Jump to content
Welcome to our new Citrix community!
  • 0

Installing IIS on the Windows 10 image


John Francis1709160537

Question

5 answers to this question

Recommended Posts

  • 0

While I have not personally tried this, Microsoft has some good information about this at the following URL:

https://support.microsoft.com/en-us/help/2752331/guidance-for-relocation-of-iis-7-0-and-iis-7-5-content-directories

 

From that article :

 

Quote

During installation, most of the core IIS components and configuration files are placed inside the %windir%\system32\inetsrv folder. The Inetsrv directory is considered the main installation directory for IIS. It has been reported that some non-Microsoft security scanning tools suggest that IIS should be installed on a non-system drive for security purposes. This is not a correct assessment. IIS is a core Windows component and cannot be installed on a non-system drive.

There have also been reports of suggestions to move the Inetpub directory to a non-system drive for security purposes. The Inetpub directory is the default web content directory and also acts as a placeholder for logs and temporary files. Most of the Inetpub subfolder locations can be reconfigured based on your needs and business requirements, however the initial Inetpub folder and subfolders should never be renamed nor deleted. This is because Windows Servicing may at some point need to update one or more of the core IIS files that are stored in %systemdrive%\inetpub\. Moving the Inetpub folder structure completely off of the system drive is not supported. Further, there are no real security benefits from moving the entire Inetpub directory structure to a non-system drive.


NOTE: IN THE EVENT OF WINDOWS SERVICING, ONLY THE ORIGINAL DIRECTORIES AND THEIR CONTENTS WILL BE UPDATED. MICROSOFT DOES NOT RECOMMEND ANY MANIPULATION TO THE IIS DIRECTORY STRUCTURE. DOING SO WILL RENDER IIS IN AN UNSUPPORTED STATE.

Storing your web site content on a non-system drive (instead of the default %systemdrive%\inetpub folder) is fully supported and is a valid option to consider. However, hosting the website content on a non-system drive is just one possible option out of many for increasing the security levels of your web server.

 

Link to comment
  • 0
On 7/11/2019 at 10:17 AM, Jim Grimm1709160134 said:

While I have not personally tried this, Microsoft has some good information about this at the following URL:

https://support.microsoft.com/en-us/help/2752331/guidance-for-relocation-of-iis-7-0-and-iis-7-5-content-directories

 

From that article :

 

 

 

Thanks for the info. But, with VDisk that cannot be updated, will the developers be able to create app pools, sites etc and configure it while they do development work? This is a big issue for us, as they should be able to create app pools, sites etc in IIS Manager.

Link to comment
  • 0

If you are doing this with PVS, you could use the Maintenance/Test/Production vDisk modes to achieve this functionality.

 

Updates (creating app pools, sites, etc.) would have to be done on a maintenance image and then you can boot the image into Test mode for validation; once the changes are validated, the image can be promoted to Production and the remaining target devices can be rebooted to pick up the new changes.

Link to comment
  • 0
Just now, Jim Grimm1709160134 said:

If you are doing this with PVS, you could use the Maintenance/Test/Production vDisk modes to achieve this functionality.

 

Updates (creating app pools, sites, etc.) would have to be done on a maintenance image and then you can boot the image into Test mode for validation; once the changes are validated, the image can be promoted to Production and the remaining target devices can be rebooted to pick up the new changes.

 

Hi Jim,

 

Unfortunately this desktop is for developers. They do not want to come everytime that they have to create an app pool or sites or modify settings. So, that is where I am concerned. Because it is going to be not comfortable for them or for me to keep on changing or updating the vdisk. 

Link to comment
  • 0

Even with MCS, they would be in the same situation (having to maintain a gold image and reboot machines to pickup changes).

 

I'm not sure if there is any other way to go about what you are trying to do, given the technical limitations imposed by the IIS installation/operating requirements.  Maybe someone else out there has tried something similar and can provide some insight.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...