Understanding Setup in IIS 7.0

Introduction

IIS 7.0 has a completely modular setup design which enables control over the footprint of the web server. GUI, command line and unattended setup options make it easy to manage the security and servicing footprint of the web server.

IIS 7.0 setup includes more than 40 installable features. The new IIS 7.0 core server pipeline architecture provides a high level of component granularity; the IIS team surfaces that granularity in user selectable, installable components. New to the IIS 7.0 setup is the ability to install just the feature modules that required, allowing you to deploy very thin, task specific servers, as well as lock out functionality in ways never before possible.

This document provides an overview of Microsoft Windows Vista® and Microsoft Server® 2008 setup technology and a detailed examination of IIS 7.0 componentized setup. This information is especially important for those who will need to customize the IIS setup in command line and unattended script scenarios. If you regularly use sysocmgr.exe in scripts to install IIS 6.0, then you must change those scripts for IIS 7.0 in Windows Vista and Windows Server 2008. This white-paper gives you the background information needed to make those changes.

This article contains:

• IIS 7.0 Components Overview
• IIS 7.0 Feature Packages
• Update Dependencies
• Default Install of IIS 7.0
• IIS 7.0 Upgrade
• IIS 7.0 Components Installed During Upgrade
• Methods of Installing IIS 7.0
• Server Manager Tool
• Add/Remove Windows Features Wizard
• Command Line Install of IIS
• Command Line Unattended Setup
• Custom Installations
• Planning Considerations for Custom Installations
• Summary

Windows Server 2008 and Windows Vista Component Based Setup

OS and optional features installation for Windows Vista and Windows Server 2008 is based on completely new technology, replacing those that were used in Windows XP and Windows Server 2003. The new setup technology is now driven by a declarative model, with each feature of the operating system defining its own set of components that make up the feature, and its dependencies.

Windows Vista/Windows Server 2008 benefits from this new installation infrastructure in several important ways:

• Single binaries base for all versions of Windows Server 2008
  • OS versions are assembled declaratively
  • Client & Server versions share same code base
• Servicing
  • Dependencies known for all features
  • Impact of servicing a component is now completely understood
  • Smaller service packs
• Security
  • Reduced attack surface
  • All binaries not installed for each OS version

Windows Server 2008 and Windows Vista Setup for Optional Features

In Windows Vista/Windows Server 2008, the same component based setup technology used to install the OS is also used to install optional features such as IIS 7.0. Prior to Windows Vista/Windows Server 2008, Windows setup infrastructure had multiple technologies to upgrade, service, and add optional features to the OS. These included:

• Setup.exe to install OS
• Sysocmgr.exe to install optional features
• Answers files to install optional features
• Update.exe to install service packs
• MSI installer packages

In Windows Vista/Windows Server 2008, we now have a single component based setup infrastructure that unifies clean OS install, servicing the OS, and installation of optional features. For optional features, this technology now replaces sysocmgr.exe. If you regularly use sysocmgr.exe directly to install IIS, then you must change those scripts for Vista/Windows Server 2008.

Security, Servicing and IIS 7.0 Setup Components

With IIS 6.0, the IIS team took the bold step of securing the web server by default. This meant disabling ISAPI extensions and CGI components from running until the Administrator explicitly enabled those features on the server. In so doing, the potential attack surface changed dramatically between IIS 5.0 where all features were installed and enabled by default and IIS 6.0, where only static file serving was allowed by default on a clean install of the web server.

This change in philosophy had a positive benefit in terms of the default attack surface of the web server, but was far from perfect. While IIS 6.0 improved in many ways over its predecessor in terms of security, reliability and performance, it was still architected in a relative monolithic fashion. This meant that while many of the non-default features are disabled on install, they are still installed, loaded into the web server. These features also continue to consume CPU, memory and require patching and software updates, even though they are disabled. For example, the CGI feature of IIS 6.0 was always installed, whether or not it was ever used. If a software update for CGI became available, every IIS customer would be required to install it, whether it was in use or not.

With IIS 7.0, the IIS team has addressed this by making IIS a fully modular web server, and architecting the setup to take full advantage of the high degree of modularity. With IIS 7.0, not only are unneeded components disabled, but they are not even installed. This allows you to install just the modules for the IIS 7.0 features that are needed, and only worry about servicing the set of components that you use. This makes it possible to deploy very thin, task specific servers and to lock out unused functionality in a way never before possible.

IIS 7.0 Components Overview

The following table summarizes all of the installable component features of IIS 7.0. The table also shows grouping of features into functional areas. These functional areas are used by the setup user interfaces such as Server Manager, as well as by the new command line and scripting tools. Each of the functional areas and feature components are explored in detail in the next section.