Option Pack services

 If you skipped any services, like Certificate Server or SMTP when you installed IIS then go back and install those now. Be sure to reapply the service pack. Be sure not to install Frontpage Server Extensions since you already have an updated version. 

Step 11: Backup your Metabase Backup your Metabase Backup your Metabase Backup your Metabase Backup your Metabase

You can simply copy metabase.bin from the Winnt/i386/inetsrv folder to another location. This will give you good copy of your initial starting place. We are of course hopeful that you won't need it.

Step 12: Update your Recovery Disks

If you made recovery disks during your NT install, it's a great idea at this point to redo your recovery disks with Rdisk /s as well. See: http://support.microsoft.com/support/kb/articles/Q196/6/03.ASP

Done!

Now that you have a installation ready to roll, you need to secure your web server.  (See the IIS Security Checklist on under Essential Links on our home page)

Once you've made the changes to your server for security. Repeat steps 11 and 12.