Internet Information Services (IIS) in Windows Server 2003 Service Pack 1

Applies To: Windows Server 2003 with SP1

What does Internet Information Services do?

Windows Server 2003 Service Pack 1 includes Internet Information Services (IIS), Version 6.0, which makes it possible for you to host your own Web site on the Internet or your intranet.

IIS is an optional component of Windows Server 2003, is not enabled by default, and must be installed separately.

Who does this feature apply to?

This feature applies to the following audiences:

  • IT professionals that use IIS to host and administer a Web site.

  • Web developers that use IIS to develop Web content.

What existing functionality is changing in Windows Server 2003 Service Pack 1?

Metabase auditing

Beginning with Windows Server 2003 Service Pack 1 (SP1), IIS 6.0 includes a metabase auditing feature that allows tracking of each change that is made to the metabase. Metabase auditing is enabled by enabling an audit access control entry (ACE) on a node in the metabase. After the ACE is enabled, whenever a metabase change takes place on that node, an audit event is published in the Security event log. Using metabase auditing, you can keep track of:

  • What was changed (metabase node, property, and old and new values).

  • When the change was made (date and time).

  • Who made the change (domain and user name).

  • Success or failure of the change attempt (HRESULT).

  • When a change is made remotely (client IP number).


To avoid disclosing sensitive information, such as passwords, values of secure properties do not appear in audit event log entries.

Request tracing

The Windows operating system includes the Event Tracing for Windows (ETW) infrastructure to help individuals troubleshoot problems in the operating system, including problems in HTTP components. If an HTTP request in IIS fails or becomes unresponsive while ETW is enabled, you can view ETW trace data, called events, to determine which component caused the failure. IIS includes the following tracing features:

  • IIS Currently-executing Requests Tracing: This tracing feature provides general statistics and details about all requests executing on the server at the moment tracing was started.

  • IIS Request-Based Tracing: This tracing feature tracks HTTP requests as they move through IIS components.

Windows Server 2003 Service Pack 1 or later also includes a provider for tracing the IIS Admin service during startup and shutdown.

Kernel-mode SSL.

You can run Secure Sockets Layer (SSL) in kernel mode, instead of the default user mode. Running in kernel mode means that components or processes run in the core address space of the operating system. Moving encryption and decryption operations to the kernel improves SSL performance by reducing the number of transitions between kernel mode and user mode. Enabling kernel-mode SSL requires setting a new registry key, EnableKernelSSL.

SSL host headers

IIS 6.0 now supports using SSL to secure Web sites that use host headers — a security feature that many users want to have. SSL host header support requires obtaining a wildcard server certificate and specifying the SSL port number on the SecureBindings metabase property.

Running 32-bit applications on 64-bit Windows

Windows Server 2003 Service Pack 1 enables IIS 6.0 to run 32-bit Web applications on 64-bit Windows using the Windows-32-on-Windows-64 (WOW64) compatibility layer. IIS 6.0 using WOW64 is intended to run 32-bit personal productivity applications needed by software developers and administrators, including 32-bit IIS Web applications.

W3C centralized logging

World Wide Web Consortium (W3C) centralized logging is a global configuration on the server where all Web sites write data to a single log file. Data is stored in the log file using the W3C Extended log file format. The log file can be viewed in a text editor, unlike IIS Centralized Binary Logging, which writes data in binary format and requires a parsing tool to view the data.

Secure configuration for Web servers

Windows Server 2003 Service Pack 1 includes a Security Configuration Wizard (SCW), which is a role-based tool you can use to create a policy that enables the services, inbound ports, and settings required for a selected server to perform a specific role. If you select the Web Server role in the wizard, SCW configures IIS 6.0 to help further reduce the attack surface of your Web server.