1. What is presentation layer responsible for in the OSI model?

The presentation layer

establishes the data format prior to passing it along to the network application’s interface. TCP/IP
networks perform this task at the application layer.
2. Does Windows Server 2003 support IPv6? Yes, run ipv6.exe from command line to disable
it.
3. Can Windows Server 2003 function as a bridge? Yes, and it’s a new feature for the 2003
product. You can combine several networks and devices connected via several adapters by enabling
IP routing.
4. What’s the difference between the basic disk and dynamic disk? The basic type contains
partitions, extended partitions, logical drivers, and an assortment of static volumes; the dynamic
type does not use partitions but dynamically manages volumes and provides advanced storage
options
5. What’s a media pool? It is any compilation of disks or tapes with the same administrative
properties.
6. How do you install recovery console? C:\i386\win32 /cmdcons, assuming that your Win
server installation is on drive C.
7. What’s new in Terminal Services for Windows 2003 Server? Supports audio
transmissions as well, although prepare for heavy network load.
8. What scripts ship with IIS 6.0? iisweb.vsb to create, delete, start, stop, and list Web sites,
iisftp.vsb to create, delete, start, stop, and list FTP sites, iisdir.vsb to create, delete, start, stop, and
display virtual directories, iisftpdr.vsb to create, delete, start, stop, and display virtual directories
under an FTP root, iiscnfg.vbs to export and import IIS configuration to an XML file.
9. What’s the name of the user who connects to the Web site anonymously?
IUSR_computername
10. What secure authentication and encryption mechanisms are supported by IIS 6.0?
Basic authentication, Digest authentication, Advanced digest authentication, Certificate-based Web
transactions that use PKCS #7/PKCS #10, Fortezza, SSL, Server-Gated Cryptography, Transport
Layer Security
11. What’s the relation between SSL and TLS? Transport Layer Security (TLS) extends SSL by
providing cryptographic authentication.
12. What’s the role of http.sys in IIS? It is the point of contact for all incoming HTTP requests. It
listens for requests and queues them until they are all processed, no more queues are available, or
the Web server is shut down.
13. Where’s ASP cache located on IIS 6.0? On disk, as opposed to memory, as it used to be in IIS
5.
14. What is socket pooling? Non-blocking socket usage, introduced in IIS 6.0. More than one
application can use a given socket.
15. Describe the process of clustering with Windows 2003 Server when a new node is
added. As a node goes online, it searches for other nodes to join by polling the designated internal
network. In this way, all nodes are notified of the new node’s existence. If other nodes cannot be
found on a preexisting cluster, the new node takes control of the quorum resources residing on the
shared disk that contains state and configuration data.
16. What applications are not capable of performing in Windows 2003 Server clusters?
The ones written exclusively for NetBEUI and IPX.
17. What’s a heartbeat? Communication processes between the nodes designed to ensure node’s
health.
 18. What’s a threshold in clustered environment? The number of times a restart is attempted,
when the node fails.
19. You need to change and admin password on a clustered Windows box, but that
requires rebooting the cluster, doesn’t it? No, it doesn’t. In 2003 environment you can do
that via cluster.exe utility which does not require rebooting the entire cluster.
20. For the document of size 1 MB, what size would you expect the index to be with
Indexing Service? 150-300 KB, 15-30% is a reasonable expectation.
21. Doesn’t the Indexing Service introduce a security flaw when allowing access to the
index? No, because users can only view the indices of documents and folders that they have
permissions for.
22. What’s the typical size of the index? Less then 100K documents - up to 128 MB. More than
that - 256+ MB.
23. Which characters should be enclosed in quotes when searching the index? &, @, $, #,
^, ( ), and |.
24. How would you search for C++? Just enter C++, since + is not a special character (and neither
is C).
25. What about Barnes&Noble? Should be searched for as Barnes’&’Noble.
26. Are the searches case-sensitive? No.
27. What’s the order of precedence of Boolean operators in Microsoft Windows 2003
Server Indexing Service? NOT, AND, NEAR, OR.
28. What’s a vector space query? A multiple-word query where the weight can be assigned to each
of the search words. For example, if you want to fight information on ‘black hole’, but would prefer
to give more weight to the word hole, you can enter black[1] hole[20] into the search window.
29. What’s a response queue? It’s the message queue that holds response messages sent from the
receiving application to the sender.
30. What’s MQPing used for? Testing Microsoft Message Queue services between the nodes on a
network.
31. Which add-on package for Windows 2003 Server would you use to monitor the
installed software and license compliance? SMS (System Management Server).
32. Which service do you use to set up various alerts? MOM (Microsoft Operations Manager).
33. What languages does Windows Scripting Host support? VB, VBScript, JScript

