How To: Install IIS 10 and Windows Server 2022 Virtual Machine

This tutorial walks you through setting up Windows Server 2022 in a virtual machine using VMware Workstation Pro. You’ll see how to grab the ISO file, create the VM step-by-step, and get the desktop experience up and running for that familiar graphical interface.

Once Windows Server 2022 is installed, you’ll move on to configuring Internet Information Services 10 for secure web hosting. This covers creating sites with the right permissions, setting up SSL certificates, and tightening security to keep your server locked down.

Key Takeaways

• Windows Server 2022 needs specific VM setup to avoid installation headaches with VMware Workstation Pro
• IIS 10 configuration should stick to least privilege and use application pool identity for better security
• Wildcard SSL certificates make it easier to secure multiple subdomains when set up in the web hosting certificate store

Downloading Windows Server 2022 ISO

Accessing the ISO File

Microsoft’s made it pretty simple to get their latest server OS. You can download the ISO or even a prebuilt VM right from their site.

I usually go with the ISO and do the install myself—more control, and you get to see what’s actually happening at each step.

File Size and Download Duration

The ISO is just under 5 GB. Depending on your connection, it might take around 10 minutes—could be more, could be less. Make sure you’ve got enough disk space before kicking things off.

Setting Up a Virtual Machine in VMware Workstation Pro

Adjusting VM Configuration

When you spin up a new VM in VMware Workstation Pro, you’ll want to get the config right for Windows Server 2022. VMware likes to launch its easy install wizard when you pick an ISO file.

This auto-install fails if you don’t have a license key handy. You’ll see error messages about license terms or wrong paths.

To dodge that, pick “I will install the operating system later” instead of loading the ISO right away. This gives you an empty VM without triggering the problematic auto-install.

Bypassing Easy Install Issues

VMware’s easy install can be a pain with Windows Server. If you try installing without a license key, it’ll start and then throw up errors about license terms or path issues.

The workaround? Make the VM first, don’t specify the ISO yet. That keeps VMware from trying to run the install before you’re ready. You’ll take over from there.

Once your blank VM is ready, you can set up the install media manually.

Adding the ISO File

After you’ve got your VM, make sure it’s powered off. Go into the VM settings and point the CD/DVD drive to your Windows Server 2022 ISO.

Now power on the VM. You should see “press any key to boot from CD or DVD” pop up.

Important: Click inside the VM window right away when you see that message. That lets the installer catch your keyboard input and actually start.

The familiar Windows Server setup should kick off from here.

Setting Up Windows Server 2022

Configuration Selection Options

As the installer starts, you’ll go through a few screens before hitting the version selection. Pay attention here.

You’ll see several Windows Server 2022 options. The first is just “standard”—but it’s missing something. The second says “Desktop Experience.”

Key differences between installation types:

Installation Type	Interface	Recommended For
Standard	Command line only	PowerShell experts
Desktop Experience	Full graphical interface	Most administrators

Choosing Desktop Experience

Desktop Experience gives you the full Windows desktop environment plus all the server stuff. It’s what most admins expect and want.

The plain standard install is command line only—if you’re not a PowerShell wizard, skip it and stick with Desktop Experience.

Finalizing the Setup Process

Pick your install type, accept the license, and hit next. Go with Custom Install when asked.

Choose drive zero unallocated space for the install. Hit next and let it go.

Installation is hands-off from here. Once it wraps up, you’ll land on the Windows Server 2022 desktop—ready to keep going.

Key Improvements in Windows Server 2022

Advanced Security Features

Windows Server 2022 comes with stronger security right out of the gate. There’s a lot built in to keep threats at bay, no extra fiddling required.

Network Performance Enhancements

Networking’s faster and more reliable than before. Your apps and services should see smoother performance and fewer hiccups. Better network reliability really makes a difference.

Azure Cloud Connectivity

It’s now way easier to connect with Azure and manage hybrid setups. The built-in cloud integration saves a lot of headaches for anyone juggling on-prem and cloud resources.

Initial Configuration of Windows Server 2022

With the install done, you’re at the desktop. Time to start setting up services and apps.

