Isolating applications means configuring them to run in a process (memory space) that is separate from the Web server core (the core components required to run I 14314t1911o nternet Information Services (IIS), such as IISAdmin, the metabase, and so on) and other applications. You can configure applications into one of three levels of application protection:
u·
Low (IIS process)
u·
Medium (pooled)
u·
High (isolated)
Note that server-side includes (SSI), Internet Database Connector (IDC), and other InProcessISAPIApps applications (special applications that must be run in process) cannot be run in medium or high isolation.
u·
Mode: This
feature of IIS 6.0 is available only when IIS is running in IIS 5.0
isolation mode.
u·
Credentials:
Membership in the Administrators group on the local computer.
u·
Tools:
Iis.msc.
As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type runas /user:administrative_accountname "mmc %systemroot%\system32\inetsrv\iis.msc".
To set or change the level of application protection
In IIS Manager, expand the local computer, right-click the Web site or the starting-point directory for the application you want to configure, and then click Properties.
Click the Home Directory, Virtual Directory, or Directory tab, depending on whether you are configuring a Web site, a virtual directory, or an application.
In the Application protection box, click the appropriate level of protection, and then click OK.
The Web server finishes processing any current requests for the application before it creates a separate process. At the next request for the application, the application will run in the appropriate memory space.
|