What is App Pool and App Domain? What is the

247Customer 1 339
difference between the two.
How to install our WebApplication In Web Server Honeywell 2 3475
In IIS Version 6.0 Through application pool we
can provide different -2 applications for the client.
Is it right? If yes then how to provide the IBM 2 1492
application to the client and what kind of
application it can be ? Plz. Reply me
How to generate Random numbers without using
0 224
Rnd() ?
 Infeneon-
security management 0 206
Technologies
Infeneon-
types of telecommunication network used 0 436
Technologies
Infeneon-
computer sotfware used and its functions 0 147
Technologies
Infeneon-
computer hardware used and its function 0 259
Technologies
brief description of the company and its Infeneon-
0 149
information system Technologies
roles of information system in a business Infeneon-
0 201
organization? Technologies
what type of information system do this company Infeneon-
0 187
use? Technologies
How can we retrive our data after if we format the
2 1755
harddisk?
what is architecture of IIS? Xerox 2 2361
How many users supported by IIS at a Time 2 3441
Connectivity of SQL 2000 + Vb. Using ODBC. 1 1222

Re: What is App Pool and App Domain? What is the difference between the
two.
Answer Application pool is created the each and
# 1 every website.
Application domain is created to one domain
purpose.

Re: How to install our WebApplication In Web Server

Answer There are different way to deploy the 0 Prabhat
# 1 web application in
Saxena(lmp)
web server like
1- X Copy deployment
2- create setup package and install
the server machine
3- use the deployment tools and
configure the server
repositery and drag and drop all
files in your machine to
virtul folder of server machine,

Is This Answer
28 Yes 10 No
Correct ?

Re: How to install our WebApplication In Web Server

Answer if you really want to d that so just
# 2 sit in front of system
and say..."INSTALL" . it will
automatically install on your
system..no matter either web or
window.

Re: In IIS Version 6.0 Through application pool we

can provide different -2 applications for the client. Is
it right? If yes then how to provide the application to
the client and what kind of application it can be ? Plz.
Reply me
Answer If you are running your IIS 1 Devarajshanmugaum
# 1 server with 2 different
versions of framework(1.1 &
2.0)you can create 2 different
application pools and point your
application to the
required framework you want to
run.

Is This Answer
14 Yes 0 No
Correct ?

Re: In IIS Version 6.0 Through application pool we can provide

different -2 applications for the client. Is it right? If yes then how to
provide the application to the client and what kind of application it
can be ? Plz. Reply me
Answer yes it is correct The problem
# 2 might be a application pool
will be associated with 2
 different application that uses
different frameworks.

Re: How can we retrive our data after if we format the harddisk?
Answer Try using 3rd party utilities such as 0 Kevins
unformat,Uneraser ..
#1
you may be able to recover some % of
data depending on how
lucky you are on the day when you know
that your day started
off with hard drive formatted..

But if you really want to get some data

out of your
formatted hard drive.. better spend
some money and get data
retrieved from Data Recovery
Specialist... While they
wouldn't guarantee you 100% recovery ..
but will do happily
for money..

Is This Answer Correct ? 8 Yes 6 No

Re: How can we retrive our data after if we format the harddisk?
Answer There are several kinds of third party
# 2 tool. Which will
really help to retrive the formated
data

Re: what is architecture of IIS?

Answer The new request-processing architecture 3 Dinesh
# 1 and application
isolation environment enables
individual Web applications,
which always run in user mode, to
function within a self-
contained worker process. A worker
process is user-mode
code whose role is to process requests,
 such as returning a
static page or invoking an Internet
Server API (ISAPI)
extension or filter. Worker processes
use HTTP.sys to
receive requests and send responses
over HTTP.

