- 1 Product Description
- 1.1 Known Versions
- 2 Software Pattern Summary
- 3 Platforms Supported by Software Pattern
- 4 Identification
- 5 Versioning
- 6 Application Model Produced by Software Pattern
- 6.1 Product Architecture
- 6.2 Applicatio Model
- 6.3 SI Depth
- 6.4 Listing of IIS Websites, Web Applications, Virtual Directories and Application pools
- 6.5 Database relationship discovery
- 7 Subject Matter Expertise
- 8 Testing
- 9 Information Sources
- 10 Open Issues
- Discover with BMC ADDM
- What is this?
- This is a product information page, containing details of the information that BMC Atrium Discovery gathers about a product and how it is obtained.
- Product Name
- Internet Information Services
- Publisher Page
- TKU 2013-Sep-1
- Change History
- Reports & Attributes
- Publisher Link
Microsoft Internet Information Services (IIS, formerly called Internet Information Server) is a set of Internet-based services for servers using Microsoft Windows.
The servers currently include FTP, SMTP, NNTP, WebDAV and HTTP/HTTPS.
|Product Component||OS Type||Versioning||Pattern Depth|
|Microsoft IIS Service||Windows||Registry and OS Inferences||Instance Based|
|Microsoft IIS Webserver|
|Microsoft FTP Server|
As the software is integrated within the Windows Operating System kernel, it cannot be run on any other Operating System - as such the patterns only identify Windows installations.
The following patterns will only run on Windows 2003 or earlier:
|Pattern||Trigger Node||Attribute||Condition||Argument||False positive checking|
|FTPServer||DiscoveredProcess||cmd||matches||(?i)\bsvchost\.exe$||%systemroot%\system32\inetsrv\Metabase.xml must contain regex '(?i)iisftpserver'. %systemroot% is a Windows environment variable|
The following patterns will only run on Windows Vista or later:
The following processes are identified through the use of Simple Identifiers and are modeled within a full Software Instance for Microsoft Internet Information Services using the primary and associate relationships (See Application Model Produced by Software Pattern for more details about modeling this product).
|Microsoft IIS WebDAV Service||(?i)\bdavcdata\.exe$|
|Microsoft ASP.net Worker Process||(?i)\baspnet_wp\.exe$|
|Microsoft IIS Worker Process||(?i)\bw3wp\.exe$|
|Microsoft IIS Webserver - IIS 6.0 and above||(?i)\bsvchost\.exe$||^.*-k.*iissvcs|
|Microsoft IIS FTP Server||(?i)\bsvchost\.exe$||^.*-k.*ftpsvc|
|Microsoft IIS Service||(?i)\binetinfo\.exe$|
Version information for this product is currently collected using one of two possible methods, either checking the registry for an explicit version number or by checking the operating system for a version that we know maps 1:1 with a specific version of IIS.
The primary manner in which we achieve versioning for IIS is by querying the registry for an appropriate version value.
|Major Version:||HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ MajorVersion|
|Minor Version:||HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ MinorVersion|
The major and minor version numbers are retrieved and amalgamated together.
Due to the tight integration of IIS with the underlying Windows operating system a specific version of IIS can only be found in one lifecycle of a Windows release, IIS may be found in more than one version of Windows but you will not find more than one version of IIS available for a specific version of the operating system.
|IIS Version||Windows Version|
|IIS 1.0||Windows NT 3.51|
|IIS 2.0||Windows NT 4.0|
|IIS 3.0||Windows NT 4.0 SP3|
|IIS 4.0||Windows NT 4.0 Options Pack|
|IIS 5.0||Windows 2000|
|IIS 5.1||Windows XP Professional x32|
|IIS 6.0||Windows Server 2003|
|IIS 6.0||Windows Server 2003 R2|
|IIS 6.0||Windows XP Professional x64|
|IIS 7.0||Windows Vista|
|IIS 7.0||Windows 7|
|IIS 7.0||Windows Server 2008|
|IIS 7.5||Windows Server 2008 R2|
Due to the fact that older versions of IIS/NT are no longer used and that it is relatively difficult to tell the difference between Windows XP Pro x32 and x64 we have chosen to only provide mappings for a subset of the available IIS versions, this is to ensure that where we infer this information from the Operating System we are positive that we are providing the correct information and not providing misleading data.
The only mappings we provide within the pattern are for Windows 2000, 2003 and 2008, as they are easier to spot and they map to a single version of IIS.
The IIS services are integrated with the OS and started via the Windows Services manager.
Once started the software will run under a number of guises, different aspects of the service can be seen in different manners, for example the WWW .net worker process is a unique executable which handles ASP.net processes where as the actual web hosting functionality is ran using svchost.exe with the arguments "-k iissvcs".
All or some of these processes may be present on a given host, the only process that is always present on a running installation of IIS v6 is the Microsoft IIS Management Service represented by the process "inetinfo.exe". "inetinfo.exe" may or may not be running on IIS v7 and above, as only supplied for backwards compatibility purposes.
The Software instances created by these patterns are based on the core IIS Service, the Web Hosting Service and the FTP hosting service. They create separate Software Instances for these services.
Dependency links are created between the Webserver and the IIS Service, and between the FTP Server and the IIS Service
So a typical installation might look like
As there can only be a single running installation of IIS on a specific host the pattern will always create a Deep/Instance Based Software Instance.
A separate pattern (IIS_Extended) has been created to query the IIS Websites, Web Applications, Virtual Directories and Application pools. For more information about this pattern, please refer to the relevant page
Database relationship discovery is performed by IIS_Extended pattern, please refer to the relevant page for more details
SME input would be appreciated to improve the model of IIS further.
This pattern has been tested against multiple running installations of IIS on a variety of Windows hosts.
A list of IIS 7.0 services is at http://blogs.iis.net/tomwoolums/archive/2009/02/13/the-services-behind-internet-information-services-7-0.aspx