Although you can install the Visual Studio .NET development environment on Microsoft Windows NT 4.0, Windows 2000, Windows XP, or Windows Server 2003 (though for reasons discussed in Chapter 6, it’s better to develop on Windows 2000 or XP Professional and deploy to Windows 2000 or Windows Server 2003), support for running ASP.NET is limited to platforms that support IIS 5.0 or above. This means that to run ASP.NET applications locally, you must be running Windows 2000 (any version), Windows XP Professional, or any later version of Windows that provides support for IIS 5.0 or above.
Once you have determined that your operating system supports IIS, you should make sure that IIS is installed before you install the Visual Studio .NET development environment. If IIS is not installed before you install Visual Studio .NET, ASP.NET will not install correctly. You can do this by using the Add Or Remove Programs item from Control Panel. Note that you must be logged in as an administrator to verify and install IIS.
In addition to having IIS installed, you must install and configure the Microsoft FrontPage Server Extensions (FPSE) if you want to access projects via the server extensions. (The default access mode is File Share, but you can change this in the Microsoft Visual Studio .NET Options dialog box.) For detailed instructions on installing and configuring IIS and FPSE on Windows 2000, Windows XP, and Windows Server 2003, refer to the document \setup\WebServer.htm on disk 1 of the Visual Studio .NET software. If your CD-ROM drive uses D as the drive letter, you would read the file using D:\setup\WebServer.htm.
The default installation of some versions of IIS includes sample files that can present a security risk if installed on production systems. When installing IIS, you can choose not to install these samples by clicking the Details button in the Windows Component Wizard, and then unchecking the Documentation check box, which will remove the samples. You might also want to uncheck the boxes for services you don’t plan to use, such as the FTP, SMTP, and NNTP services, since unused services can also present a security risk. By removing these samples and services, you can eliminate a whole range of potential vulnerabilities. For more information on samples and services, and how they impact server security, see Chapter 6.