Is This Answer Correct ? 8 Yes 3 No

Re: what is architecture of IIS?

Answer IIs 6.0 architecture is based on
# 2 Http.sys kernel and
metabase configuration is in xml format
security features
all are same like iis5.0 but passport
support included in
6.0

Re: How many users supported by IIS at a Time

Answer by default IIS have 25 thread. so one 0 Hemant
# 1 server can be access Gupta
by 25 people. if u have more than
server then number of
people will be increased.

Is This Answer
9 Yes 2 No
Correct ?

Re: How many users supported by IIS at a Time

Answer I don't think so.......
# 2 Elamparithi.C

Re: Connectivity of SQL 2000 + Vb. Using ODBC.

Answer steps i Follow-
# 1 1) Go to Control panel-->Admintrative
Tools-->Double -click
Data sources(ODBC)-->click Add button-->I
choose SQL server
(last option), Is it right or wrong option
 for connecting
to SQL 2000.Then a new screen appears
Create a New
dataSource-->in name textbox,we can write
anyname--Right or
wrong. suppose i enter sonia, & my server
name is .,so I
enter . in server & click next button-->On
the Next screen
i have checked the option With Sql server
authentication--
>Login Id-sa, Password-->Blank-->Click next
button-->Next--
>Finish-->Then I click on button Test Data
source-->Mesage
Comes TESTS COMPLETED SUCCESSFULLY-->OK--
>OK-->Ok.

These steps we have to do or not for

Connectivity using
ODBC.
If yes,then what after these steps we have
to do??Plz reply
me early ??Thx in advance

Re: Types of authentications in IIS?

Answer anonmous authentication 1 Jay
# 1 windows authentication
digest authentication
advanced digest authentication
web transaction authenticatioon
ssl ,tls based authenticatiin mechanism

Is This Answer Correct ? 5 Yes 0 No

Re: Types of authentications in IIS?

Answer Anonymous Authentication
# 2 ( IUSR_COMPUTERNAME)
Windows Integrated Authentication ( It
uses NTLM or
Kerberose, AuthType in IIS metabase)
Basic Authentication – ( Clear Text )
Digest Authentication
Advance Digest Authentication
Windows Form based authentication
(using database at the
 blackened)
IIS 6 includes. Passport
Authentication.
I believe Radius Authentication is one
which can be
included..! Authentication with
Internet Authentication
service IAS.

*I believe SSL and TSL are used for

encryption and not
authentication.*

Re: What are different authentication types. How do you retreive

user id in case of windows authentication.
Answer 1.Window 0 Ram
# 1 2. Forms
[Z
3. Passport
Tech]
Is This Answer Correct ? 2 Yes 3 No

Re: What are different authentication types. How do you retreive

user id in case of windows authentication.
Answer Different Type of Authentications are
# 2 Anonymous Authentication
( IUSR_COMPUTERNAME)
Windows Integrated Authentication ( It
uses NTLM or
Kerberose, AuthType in IIS metabase)
Basic Authentication – ( Clear Text )
Digest Authentication
Advance Digest Authentication
Windows Form based authentication
(using database at the
blackened)
IIS 6 includes. Passport
Authentication.
I believe Radius Authentication is one
which can be
included..! Authentication with
Internet Authentication
service IAS.

How do you retrive UserID in case of

Windows Authentication?

HTTP header has the property Auth_Type

 = The authentication
method that the server uses to validate
users ( NTLM or
Kerberos if Windows Intergrated
Authenticaiton is used)

AUTH_USER = Returns the raw

authenticated user name

Create a ASP page on webserver and drop

the following lines
to see the auth user..!
:)

<%
for each x in Request.ServerVariables
response.write(x & "<br />")
next
%>

Re: Types of authentications in IIS?

Answer IIS 6.0 supports the following 0 Awadh
# 1 authentication methods: Vishwari
? Anonymous authentication. This
authentication method
allows everyone access to the public
areas of your Web
sites, without asking for a user name
or password.

? Basic authentication. This

authentication method prompts
the user for a user name and a
password, also called
credentials, which are sent
unencrypted over the network.

? Digest authentication. This

authentication method
operates much like Basic
authentication, except that
passwords are sent across the network
as a hash value for
additional security. Digest
authentication is available
only on domains with domain
controllers running Windows
server operating systems.

