Maintenance outage for upgrade on Sunday, September 22

This site, docs.bmc.com, will be inaccessible for two hours starting at 9 AM CDT, Sunday, September 22, for a platform upgrade.

    Page tree
    Skip to end of metadata
    Go to start of metadata
    Discover with BMC Discovery
    download

    This product can be discovered by any edition of BMC Discovery. Download our free Community Edition to try it out, or [see what else it can discover] !

    What is this?
    This is a product information page, containing details of the information that BMC Discovery gathers about a product and how it is obtained.
    Product Name
    Internet Information Services
    Publisher Page
    Microsoft
    Category
    Application Server Software Platforms
    Release
    TKU 2019-Jul-1
    Change History
    Microsoft Internet Information Services - Change History
    Reports & Attributes
    Microsoft Internet Information Services - Reports & Attributes
    Publisher Link
    Microsoft

    Product Description


    Extended Discovery pattern which allows to model "Website", "FTP Server", "Web Application", "Virtual Directory" and "Application Pool" is available for this product.

     

    Microsoft Internet Information Services (IIS, formerly called Internet Information Server) is a set of Internet-based services for servers using Microsoft Windows.

    The servers currently include FTP, SMTP, NNTP, WebDAV and HTTP/HTTPS.

    Known Versions

    • 1.0
    • 2.0
    • 3.0
    • 4.0
    • 5.0
    • 5.1
    • 6.0
    • 7.0
    • 7.5
    • 8.0
    • 8.5

    Software Pattern Summary

    Product ComponentOS TypeVersioningPattern Depth
    Microsoft IIS ServiceWindowsRegistry and OS InferencesInstance Based
    Microsoft IIS Webserver
    Microsoft FTP Server

    Platforms Supported by Software Pattern

    As the software is integrated within the Windows Operating System kernel, it cannot be run on any other Operating System - as such the patterns only identify Windows installations.

    Identification

    Software Instance Triggers

    The following patterns will only run on Windows 2003 or earlier:

    PatternTrigger NodeAttributeConditionArgumentFalse positive checking
    IISDiscoveredProcesscmdmatches


    (?i)\binetinfo\.exe$

     
    IISWebserverDiscoveredProcesscmdmatches


    (?i)\bsvchost\.exe$

     
    argsmatches


    (?i)-k.*iissvcs

    FTPServerDiscoveredProcesscmdmatches


    (?i)\bsvchost\.exe$

    {escapeall}%systemroot%\system32\inetsrv\Metabase.xml{escapeall} must contain regex '(?i)iisftpserver'. %systemroot% is a Windows environment variable
    argsmatches


    (?i)-k\s+iissvcs

    The following patterns will only run on Windows Vista or later:

    PatternTrigger NodeAttributeConditionArgument
    IISWebserver_7DiscoveredProcesscmdmatches


    (?i)\bsvchost\.exe$

    argsmatches


    (?i)-k.*iissvcs

    IISFTPServer_7DiscoveredProcesscmdmatches


    (?i)\bsvchost\.exe$

    argsmatches


    (?i)-k\s+ftpsvc

    IIS_7DiscoveredProcesscmdmatches


    (?i)\bsvchost\.exe$

    argsmatches


    (?i)-k.*iissvcs

    Simple Identification Mappings

    The following processes are identified through the use of Simple Identifiers and are modeled within a full Software Instance for Microsoft Internet Information Services using the primary and associate relationships (See Microsoft Internet Information Services#Application Model Produced by Software Pattern for more details about modeling this product).

    NameCommandArguments
    Microsoft IIS WebDAV Service


    (?i)\bdavcdata\.exe$

     
    Microsoft ASP.net Worker Process


    (?i)\baspnet_wp\.exe$

     
    Microsoft IIS Worker Process


    (?i)\bw3wp\.exe$

     
    Microsoft IIS Webserver - IIS 6.0 and above


    (?i)\bsvchost\.exe$


    ^.*-k.*iissvcs

    Microsoft IIS FTP Server


    (?i)\bsvchost\.exe$


    ^.*-k.*ftpsvc

    Microsoft IIS Service


    (?i)\binetinfo\.exe$

     

    Versioning

    Version information for this product is currently collected using one of two possible methods, either checking the registry for an explicit version number or by checking the operating system for a version that we know maps 1:1 with a specific version of IIS.

