is there an example of setting the Identity in IIS for a Custom User in an Application Pool using command line or powershell script?
You can use the following appcmd.exe command line to set an identity in IIS for a custom user in the applicationpool.
appcmd.exe set config /section:applicationPools /[name='APP_POOL_NAME'].processModel.identityType:SpecificUser /[name='APP_POOL_NAME'].processModel.userName:DOMAIN\USER_NAME /[name='APP_POOL_NAME'].processModel.password:PASSWORD
Here is my test steps and result:
1.Run cmd as administrator
2.Change directory to the location where appcmd.exe resides (c:\windows\system32\inetsrv):
cd %WINDIR%\system32\inetsrv
3.Then enter the appcmd.exe command line, you need to replace the content in the red box.
4.Then you can see that the application pool identity is successfully set as a custom account.
Hope my answer can help you!
Should be able to do something like this:
Set-ItemProperty -Path "IIS:\AppPools\$AppPoolName" -Name processModel -Value #{userName=$AppPoolUser;password=$AppPoolUserPw;identitytype=3}
See documentation for processModel here: https://learn.microsoft.com/en-us/iis/configuration/system.applicationHost/applicationPools/add/processModel#configuration
Related
Below script is to Automate RDP and I am stuck with below two points:
How to map local drive as mapped drive in RDP session(tsclient) using
powershell script/command
Example like this in RDP : drivestoredirect:s:value
RDP Automation - PowerShell Script :
cmdkey /list | ForEach-Object{if($_ -like "*target=TERMSRV/*"){cmdkey /del:($_ -replace " ","" -replace "Target:","")}}
echo "Connecting to Server Name"
$Server="Server Name"
$User="Username"
$Password="Password"
cmdkey /generic:TERMSRV/$Server /user:$User /pass:$Password
mstsc /v:$Server
reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client" /v "AuthenticationLevelOverride" /t "REG_DWORD" /d 0 /f
You can't control all aspects of your connection when using mstsc.exe via command line. The information for mapping local resources in the TS session are stored in the RDP file.
If not specified, it will use the default.rdp file located in "My Documents" folder (hidden file).
If you configure the default RDP to map local resources, all subsequent connections will also have the local resources mapped... but if you change it again, it will apply to all next connections.
So a better approach will be to create one *.rdp file and use it as a template in your script:
Create Template RDP file:
Launch mstsc.exe
Configure all options as per your needs
Save the file somewhere and use it in your script (i.e C:\Temp\MyRDPtemplate.rdp)
Now, change your script in order to use this template file when connecting to a Server:
mstsc "C:\temp\MyRDPtemplate.rdp" /v:$Server
When you first connect to a Server while mapping local resources, you will receive a warning message:
If you want to avoid this message, add the following registry key before launching:
reg add "HKCU\Software\Microsoft\Terminal Server Client\LocalDevices" /v $Server /t "REG_DWORD" /d 0x4d /f
mstsc "C:\temp\MyRDPtemplate.rdp" /v:$Server
There may be a global parameter you can add to avoid this message for all Servers (like for "AuthenticationLevelOverride") but I don't know for sure.
On last word about the stored credentials... if you use cmdkey /generic:xxx, you don't need to specify the service type (TERMSRV), that's the purpose of the /generic switch. But it also works fine...
PS: Very last remark, if you want to bypass the certificate prompt (in case your server doesn't present a valid one, you should add the registry key AuthenticationLevelOverride before connecting to the Server. Also note that this key is valid for all connections.
Another choice is get a help form some 3rd-part tools for RDP.
https://github.com/VShawn/PRemoteM
Is there a way to specify which PowerShell profile to load when initializing PowerShell?
For instance, I'd like to be able to load a Python Conda profile when working in Python, or load a profile with bash command aliases when working with cross-platform scripts.
Note: I'm on the same machine, on the same user. So machine/user-specific profiles would not work in my case.
As PowerShell profiles are just PowerShell scripts loaded on startup of the PowerShell terminal, there are multiple ways to load them. Assuming you have two profile files:
conda_profile.ps1
bash_profile.ps1
Calling the profile scripts directly
You can just execute them after you open a PowerShell window, e. g.:
.\conda_profile.ps1
Calling the profile scripts by aliases
If the names or paths are too long or too complicated, you can create aliases for them, e. g.:
# Put the following two lines into the file stored in $PROFILE. You probably have to create it.
Set-Alias -Name condap -Value "C:\path\to\conda_profile.ps1"
Set-Alias -Name bashp -Value "C:\path\to\bash_profile.ps1"
After that, you can load a profile by typing condap or bashp.
Calling a profile by shortcut
You can also create different shortcuts to open a PowerShell with a certain profile:
Copy the shortcut from %APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Rename it to condap for example.
Edit its target from %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe to %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoExit -File "C:\path\to\conda_profile.ps1".
Do it for other profiles respectively.