? Advanced Digest authentication. This

 authentication
method is identical to Digest
authentication, except
Advanced Digest authentication stores
the client
credentials as a Message Digest (MD5)
hash in Active
Directory on your domain controller
running Windows Server
2003.

? Integrated Windows authentication.

This authentication
method uses hashing technology to
scramble user names and
passwords before sending them over the
network.

? UNC authentication. This

authentication method passes
users' credentials through to the
computer with the
Universal Naming Convention (UNC)
share.

? .NET Passport Authentication. This

authentication method
is a user-authentication service that
lets Web site users
create a single sign-in name and
password for access to
all .NET Passport?enabled Web sites
and services. .NET
Passport?enabled sites rely on the
.NET Passport central
server to authenticate users; .NET
Passport?enabled sites
do not host and maintain their own
proprietary
authentication systems.

? Certificate authentication. This

authentication method
uses Secure Sockets Layer (SSL)
certificates to
authenticate servers and clients.

Is This Answer
4 Yes 0 No
Correct ?

Re: Types of authentications in IIS?

Answer IIS 6.0 supports the following
authentication methods:
#2
? Anonymous authentication. This
authentication method
allows everyone access to the public
areas of your Web
sites, without asking for a user name
or password.

? Basic authentication. This

authentication method prompts
the user for a user name and a
password, also called
credentials, which are sent
unencrypted over the network.

? Digest authentication. This

authentication method
operates much like Basic
authentication, except that
passwords are sent across the network
as a hash value for
additional security. Digest
authentication is available
only on domains with domain
controllers running Windows
server operating systems.

? Advanced Digest authentication. This

authentication
method is identical to Digest
authentication, except
Advanced Digest authentication stores
the client
credentials as a Message Digest (MD5)
hash in Active
Directory on your domain controller
running Windows Server
2003.

? Integrated Windows authentication.

This authentication
method uses hashing technology to
scramble user names and
passwords before sending them over the
network.

? UNC authentication. This

authentication method passes
users' credentials through to the
computer with the
Universal Naming Convention (UNC)
share.

? .NET Passport Authentication. This

authentication method
is a user-authentication service that
 lets Web site users
create a single sign-in name and
password for access to
all .NET Passport?enabled Web sites
and services. .NET
Passport?enabled sites rely on the
.NET Passport central
server to authenticate users; .NET
Passport?enabled sites
do not host and maintain their own
proprietary
authentication systems.

? Certificate authentication. This

authentication method
uses Secure Sockets Layer (SSL)
certificates to
authenticate servers and clients.

Re: How do you create Virtual Root in IIS?

Answer just simple. 0 Bhaskar
# 1 FIRST CREATE THE NEWFOLDER IN THE ANY
OF THE UR SYSTEM,THAT
IS THE UR ORIGINAL ROOT FOLDER.
goto
start-->run--.type INETMGR--->GOTO
DEFAULT
WEBSITE-->RIGHTCLICK-->GOTO NEW--
>SELECT NEW VIRTUAL
DIRECTORY-->GIVE THE ALIAS NAME OF THE
ROOT->CLICK
NEXT-->GIVE YHE PATH OF THE ORIGINAL
DIRECTORY-->CLICK
NEXT--> CLICK FINISH--->VIRTUAL WILL BE
CREATED

Is This Answer
3 Yes 0 No
Correct ?

Re: How do you create Virtual Root in IIS?

Answer If the site is already existing then
# 2 you simply open IIS
manager, go to the site for which you
need to create the
virtual root [ virtual directory]
Browse to that folder
under the site, right click >
 properties > and Select create
application.

Re: How do you remotely administer MS IIS?

Answer You can administer your server remotely by
# 1 running IIS on
an intranet or the Internet. You can use
the following
tools for this purpose:

• IIS Manager: You can use IIS Manager on

your server to
remotely connect to and administer an
intranet server
running IIS 5.0, IIS 5.1, or IIS 6.0 (IIS
3.0 and IIS 4.0
are not supported).

• Terminal Services: Terminal Services does

not require you
to install IIS Manager on the remote client
computer
because, once connected to the server
running IIS, you use
IIS Manager on the Web server as if you are
logged on to
the server locally.

