8. Configuring Feature Delegation
To allow users who have been granted
permission to a site, application, directory, or page to make changes
to configurations, feature delegation must be used to unlock the
relevant portion of the configuration file for the element. Follow
these steps to configure feature delegation for a newly created website:
1. In IIS Manager, navigate to the Connections pane and select the IIS server.
2. Select the Feature Delegation feature icon, which is located in the Central Details pane.
3. On the Features Delegation page, select the Custom Site Delegation task from the Actions pane.
4. Select the site to be delegated from the Sites drop-down menu on the Custom Website page.
5. Select the
appropriate feature in the list and then set the desired feature
delegation from the Actions pane. The delegations include: Read/Write,
Read Only, Not Delegated, and Reset to Inherited.
Note
In some circumstances, you might need to
reset delegation or restore the defaults. When you find this necessary,
click the Reset All Delegation or Default Delegation in the Actions
pane.
9. Using IIS Logging
IIS logging should be viewed as a necessity
rather than an optional feature of IIS because it helps to ensure IIS
security and is also extremely useful for maintenance and
troubleshooting. For example, in the event of a system compromise, logs
can be used and a forensic review performed on the extensive details
contained in them. This information can then be used to review
maintenance procedures and identify problems in the system. Equally
important, many organizations now require logging because of regulatory
compliance or other business policies.
IIS text-based logging, using formats such as
the W3C Extended Log File Format, Microsoft IIS Log File Format, and
NCSA Common Log File Format, is controlled by Http.sys, which is a
kernel-mode process. This is a significant change from legacy versions
where logging was a user-mode process. The only other log file format
that comes close to legacy versions is Open Database Connectivity (ODBC) logging, because it is implemented using a user mode worker process.
Another bonus about logging is its ability to
be implemented at the server, site, web application, file, and
directory level. Specific scoping helps minimize the number of logs
collected and simplifies log analysis. For organizations that want to
configure IIS logging for a specific website, follow these steps:
1. Launch IIS Manager.
2. In the Connections pane, select the desired website for which you want to configure logging.
3. Double-click the Logging feature in the Actions pane.
4. On the Logging page, select the desired logging format to be used.
5. Specify the
location of the log file by typing a log path into the Directory text
box. Alternatively, click the Browse button and select a directory to
store the files.
In the Log File Rollover section,
select the method to create the new log file. The options include
specifying an hourly, daily, weekly, or monthly schedule; entering a
maximum file size (in bytes); or selecting the option that puts a stop
to the creation of new log files.
The final option requires you to determine whether to use local time for file naming and rollover.
6. After all the log file settings have been entered, select Apply in the Actions pane to commit the changes.
Note
It is possible to either enable or
disable a log file for a specific site by selecting Enable or Disable
in the Actions pane of the Logging feature page. To enable logging for
IIS 8, the HTTP Logging Module must be installed.
