Introduction to Internet Information Services 7.0


Internet Information Services 7.0 (IIS 7.0) is Microsoft’s latest version of their web server. IIS has been included with Windows Server since Windows 2000 Server as a Windows Component and since Windows NT as an option. IIS 7.0 is available with Windows Vista and Windows Server 2008, which is scheduled for release in Q1 2008. IIS 7.0 has gone through a major overhaul and has been completely redesigned from scratch. This has been done to make the most flexible and secure platform for web and application hosting.

IIS 7.0 has been designed to be the most secure and flexible web and application platform from Microsoft. Microsoft has redesigned IIS from the ground and during this process the IIS team has focused on 5 major areas:

  • Security

  • Extensibility

  • Configuration and Deployment

  • Administration and Diagnostics

  • Performance

What’s New

Almost everything is new in IIS 7.0. Microsoft has focused on modularity when building IIS 7.0, which means that only the binaries needed is installed, this minimizes the attack surface of the web server.

An example to this: If you need the FTP Server or the Caching feature in IIS, you install the FTP Server or Cache modules to manage and enable either the caching activity or the FTP Server.

Windows Server 2008 will include all the IIS features needed to support hosting of web content in production environments. Windows Vista only has some IIS features and the features depend on your Vista version. IIS 7.0 in Windows Vista is ideal for building and testing web applications. Additional modules and features will be available from Microsoft or you can code your own, maybe even buy some from 3rd party vendors.


Besides the changes to the core components of IIS 7.0, the focus has been with modular design in mind. The modular design gives more flexibility and security to IIS 7.0, compared to previous versions of IIS.

Figure A: Overview of the main modules and components of IIS 7.0

The main advantage of the new modular design is that it helps to reduce the footprint, which results in a more secure web server platform, since the attack surface has been minimized.

IIS 7.0 provides a new native core API, which replaces the ISAPI filter from previous versions of IIS. With the new API it’s now possible to extend IIS with extra modules or even replace any of the built-in modules with custom written modules.

New modules can be downloaded from Microsoft’s website, where Microsoft maintains a download repository for IIS:


There are several ways of administrating IIS 7.0.

  • The GUI way using IIS Manager

  • APPCMD command tool

  • Remote administration using IIS Manager

  • Scripting using Windows PowerShell

  • Microsoft.Web.Administration API interface

The GUI Management interface has also been redesigned, the new IIS Manager is now more task-oriented and action based, as we know from ISA Server and the new Exchange Server 2007.

Figure B: Screenshot of the IIS Manager

IIS Manager can be used to configure IIS and ASP.NET settings, the configuration settings will be written to the xml configuration files. As something new, Health and diagnostics information can now be seen and run as integrated tools directly from within IIS Manager and is already a part of IIS 7.0.

APPCMD is the new main general purpose command prompt tool for IIS 7.0, which can be used for administration and configuration of IIS. APPCMD is the new enhanced version of the old adsutil.vbs, for those of you who are familiar with that tool from IIS 6.0.

Remote Administration has been enhanced and is now possible using the IIS Manager, communicating securely over https to the web server.

There’s also the option of scripting all IIS management. This is now done using Windows PowerShell, which is Microsoft’s new scripting language. It’s an easy and effective way of handling administration of IIS on your web server and this is especially useful if you manage several web servers or large web farms. Windows PowerShell can be used directly against the WMI interface of IIS or used to read and write in the IIS 7.0 XML configuration files.

IIS 7.0 has backward compatibility with the IIS 6.0 metabase and the ADSI and WMI scripting interface known from IIS 6.0, which means that all your old scripts for IIS 6.0 will still work on IIS 7.0.

Microsoft.Web.Administration API is the interface targeted to developers, who want to code their own programs or scripts to manage IIS 7.0.

In IIS 7.0 it’s now possible to delegate the management of IIS and the web sites. You can now delegate full administrative access to the site owners of a website. The site owners can then control and manage all the website settings using IIS Manager, without compromising server security. All the settings the site owners manage, are written to the web.config xml file of their own website.


The configuration has been made simple and is based on distributed XML files that hold the configuration settings for the entire IIS and ASP.NET.

Configuration settings can be done globally for the entire web server or for specific websites using either the XML files or through the GUI Management interface. The GUI just writes the configuration settings to the same XML files. The main xml configuration files in IIS 7.0 are:

  • Applicationhost.config

  • Global web.config

  • Machine.config

  • Site web.config

  • App web.config

By using xml based configuration files, deployment and scale-out in large web hosting environments has been optimized. It’s fairly easy to copy the IIS configuration to a new server and be up and running relatively quickly.

Handling replication of web server configuration is also relatively easy with IIS 7.0 compared to IIS 6.0, because of the xml based configuration files. This makes it very easy to replicate and deploy configurations in larger web farm environments. With IIS 6.0 this was best handled by using Microsoft Application Center 2000 or other 3rd party products.

Shared Configuration is a new feature of IIS 7.0, which is designed for web farm scenarios. With Shared Configuration it’s now possible for multiple web servers to share a single configuration file (applicationhost.config). A master of the applicationhost.config file will be placed on a common UNC path. The Shared Configuration feature is a great alternative to the perspective of replicating IIS settings.

The Applicationhost.config xml file is the main configuration file of IIS 7.0, this configuration file contains all the information about sites, virtual directories, applications, application pools and global settings for the web server.

Content replication can relatively easy been managed by simple x-copy or robocopy commands, as well as specific website configurations, which are saved in web.config xml files within each website.


With the redesign of IIS, Microsoft has really focused on making the IIS 7.0 a better web server for everyone, from IT Professionals, Developers to Web Hosters. To sum up I’ll try to highlight some of the main reasons why I believe IIS 7.0 is a strong product:

  • The product is more secure – only the binaries needed are installed

  • It’s extendable in a flexible way, because of the new modular architecture

  • It’s easier to scale-out – because of the simplicity in configuration, based on xml files

  • Better performance – due to the improvements to the core of IIS (http.sys)

There are plenty of opportunities for trying out IIS 7.0 yourself and getting familiar with it before the official release.

IIS 7.0 is available for public download together with the latest version of Windows Server 2008, currently in Beta 3. You can download the Windows Server 2008 beta from:

Microsoft has created a special Go Live license, which is available for free and permits customers to deploy beta releases of IIS 7.0 in live production environments, before the official release of Windows Server 2008, which is scheduled for release in Q1 2008.

The IIS 7.0 Go Live license can be obtained from:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top