• Remote Administration (HTML) Tool: You

can use the Remote
Administration (HTML) tool to administer
your IIS Web
server from any Web browser on your
intranet. This version
of the Remote Administration (HTML) tool is
supported only
on servers running Windows Server 2003 with
IIS 6.0.

Note

If you install the Remote Administration

(HTML) Tool for
IIS 6.0 on a server that has been upgraded
to Windows
Server 2003 from Microsoft Windows NT 4.0,
you may receive
an error when you try to view the
administrative Web site.
This error occurs because, by default,
buffering is set to
False in IIS 4.0. However, in IIS 6.0,
buffering is set to
True by default, and this setting is not
changed during
upgrade. To view the administrative Web
site in IIS 6.0,
you must enable buffering.

Important

You must be a member of the Administrators

group on the
local computer to perform the following
procedure or
procedures. As a security best practice,
log on to your
computer by using an account that is not in
the
Administrators group, and then use the
runas command to run
IIS Manager as an administrator. At a
command prompt, type
runas /user:Administrative_AccountName "mmc
%systemroot%
\system32\inetsrv\iis.msc".

Procedures
To administer your intranet server remotely
by using IIS
Manager
1.
Start IIS Manager on any computer on your
network that is
running a member of the Windows Server 2003
family.

2.
To connect to a remote computer running
IIS, right-click
the local computer, and then click Connect.

3.
In the Connect to Computerdialog box, in
the Computer name
box, type the name of the computer to which
you want to
connect, or click Browse to browse to the
computer, and
then click OK.

Note If you do not have TCP/IP and a name

resolution
server, such as Windows Internet Name
Service (WINS)
installed, you might not be able to connect
to an IIS
computer using the computer name. As an
alternative, you
can also use the IP address of the IIS
computer, or you can
add the host name and IP address to the
local hosts file on
the computer, which is located at
%systemdrive%
\Windows\system32\drivers\etc\hosts. For
more information,
see "TCP/IP" in Help and Support Center for
Windows 2003.

To administer your server remotely using

Terminal Services
1.
Install the Terminal Services client on
the computer you
are using to connect.

2.
While the remote computer is running,
start Terminal
Services and identify the name of the
remote computer.

3.
From the Terminal Services window,
administer IIS as you
would locally. You can start IIS Manager on
any computer on
your network that is running Windows, or
you can open a Web-
based server-management appliance. You can
also run scripts
from the Terminal Services window.

To enable the Remote Administration (HTTP)

tool through
Control Panel
1.
In Control Panel, click Add or Remove
Programs.

2.
In the Add or Remove Programs dialog box,
click Add/Remove
Windows Components.

3.
In the Windows Components Wizard dialog
box, in
Components, click Application Server, and
then click
Details.

4.
In the Application Server dialog box, in
Subcomponents of
Application Server, click Internet
Information Services
(IIS), and then click Details.

5.
In the Internet Information Services (IIS)
dialog box,
inSubcomponents of Internet Information
Services (IIS),
click World Wide Web Service, and then
click Details.

6.
In the World Wide Web Service dialog box,
in Subcomponents
of World Wide Web Service, select the
Remote Administration
(HTML) check box, and then click OK.

7.
Click OK two more times, and then, in the
Windows
Components Wizard dialog box, click Next.

8.
After setup is complete, click Finish to
close the wizard.

To enable buffering on the administrative

Web site (for
upgrades from IIS 4.0 to IIS 6.0 only)
• In IIS Manager, double-click servername
(local computer).

• Double-click Web Sites.

• Right-click the Administration Web site,

and then click
Properties.

• Click Home Directory, click

Configuration, and then click
Options.

• Check the Enable buffering check box, and

then click OK
twice.
 To view the Remote Administration (HTML)
tool from IIS
Manager
• Expand the local computer, expand the Web
Sites folder,
right-click the Administration Web site,
and click Browse.

To administer an IIS Web server with the

Remote
Administration (HTML) tool
• Open your intranet site from a Web
browser and type the
following in the address bar:
https://hostname:8098

Replace hostname with the name of the

computer that you
want to connect to and administer.

Re: How do you remotely administer MS IIS?

