I am trying to create a script for our AAR-server that should create webfarms and the corresponding url rewrite rules. The script will try to delete the rule before creating it and in my case the rule does exist, but it won't find it:
WARNING: Target configuration object 'system.webServer/rewrite/globalRules/ARR_dst.test.refusjon-
8083_lb is not found at path 'MACHINE/WEBROOT/APPHOST'.
Is there any way to "browser" the path in IIS in order to verify if it does really exisit in path 'MACHINE/WEBROOT/APPHOST'. I assume so based on all the examples I have found on, but still - not sure on my installation.
So how to find the path to all rules?
Clear-WebConfiguration -pspath $psPath -filter $filterRoot
Add-WebConfigurationProperty -pspath $psPath -filter "system.webServer/rewrite/globalRules" -name "." -value #{name=$ruleName;patternSyntax='Regular Expressions';stopProcessing='False'}
Best, or, only thing I've found so far is to use the configuration editor and "Generate scripts"
Using Configuration Editor: Generate Scripts
Related
Afternoon guys,
I'm working on going through some lockdowns for IIS, I need to add a Deny rule to .NET Authorizations for all anonymous users.
I have this, which partially works
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT' -filter "system.web/authorization" -name "." -value #{accessType='Deny';users='?'}
? is an alias for All anonymous users
It partially works, as in it creates the rule, but it's set as an Allow Rule even though I'm calling Deny.
Does anyone have any ideas on how to get this to register as a Deny Rule?
I ended up finding the answer in the Related section off to the side. Don't know why this never popped up in my initial googling.
Managing IIS .Net Authorization Rules with a powershell script
My final code is
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT' -filter "system.web/authorization" -name "." -value #{users='?'} -Type 'deny'
On Windows Server 2016/IIS 10, I can do the following in the IIS Manager GUI with the Log File Format set to W3C:
[Web Server Name] → Logging → Select Fields → W3C Logging Fields (Standard Fields) → Check or uncheck the boxes next to Standard Fields like "User Name (cs-username)"
I would really like to be able to check or uncheck fields like cs-username from a PowerShell script. To that end, I'm trying to discover the path to these standard fields, so I can then set them:
Import-Module IISAdministration
$prop = Get-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOST" -Filter /system.applicationHost/sites/sitedefaults" -Recurse
When I run this PowerShell script, it asks me to "Supply values for the following parameters: Name[0].
I think it's a bit funny that it's asking me for a name when I'm trying to discover the next path element or name. If I type in something like cs-username, it comes back with nothing, suggesting I'm in the wrong directory (assuming recurse is actually looking around).
Any thoughts?
This is what ended up working for me for IIS 10:
Set-WebConfigurationProperty `
-filter "/*/*/site/logfile" `
-name "logExtFileFlags" `
-value "Date, Time, ClientIp, etc.."
of course replacing "etc.." with all the desired fields.
How can I set application settings in IIS through PowerShell?
I tried using Set-WebConfigurationProperty as
Set-WebConfigurationProperty "/appSettings/add[#key='someKey']" -PSPath "IIS:\Sites\Default Web Site\someSite" -name "someKey" -Value "someValue"
But I am getting
WARNING: Target configuration object '/appSettings/add[#key='someKey'] is not found at path 'MACHINE/WEBROOT/APPHOST/Default Web Site/someSite'.
The easiest way to do this I find is to build the PowerShell from IIS configuration editor.
To do this;
1) Open Inetmgr (IIS)
2) Click on the site you want to target.
3) Feature View, Configuration Editor down at the bottom left.
4) From here, browse to the section of the configuration you want to edit, and
make the change
5) Then click "Generate Script" on the top right.
This will generate multiple different scripts for configuring this, choose PowerShell and there you go.
For example, changing Windows authentication to Forms
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Somewebsite' -filter "system.web/authentication" -name "mode" -value "Forms"
You can learn how to do just about anything from here.
There is also the get-webconfigurationproperty command that will get you the config before you edit it, this is just run from PowerShell.
A key to remember is is SET-WebConfigurationProperty will override everything and often not do what you want.
Where Add-WebConfigurationProperty will add, not override and add additional config.
Hope that helps!
Rich
And how exactly to use Add-WebConfigurationProperty? Because it must be used in case the app setting is yet missing (Set-WebConfigurationProperty will fail).
So, given the following configuration, a site "SiteOne" with a virtual directory "VirtualDirOne":
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<appSettings>
<add key="first" value="a" />
</appSettings>
</configuration>
When I want to change the value to "b":
Set-WebConfigurationProperty -pspath "iis:\Sites\SiteOne\VirtualDirOne" -filter "/appSettings/add[#key='first']" -name value -value "b"
When I want to add another setting:
Add-WebConfigurationProperty -pspath "iis:\Sites\SiteOne\VirtualDirOne" -filter "/appSettings" -name "." -value #{key='second'; value='x'}
When I want to get the value:
Get-WebConfigurationProperty -pspath "iis:\Sites\SiteOne\VirtualDirOne" -filter "/appSettings/add[#key='second']" -name "value.Value"
And finally, to remove the setting:
Clear-WebConfiguration -pspath "iis:\Sites\SiteOne\VirtualDirOne" -filter "/appSettings/add[#key='second']"
There many examples here.
My script is whitelisting IP for a particular URL in IIS.
Set-WebConfigurationProperty -Filter /system.webserver/security/ipsecurity -Name allowUnlisted -Value $false -Location "default web site"
Add-WebConfiguration /system.webserver/security/ipsecurity -location "default web site" -Value #{ipAddress = 129.0.0.1 ;subnetmask = 255.255.255.0 ;allowed="true"} -pspath IIS:\
It works perfectly except when I remove the entry manually from IIS, and again i try to run this script it warns me "cannot add duplicate entry of type add". I cannot see the entry in IIS. Is there a way to remove that duplicate entry via powershell.
Reason behind this is that, applicationhost.config file in inetserv folder has that entry. If you add it via script, remove it via script, or you can open config file in notepad and find the entry and delete it. Save the file after.
I'd like to simply add some .Net Authorization rules in IIS (7.5 / win 2008 R2) using a powershell script with PS snap in. So far I was able to add some "allow" rules but not any deny ones.
Each time I try, it either does nothing or creates an "allow" rule, which seems odd, like if it was defaulting to allow all the time.
I tried with add-webconfigurationproperty and add-webconfiguration with no luck.
Maybe one of you has the correct command line to use?
For instance:
Add-WebConfiguration "/system.web/authorization" -value #{ElementTagName="Deny";users="*"} -PSPath "IIS:\Sites\Mysite"
Add-WebConfigurationProperty "/system.web/authorization" -Name "collection" -value #{ElementTagName='deny';users='test'} -PSPath "IIS:\Sites\Mysite"
will create 2 "allow" rules.
Same behavior if I remove ElementTagName='deny'. So weird. Like if the deny "mode" was to be accessed in some different way.
And for instance, if I go to IIS 8 and try to generate the script after adding a deny rule, the command line suggested is not working either.
How can I fix this?
The command you should use to add a deny rule in your example is:
Add-WebConfigurationProperty "/system.web/authorization" -PSPath "IIS:\Sites\Mysite" -Name "." -value #{users='test'} -Type "deny"
This bothered me too & I also had trouble getting appcmd to do the same thing. I did get it working in the end & found that the -Type parameter was the important one. This wasn't all that clear to me from the documentation which just says:
The type of property to add.