Choosing a profile by being prompted at startup
You can also write a profile that asks you to choose between different profiles, when you start PowerShell. Make sure you have a profile for your current host and current user:
if (!(Test-Path -Path $PROFILE)) {
New-Item -Type File -Path $PROFILE -Force
}
After that, add some lines to this file to ask for input and execute the desired profile script based on that input. It will work, but keep in mind that a user interaction inside the profile will probably be a bad design in the most cases.
Just to be more concise for command line (and non-windows) users:
pwsh -NoExit -File <your_profile_script>
Will start a powershell session with the specified profile.
Windows10 PRO & PowerShell v5.1
I used Enable-WindowsOptionalFeatures cmdlet to enable the Active Directory Lightweight Directory Services.
When I try to use Set-ADDomain, it doesn't work, because Active Directory Web Services aren't running. I know I could use the ADLDS Setup Wizard to start this service. Does any cmdlet can achieve that ?
When you have enabled the windows feature Active Directory Lightweight Directory Services then no AD LDS instance has been added yet. You can add an AD LDS instance by running %systemroot%\ADAM\adaminstall, which is possible to run in silent mode as well if you need to script it.
See https://technet.microsoft.com/en-us/library/cc816778(v=ws.10).aspx and https://technet.microsoft.com/en-us/library/cc816774(v=ws.10).aspx for more information on how to add an AD LDS instance.
The command Set-ADDomain that you mention is to be used with an AD DS domain, which is not the same thing as AD LDS.
sc [\\dc.contoso] start adws
In an elevated command prompt can do the trick.
Get-Service -Name adws [-ComputerName dc.contoso] | Start-Service
Is the Powershell pendant.
In short:
No, there isn't "the special cmdlet to start ADWS", but it's easy to use PowerShell (or cmd) to start that service.
I have a Windows PowerShell script. I logged into Windows as an administrator and run the script with PowerShell running as an administrator, and it worked; I could see all the changes happen after running this script.
But I still get the red error message:
requested registry access is not allowed
which is driving me nuts.
Why am I getting this error and how can I make it go away?
If you run regedit and navigate to the key that you are trying to access with your script, you can right click on it and view the permissions. You can see on that key what permissions Administrator has (Full Control, Read, Special Permissions)
This PowerShell trick worked for me:
$Path = "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice"
$SubKey = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey($Path, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::ChangePermissions)
$Acl = $SubKey.GetAccessControl()
$RemoveAcl = $Acl.Access | Where-Object {$_.AccessControlType -eq "Deny"}
$Acl.RemoveAccessRule($RemoveAcl)
$SubKey.SetAccessControl($Acl)
$SubKey.Close()
**in $Path ==> change this to your path (path after Root folder)
**in $SubKey ==> [Microsoft.Win32.Registry]::CurrentUser : change this to your needed root Registry path
Try as Local System via psexec
This here worked for me:
get psexec.exe from here: https://learn.microsoft.com/en-us/sysinternals/downloads/psexec
use psexec.exe -i -s powershell.exe to start a new interactive (-i parameter) powershell.exe window as user Local System (-s parameter).
Inside that new powershell window try your command again.
Has anyone managed to use this module with success, i'm running 32bit Windows 7, where i have opened an administrator shell using run as administrator, i have imported the WebAdministration module and then attempted to use the commands with some issues, have provided two examples here
Websites
I created a web site with the following command
new-website -name testsite -port 80 -hostheader testsite -physicalpath c:\temp
Then i attempted to get the sites details using the command
get-website -name testsite
but it always returns all sites, seems to ignore the -name parameter. Only way i can get the site is using a filter
get-website | ? { $_.name -eq 'testsite' } | get-member
When i use appcmd it works as expected using the following command
C:\> C:\Windows\System32\inetsrv\appcmd.exe list site testsite
AppPools
When i try to list the apppools using the following command
dir iis:\apppools
i get the following error
Get-ChildItem : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Yet when i use appcmd as follows i get all the apppools as expected without any error
C:\Windows\System32\inetsrv\appcmd.exe list apppool
Has anyone successfully managed to use the WebAdministration module ?
Thanks in advance
Pat
If you are already running PowerShell as an administrator and have Windows UAC disabled and you are still seeing this error, make sure WAS (Windows Process Activation Service) is running. You can stop W3SVC but PowerShell will definitely give the same head-scratching "access denied" error if WAS is stopped.
You need to make sure that the PowerShell window is running elevated, try right-clicking in the Start Menu and using the "Run as administrator" option to ensure it runs elevated.
Regarding Get-Website ignoring the -Name parameter, this appears to be a bug according to this forum post. The workaround is to use Get-Item
$website = "Default Web Site"
Get-Item "IIS:\sites\$website"
Be sure to use double quotes, variables are not expanded when single quotes are used.
Regarding browsing the application pools I suspect this is a permissions issue as CarlosAg mentioned. Make sure that you are running PowerShell with elevated privileges. I typically launch PowerShell by right-clicking on it and selecting "Run as administrator".