We often mention inetpub in the process of explaining different development processes and tricks, such as in on how to view IIS logs on Windows and Azure. Because it’s important to understand how the inetpub folder works, the advantages of doing your development work there, and how to avoid potential vulnerabilities, we thought we’d take a closer look at inetpub as a stand-alone topic. Definition of InetpubInetpub is the folder on a computer that is the default folder for Microsoft Internet Information Services (IIS).
The website content and web apps are stored in the inetpub folder — which keeps it organized and secure. Also allows more than one domain to be served from one inetpub folder.
How the Inetpub Folder WorksThe inetpub folder is in the C drive (C:inetpub) and has five subfolders:. The inetpubadminscripts subfolder of the inetpub folder is home to administration scripts that allow you to automate server administration tasks and remotely administer the website served from the inetpub folder. The inetpubiissamples subfolder of the inetpub folder has sample applications that allow developers learn about how the website and web apps work.
The content is for demonstration purposes only. Using any of the sample sites on a working IIS web server puts the computer at risk. The inetpubmailroot subfolder of the inetpub folder and its associated subfolders are used for processing SMTP service for mail. The inetpubscripts subfolder of the inetpub folder contains web applications that add functionality to the website. The inetpubwwwroot subfolder of the inetpub folder contains all the web pages and content that will be published on the web. It is the default directory for publishing web pages.Websites can be. Mostly, IIS serves static content — the same HTML is served to every user.
But IIS 8.5 with serve dynamic content — generated by web applications. Benefits of Developing a Site in the Inetpub FolderThe IIS web server allows developers to serve a website from anywhere on the computer. By keeping the website in the inetpub subfolders, the files only have the appropriate access, and the website can be secured properly.As with many Windows products, there is an active developer community that loves to hate IIS as a web server. They tend to use Apache — an open source web server.But developers who use IIS believe it’s easier than using Apache to start and set up a website. Then developers tend to stick with what they know after learning how to build and manage websites on IIS.And because IIS is a Microsoft product, Microsoft is willing to put a lot of resources into developing the IIS web server, securing the host computer and offering support to troubleshoot problems. There also is a sizable community of developers helping each other work through any issues.Developers and third-party vendors also have a broad range of products to augment and protect IIS web servers.Read more: Ways to Prevent Inetpub VulnerabilitiesIIS allows any Windows computer — including PCs — to serve web pages from the inetpub folder. Unfortunately, this makes the computer vulnerable to attacks such as:.
How To Install Inetpub In Windows 8 2
SSI Buffer overrun privilege elevation. Unicode.asp source code disclosure. Microsoft index server buffer overflow. File fragment disclosure. Web server file request parsing. Web server folder traversal. HTTP protocol stack vulnerabilitySome basic measures can help mitigate the risk of an attack through the inetpub folders compromising a computer.
Delete the iissamples subfolder of the inetpub folder. The sample web apps and sites are instructional and have well-known vulnerabilities. The subfolder contains sample websites that production servers should never use.
Restrict access and NTFS permissions to the files in the inetpub folder. These permissions allow websites to serve information to the public. But if the subfolders and files in the inetpub folder aren’t properly restricted, the whole computer is vulnerable — not just web files. A Microsoft article describes. Move the website to another volume. It is common knowledge that the default folder for IIS websites is found in the C:inetpubwwwroot.
This increases the risk for breaches such as directory traversal attacks. Microsoft recommends moving the website directory to the D: drive. Uninstall any printers on the computer.
Because desktop computers can become web servers thanks to IIS, that computer may be connected to a printer. Printer drivers can be compromised. Turn off IIS if the computer does not need to be a web server. IIS is turned off by default. But if someone turns it on by accident or changes their mind after attempting to develop a website on a local computer, it can be turned off. Click on Programs and Features in the control panel. Click on “Turn Windows features on or off” )(top left side).
Scroll down and uncheck “Internet Information Services.”. Restart the computer.Where to Find Inetpub Support: Tutorials and Resources.
Have to have the inetpub folder?I'm NOT using any IIS stuff. If I do I want to uninstall it. I have absolutely no need to host any web-sites on my PC. Or is this folder used for something that has absolutely nothing to do with IIS? I have also tried to stop the process Service Host: InternetInformation Services, but it just pops up again. If this is a required folder, MS please, please, please put it under the Windows or Programs folders. I haven't seen any of these things since I worked with IIS-servers and after what I thought I knew you onlyrun these services if you host web-sites on your PC?
Having just discovered that 'inetpub' folder on my C drive, and being a proud member of the 'organization neat freak' club too, especially when it comes to my computer, I stumbled upon this thread amidst my research on the matter.It's been established that it relates to the IIS software but, as others here, I have never used it (as in never in my 20 years fiddling with computers). Trying to track down IIS sneaky installs, I managed to access the good old 'windows features' and realisethat a single IIS compoment is indeed installed: 'request filtering'. Trying to uninstall it prompts a warning that it will disable '.NET extensibility 4.6'.I therefore surmise that another program called for that.NET feature and prompted the install of that lone compoment.I can't be sure it is the same cause as others on this thread, but hopefully it'll help at least understand what has happened and how to deal with it (uninstalling might disable or hamper other seemingly unrelated software using.NET 4.6)AND yes, those kind of software should be kept in 'traditional windows' folders, not cluttering my root C drive!