Answer Through the IIS administrative web 1 Joe
# 1 console Sellner
Is This Answer Correct ? 1 Yes 1 No

Re: How do you remotely administer MS IIS?

Answer Log into the machine remotely using
# 2 Remote Desktop or a 3rd
party application.

Re: How to configure the sites in Web server (IIS)?

Answer 1. open the IIS Manager 0 Online It
2. Right click on default website
#1 Consultant
3. Go to New and click on
website
4. Give website location and
follow the wizard to
complete the configuring site.

Is This Answer
1 Yes 1 No
Correct ?
 Re: How to configure the sites in Web server (IIS)?
Answer 1st we need to install IIS and
required configure it
#2
you can install it start >> run >>
appwiz.cpl >> add
windows component

Sunday, January 20, 2008

IIS Interview Questions

1. In which process does IIS runs (was asking about the EXE file)
inetinfo.exe is the Microsoft IIS server running, handling ASP.NET
requests among other things. When an ASP.NET request is received
(usually a file with .aspx extension), the ISAPI filter aspnet_isapi.dll
takes care of it by passing the request to the actual worker process
aspnet_wp.exe.
2. Where are the IIS log files stored?
C:\WINDOWS\system32\Logfiles\W3SVC1
OR
c:\winnt\system32\LogFiles\W3SVC1
3. What are the different IIS authentication modes in IIS 5.0 and
 Explain? Difference between basic and digest authentication modes?
IIS provides a variety of authentication schemes:
• Anonymous (enabled by default)
• Basic
• Digest
• Integrated Windows authentication (enabled by default)
• Client Certificate Mapping
Anonymous
Anonymous authentication gives users access to the public areas of
your Web site without prompting them for a user name or password.
Although listed as an authentication scheme, it is not technically
performing any client authentication because the client is not required
to supply any credentials. Instead, IIS provides stored credentials to
Windows using a special user account, IUSR_machinename. By
default, IIS controls the password for this account. Whether or not IIS
controls the password affects the permissions the anonymous user
has. When IIS controls the password, a sub authentication DLL
(iissuba.dll) authenticates the user using a network logon. The function
of this DLL is to validate the password supplied by IIS and to inform
Windows that the password is valid, thereby authenticating the client.
However, it does not actually provide a password to Windows. When
IIS does not control the password, IIS calls the LogonUser() API in
Windows and provides the account name, password and domain name
to log on the user using a local logon. After the logon, IIS caches the
security token and impersonates the account. A local logon makes it
possible for the anonymous user to access network resources, whereas
a network logon does not.
Basic Authentication
IIS Basic authentication as an implementation of the basic
authentication scheme found in section 11 of the HTTP 1.0
specification.
As the specification makes clear, this method is, in and of itself, non-
secure. The reason is that Basic authentication assumes a trusted
connection between client and server. Thus, the username and
password are transmitted in clear text. More specifically, they are
transmitted using Base64 encoding, which is trivially easy to decode.
This makes Basic authentication the wrong choice to use over a public
network on its own.
Basic Authentication is a long-standing standard supported by nearly
all browsers. It also imposes no special requirements on the server
side -- users can authenticate against any NT domain, or even against
accounts on the local machine. With SSL to shelter the security
credentials while they are in transmission, you have an authentication
solution that is both highly secure and quite flexible.
 Digest Authentication
The Digest authentication option was added in Windows 2000 and IIS
5.0. Like Basic authentication, this is an implementation of a technique
suggested by Web standards, namely RFC 2069 (superceded by RFC
2617).
Digest authentication also uses a challenge/response model, but it is
much more secure than Basic authentication (when used without SSL).
It achieves this greater security not by encrypting the secret (the
password) before sending it, but rather by following a different design
pattern -- one that does not require the client to transmit the
password over the wire at all.
Instead of sending the password itself, the client transmits a one-way
message digest (a checksum) of the user's password, using (by
default) the MD5 algorithm. The server then fetches the password for
that user from a Windows 2000 Domain Controller, reruns the
checksum algorithm on it, and compares the two digests. If they
match, the server knows that the client knows the correct password,
even though the password itself was never sent. (If you have ever
wondered what the default ISAPI filter "md5filt" that is installed with
IIS 5.0 is used for, now you know.