Opening Server Manager

First up, open Server Manager. Hit “Add roles and features” to kick off IIS installation.

Installing IIS Through the Wizard

Pick “Role-based or feature-based installation,” then next. Choose your local server from the pool and move on.

In the server roles, select “Web Server (IIS).” Click next, then “Add features” if prompted.

Feature Selection Strategy

In a sandbox, you might want to play around with extra features. But for production, only turn on what you actually need—less is definitely more when it comes to security. If someone asks why, just point to best practices.

Completing IIS Installation

Once you’ve picked your features, hit next and then “Install.” When it’s done, you can close Server Manager.

Accessing IIS Manager

Look for IIS Manager under administrative tools. Pin it to your start menu and taskbar—it’ll save you time later.

Site Configuration Best Practices

Delete the default site IIS creates. Set up your own sites outside of Inetpub for better organization and security.

Stick to least privilege for permissions. Remove inherited permissions and get rid of any unnecessary user accounts or groups.

Creating a New Site

Right-click “Sites” in IIS Manager and hit “Add Site.” Fill in:

• Site name
• Local path for your files
• Host name

Click “OK” to finish.

Configuring Authentication Settings

Go into your site’s properties and the authentication section. Change from IUSR to application pool identity—it’s just safer.

This keeps your site isolated from others on the same server.

Application Pool Configuration

Check that your site’s application pool is set to “Application Pool Identity.” Don’t use the other built-in options—they’re not as secure.

This keeps sites from messing with each other and protects the server as a whole.

Setting Directory Permissions

Go back to your site’s directory permissions and add the special user for your application pool. Type:

IIS AppPool\[YourPoolName]

Swap in your actual pool name and hit OK.

Testing Your Site Configuration

Since you’re in a dev environment, you’ll need to add your host name to the local hosts file. This points your browser to 127.0.0.1 for your new site instead of looking it up online.

Edit the hosts file, save, and you’re good to go—your browser should now find your local site.

Installing Internet Information Services 10

Working with Server Manager

Open Server Manager and click “Add Roles and Features.” Choose “Role-based or feature-based installation” and hit next.

Pick your local server from the pool. This gets IIS set up on your Windows Server 2022 install.

Choosing Required Roles and Features

In server roles, select “Web Server (IIS).” Click next and then “Add Features” if it asks.

You’ll see a bunch of features and services you can add. In a test environment, try out what you want—but for production, less is more.

Key considerations for feature selection:

• Only enable what your server and apps actually need
• Ask for business justification if someone wants more
• Extra features can be security risks

When you’re done, click next, then “Install.” Close Server Manager when installation wraps up.

Best Practices for Feature Selection

Stick with the principle of least privilege when picking IIS features. Only enable what your applications actually need—no more, no less.

Leaving unused features turned on is basically asking for trouble. Every extra component just adds one more way for someone to poke at your server.

Security recommendations:

• Minimize enabled features – Only activate what you’ll actually use
• Validate business needs – Ask for a real reason before adding non-essential features
• Regular review – Now and then, check what’s enabled and shut off anything you’re not using

Things like form field validation and SQL injection risks are exactly why you don’t want random features hanging around. One unvalidated field—just a single quote—can take down your whole site if you’re unlucky.

After you’ve finished the install, open IIS Manager from Administrative Tools. Might as well pin it to your start menu and taskbar so you’re not hunting for it every time.

Configuring IIS 10 for Secure Hosting

Eliminating the Default Web Site

First thing: get rid of the default site IIS creates. It’s a security risk and there’s no good reason to leave it on a production box.

In IIS Manager, find the default website in the connections pane, right-click it, and hit remove. That’s it—it’s gone from your config.

Establishing a New Web Site

Now, right-click the Sites node in IIS Manager and pick Add Website. That’ll open up the site creation wizard so you can set up your new environment.

Type in your site name under Site name. Set the physical path for your site files—definitely put them somewhere outside the default Inetpub folder.

Set up the host name binding for your domain. Click OK and your new site will be created with your chosen settings.

Configuring Directory Access Controls

Your website folder needs the right permissions or you’re just asking for headaches. Go to the actual folder in Windows Explorer.