    Registry Versioning

    The primary manner in which we achieve versioning for IIS is by querying the registry for an appropriate version value.

    Major Version:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ MajorVersion
    Minor Version:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ MinorVersion
    Major Version:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp
    Minor Version:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp

    The major and minor version numbers are retrieved and amalgamated together.

    Operating System Inference

    Due to the tight integration of IIS with the underlying Windows operating system a specific version of IIS can only be found in one lifecycle of a Windows release, IIS may be found in more than one version of Windows but you will not find more than one version of IIS available for a specific version of the operating system.

    *Full IIS to OS Mapping*

    IIS VersionWindows Version
    IIS 1.0Windows NT 3.51
    IIS 2.0Windows NT 4.0
    IIS 3.0Windows NT 4.0 SP3
    IIS 4.0Windows NT 4.0 Options Pack
    IIS 5.0Windows 2000
    IIS 5.1Windows XP Professional x32
    IIS 6.0Windows Server 2003
    IIS 6.0Windows Server 2003 R2
    IIS 6.0Windows XP Professional x64
    IIS 7.0Windows Vista
    IIS 7.0Windows 7
    IIS 7.0Windows Server 2008
    IIS 7.5Windows Server 2008 R2

    Due to the fact that older versions of IIS/NT are no longer used and that it is relatively difficult to tell the difference between Windows XP Pro x32 and x64 we have chosen to only provide mappings for a subset of the available IIS versions, this is to ensure that where we infer this information from the Operating System we are positive that we are providing the correct information and not providing misleading data.

    The only mappings we provide within the pattern are for Windows 2000, 2003 and 2008, as they are easier to spot and they map to a single version of IIS.

    Application Model Produced by Software Pattern

    Product Architecture

    The IIS services are integrated with the OS and started via the Windows Services manager.

    Once started the software will run under a number of guises, different aspects of the service can be seen in different manners, for example the WWW .net worker process is a unique executable which handles ASP.net processes where as the actual web hosting functionality is ran using svchost.exe with the arguments "-k iissvcs".

    All or some of these processes may be present on a given host, the only process that is always present on a running installation of IIS v6 is the Microsoft IIS Management Service represented by the process "inetinfo.exe". "inetinfo.exe" may or may not be running on IIS v7 and above, as only supplied for backwards compatibility purposes.

    Application Model

    The Software instances created by these patterns are based on the core IIS Service, the Web Hosting Service and the FTP hosting service. They create separate Software Instances for these services.

    Dependency links are created between the Webserver and the IIS Service, and between the FTP Server and the IIS Service

    So a typical installation might look like

    Configuration Options

    There is a configuration option for this product which allows to use Windows system root location (absolute path).

    E.g.

    sysroot_directories :=[ "C:\\Windows", "C:\\WINNT"];

    SI Depth

    As there can only be a single running installation of IIS on a specific host the pattern will always create a Deep/Instance Based Software Instance.

    Listing of IIS Websites, Web Applications, Virtual Directories and Application pools

    A separate pattern (IIS_Extended) has been created to query the IIS Websites, Web Applications, Virtual Directories and Application pools. For more information about this pattern, please refer to the relevant page

    Database relationship discovery

    Database relationship discovery is performed by IIS_Extended pattern, please refer to the relevant page for more details

    Subject Matter Expertise

    SME input would be appreciated to improve the model of IIS further.

    Testing

    This pattern has been tested against multiple running installations of IIS on a variety of Windows hosts.

    Information Sources

    A list of IIS 7.0 services is at http://blogs.iis.net/tomwoolums/archive/2009/02/13/the-services-behind-internet-information-services-7-0.aspx

    http://blogs.iis.net/thomad/archive/2008/05/07/the-iis-process-model-features.aspx

    Open Issues


    Created by: Rebecca Shalfield 25 Mar 2009
    Updated by: Chris Blake 18 July 2013
    Reviewed by: Nikola Vukovljak 24 Oct 2012

    2 Comments

    1. The links for "relevant page" for extended discovery doesnt work, please fix