IIS World Wide Web Publishing Service (WWW service) Is Disabled During Upgrade

To protect your server from attacks by malicious users, the World Wide Web Publishing Service (WWW service) will be disabled during upgrade. Microsoft® Windows® 2000 Server installs Internet Information Services (IIS) by default, and requires administrators to secure IIS to prevent attacks.

The IIS Lockdown Tool has not been run on this Windows 2000 server. If you do not want to allow the WWW service to be disabled, you must download and run the IIS Lockdown Tool, or add the override registry key. Otherwise, you can continue with the upgrade and re-enable the WWW service after the upgrade has completed.

Important: If you use the World Wide Web Publishing Service (WWW service), we strongly recommend that you run the IIS Lockdown Tool before upgrading to a product in the Windows Server 2003 family. The IIS Lockdown Tool will help secure your computer by disabling or removing unnecessary features that are present in your Windows 2000 Server installation. These features would otherwise have remained on your machine after upgrading, leaving your server vulnerable to attacks. Using the IIS Lockdown Tool instead of using the override registry key or re-enabling the WWW service after installation allows you to fine-tune the level of security to your particular needs.

When upgrading to a member of the Windows Server 2003 family, the WWW service will NOT be disabled if any of the following conditions are present:

• You have already run the IIS Lockdown Tool on your Windows 2000 Server before starting the upgrade process. The IIS Lockdown Tool reduces surface attack by disabling unnecessary features, and it allows you to decide which features to enable for your site. The IIS Lockdown Tool is available at IIS Lockdown Tool (http://go.microsoft.com/fwlink/?LinkId=8599).
• The registry key RetainW3SVCStatus has been added to the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC. Under RetainW3SVCStatus you can add any value and then assign a DWORD value to it. For example, you can create the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\RetainW3SVCStatus\do_not_disable with the DWORD value of 1.
• In the unattended install case, an entry "DisableWebServiceOnUpgrade = false" exists in the unattended install script.

After the upgrade is completed, you can enable the WWW service using either IIS Manager or the Services snap-in.

To start the World Wide Web Publishing Service after upgrade

In IIS Manager:

1. From the Start menu, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. Expand the local computer, and then expand the Web Sites folder.
3. Right-click the Web site you want to start, and then click Start.
4. Click Yes to enable the WWW service and start the Web site.

In the Services snap-in:

1. Click Start, point to Administrative Tools, and then click Services.
2. In the list of services, right-click World Wide Web Publishing Service, and then click Properties.
3. On the General tab, in the Startup type list, click Automatic, and then click OK.
4. In the list of services, right-click World Wide Web Publishing Service, and then click Start.