Right-click, choose Properties, then head to the Security tab. Click Advanced and hit Disable inheritance so you’re not stuck with permissions from the parent folder.

Kick out any user accounts or groups you don’t need. Only the bare minimum should stick around for your site to work.

Establishing Application Pool Security Context

In IIS Manager, open your site’s properties and go to the Authentication section. Change it from IUSR to Application Pool Identity—that way, each site is isolated security-wise.

Double-check in Application Pools that the identity is set to ApplicationPoolIdentity.

Don’t use the other built-in accounts—they’re just not as safe. The application pool identity is there for a reason: to keep your sites from stepping on each other if something goes wrong.

Granting Required Directory Access

Head back to your website directory permissions and add the application pool identity account. The name looks like IIS AppPool[PoolName] (swap [PoolName] for your actual pool name).

Type it in, hit Check Names to make sure it’s right, and grant only the permissions your website actually needs.

This setup keeps your site running with just enough access—nothing more. It’s all about limiting risk, especially if you’re hosting multiple sites on one server.

Verifying Local Website Configuration

Modifying the Hosts File

If this is a dev environment, you’ll want to add your host name to the local hosts file. That little file on Windows lets you skip DNS and just tell the system: “Hey, use 127.0.0.1 for this host.”

It basically overrides DNS. Once it’s set up, your host name will point straight to your local site instead of wandering off to the internet.

Here’s how you do it:

1. Go to the hosts file on your Windows server
2. Add a line mapping your host name to 127.0.0.1
3. Save your changes

Opening the Site in a Browser

With the hosts file sorted, you can fire up your browser and test the site. Type your host name in the address bar and it’ll hit your local IIS site, not some random server out there.

That’s the beauty of local resolution—it just cuts out the external DNS and keeps everything in your dev environment.

To check your site:

• Open your web browser
• Enter your configured host name in the address bar
• Make sure the site loads from your local IIS

This local setup is a must for testing before you go live. Why risk embarrassing bugs in production?

Setting Up and Deploying a Wildcard SSL Certificate

Creating a Certificate Signing Request

Open up IIS Manager and click your server name. In the features view, go to server certificates.

Click “create certificate request” to start the CSR wizard. For a wildcard certificate, the common name should use an asterisk (like *.yourdomain.com) so it’ll work for any subdomain.

Important configuration details:

• Common Name: Use asterisk format (*.yourdomain.com)
• Bit Length: 2048 is the minimum these days
• Organization: Put your company info here
• Location: City, state, and country—don’t skip these

If your bindings don’t match the common name, browsers will throw up errors. And yeah, 2048-bit is the minimum every SSL vendor wants now.

When prompted, save the CSR to a text file. You’ll send this off to your SSL vendor to get the real certificate.

Submitting the CSR to an SSL Vendor

Take that CSR text file and hand it over to your SSL vendor. They’ll use it to generate your wildcard certificate.

Once they’re done, you’ll get a .cer or .crt file back—your signed certificate.

Save the certificate somewhere handy on your server. You’ll need it in a second.

Installing the Completed Certificate

Back in IIS Manager, look in the actions pane and pick “complete certificate request” to start installing your shiny new SSL cert.

Installation steps:

1. Pick the file with your completed certificate
2. Give it a friendly name (whatever helps you remember it)
3. Choose where to store the certificate

The friendly name’s just for you—it makes managing multiple certs way less confusing later on.

Using the Web Hosting Certificate Store

Switch the certificate store from “personal” to “web hosting” during installation. The web hosting store showed up with Windows Server 2012, and it’s a bit of a game-changer for anyone running a busy web server.

It’s tailored for servers that need to juggle a lot of SSL certificates—think hundreds, maybe even thousands—without dragging down performance. The old personal store just wasn’t built for that kind of load.

Benefits of web hosting store:

• Handles tons of certificates without breaking a sweat
• Snappier performance with lots of SSLs in play
• Purpose-built for web server needs
• Lightens the load on server resources

So, if you’re planning to manage a wildcard certificate or just expect to add more down the line, this store makes IIS handle it all far more smoothly.