Integrated Windows Authentication
Integrated Windows authentication (formerly known as NTLM
authentication and Windows NT Challenge/Response authentication)
can use either NTLM or Kerberos V5 authentication and only works
with Internet Explorer 2.0 and later.
When Internet Explorer attempts to access a protected resource, IIS
sends two WWW-Authenticate headers, Negotiate and NTLM.
• If Internet Explorer recognizes the Negotiate header, it will choose it
because it is listed first. When using Negotiate, the browser will return
information for both NTLM and Kerberos. At the server, IIS will use
Kerberos if both the client (Internet Explorer 5.0 and later) and server
(IIS 5.0 and later) are running Windows 2000 and later, and both are
members of the same domain or trusted domains. Otherwise, the
server will default to using NTLM.
• If Internet Explorer does not understand Negotiate, it will use NTLM.
So, which mechanism is used depends upon a negotiation between
Internet Explorer and IIS.
When used in conjunction with Kerberos v5 authentication, IIS can
delegate security credentials among computers running Windows 2000
and later that are trusted and configured for delegation. Delegation
enables remote access of resources on behalf of the delegated user.
Integrated Windows authentication is the best authentication scheme
in an intranet environment where users have Windows domain
accounts, especially when using Kerberos. Integrated Windows
 authentication, like digest authentication, does not pass the user's
password across the network. Instead, a hashed value is exchanged.
Client Certificate Mapping
A certificate is a digitally signed statement that contains information
about an entity and the entity's public key, thus binding these two
pieces of information together. A trusted organization (or entity) called
a Certification Authority (CA) issues a certificate after the CA verifies
that the entity is who it says it is. Certificates can contain different
types of data. For example, an X.509 certificate includes the format of
the certificate, the serial number of the certificate, the algorithm used
to sign the certificate, the name of the CA that issued the certificate,
the name and public key of the entity requesting the certificate, and
the CA's signature. X.509 client certificates simplify authentication for
larger user bases because they do not rely on a centralized account
database. You can verify a certificate simply by examining the
certificate.
http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/vsent7/html/vxconIISAuthentication.asp
4. How to configure the sites in Web server (IIS)?
5. Advantages in IIS 6.0?
http://www.microsoft.com/windowsserver2003/iis/evaluation/features/
default.mspx
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/
prodtechnol/windowsserver2003/proddocs/datacenter/gs_whatschang
ed.asp
6. IIS Isolation Levels?
Internet Information Server introduced the notion "Isolation Level",
which is also present in IIS4 under a different name. IIS5 supports
three isolation levels, that you can set from the Home Directory tab of
the site's Properties dialog:
• Low (IIS Process): ASP pages run in INetInfo.Exe, the main IIS
process, therefore they are executed in-process. This is the fastest
setting, and is the default under IIS4. The problem is that if ASP
crashes, IIS crashes as well and must be restarted (IIS5 has a reliable
restart feature that automatically restarts a server when a fatal error
occurs).
• Medium (Pooled): In this case ASP runs in a different process, which
makes this setting more reliable: if ASP crashes IIS won't. All the ASP
applications at the Medium isolation level share the same process, so
you can have a web site running with just two processes (IIS and ASP
process). IIS5 is the first Internet Information Server version that
supports this setting, which is also the default setting when you create
an IIS5 application. Note that an ASP application that runs at this level
is run under COM+, so it's hosted in DLLHOST.EXE (and you can see
 this executable in the Task Manager).
• High (Isolated): Each ASP application runs out-process in its own
process space, therefore if an ASP application crashes, neither IIS nor
any other ASP application will be affected. The downside is that you
consume more memory and resources if the server hosts many ASP
applications. Both IIS4 and IIS5 supports this setting: under IIS4 this
process runs inside MTS.EXE, while under IIS5 it runs inside
DLLHOST.EXE.
When selecting an isolation level for your ASP application, keep in
mind that out-process settings - that is, Medium and High - are less
efficient than in-process (Low). However, out-process communication
has been vastly improved under IIS5, and in fact IIS5's Medium
isolation level often deliver better results than IIS4's Low isolation. In
practice, you shouldn't set the Low isolation level for an IIS5
application unless you really need to serve hundreds pages per
second.