Internet Information Services (IIS) 6.0 with the Microsoft Windows Server 2003 operating system provides integrated, reliable, scalable, secure, and manageable Web server capabilities over an intranet, the Internet, or an extranet.

IIS creates a default Web site configuration on your hard disk at the time of installation. You can use the \Inetpub\Wwwroot directory to publish your Web content, or create any directory or virtual directory you choose. The File Transfer Protocol (FTP) service must be installed and started in order to create an FTP site. It is not installed by default.

IIS supports multiple Web sites on a single server. For example, rather than using three different servers to host three different Web sites, you can install all three Web sites on the same server. Consolidating Web sites saves hardware resources, conserves space, and reduces energy costs.

Download the latest PHP version for Windows from http://www.php.net/downloads.php, right-click on the PHP folder, and select "Extract All..."

As mentioned in the introduction, you need to install ColdFusion before you can build ColdFusion applications.

You can administer your server remotely by running IIS on an intranet or the Internet. You can use the following tools for this purpose:

To improve the security of your Web server, many aspects of IIS 6.0, including default behavior and settings, function differently than in earlier versions of IIS.

Multiple options for logging user access activity are available when you manage Microsoft Internet Information Services (IIS) Web servers. I'm going to show you the various logging options and explain what you can do with this valuable data once you gather it.

The following checklist is a summary of the security points which should be checked prior to bringing an IIS server online. In cases where these points are not followed, the admin may want to securely document the known security issues for referral should a security compromise occur.

The first step in locking down a Web server is to make sure the administrator has the institution's backing via a security policy. It doesn't make sense to lock down a machine if the higher-ups haven't recognized the Web server as an asset to be protected.