How to use IISAdministration powershell cmdlets to configure IIS configuration settings
FYI, see the below blog first for the detailed information.
If you use Configuration Editor, you can make IISPowershell cmdlets more easily. Configuration Editor is a good start point to make IISAdministration powershell script easily.
For example, if you want to add a new appSetting value to Default Web Site, you can generate a code for C# programming with Configuration Editor and you can convert the generated code to IISAdministration powshell cmdles because they are based on the same API.
Here is how to do that:
- Open Inetmgr.exe
- Select Default Web Site
- Go to Configuration Editor page
- Expand “Section:” dropdown and select “appSettings”
- Click the second column of “(Collection)” listview item
- Click “…” button and you will see “Collection Editor” dialog opened
- Click “Add” task on the right pane of the “Collection Editor” dialog
- Type “test” for the key property and “test2” for the value property and then close the “Collection Editor” dialog
- Click “Generate Script” task, and you will get the below code. Click “Cancel” task of Configuration Editor to ignore the change.
|
using System; using System.Text; using Microsoft.Web.Administration; internal static class Sample { private static void Main() { using(ServerManager serverManager = new ServerManager()) { Configuration config = serverManager.GetWebConfiguration("Default Web Site"); ConfigurationSection appSettingsSection = config.GetSection("appSettings"); ConfigurationElementCollection appSettingsCollection = appSettingsSection.GetCollection(); ConfigurationElement addElement = appSettingsCollection.CreateElement("add"); addElement["key"] = @"test"; addElement["value"] = @"test2"; appSettingsCollection.Add(addElement); serverManager.CommitChanges(); } } } |
Now let’s convert the generated code into IISAdministration powshell cmdlet. Here is the example of the outcome.
|
Import-Module IISAdministration Reset-IISServerManager -Confirm:$false Start-IISCommitDelay $webConfig = Get-IISConfigSection -SectionPath "appSettings" -CommitPath "Default Web Site" $collection = Get-IISConfigCollection -ConfigElement $webConfig New-IISConfigCollectionElement -ConfigCollection $collection -ConfigAttribute @{key='test';value='test2'} Stop-IISCommitDelay Remove-Module IISAdministration |
More examples for your information.
Example 1. Configuring identityType and username together with a new attribute value for computer level.
|
Import-Module IISAdministration Reset-IISServerManager -Confirm:$false Start-IISCommitDelay $appPoolConfigSection = Get-IISConfigSection -SectionPath "system.applicationHost/applicationPools" $appPoolDeefaultsElement = Get-IISConfigElement -ConfigElement $appPoolConfigSection -ChildElementName "applicationPoolDefaults" $processModelElement = Get-IISConfigElement -ConfigElement $appPoolDeefaultsElement -ChildElementName "processModel" Set-IISConfigAttributeValue -ConfigElement $processModelElement -AttributeName "identityType" -AttributeValue "LocalSystem" $anonymousAuthenticationConfigSection = Get-IISConfigSection -SectionPath "system.webServer/security/authentication/anonymousAuthentication" Set-IISConfigAttributeValue -ConfigElement $anonymousAuthenticationConfigSection -AttributeName "userName" -AttributeValue "" Stop-IISCommitDelay Remove-Module IISAdministration |
Example 2. Configuring IIS central certificate using IISAdministration
|
$sharePath = "$env:systemdrive\temp_share" md $sharePath
$certStorePath = "Cert:\LocalMachine\My" $thumbprint = New-SelfSignedCertificate -DnsName "explicit.one.ccs" -CertStoreLocation $certStorePath $mypwd = ConvertTo-SecureString -String "xxx" -Force -AsPlainText Export-PfxCertificate -FilePath "$sharePath\explicit.one.ccs.pfx" -Cert ($certStorePath + "\" + $thumbprint.Thumbprint) -Password $mypwd
$PrivateKeyPassword = "xxx" $user = "administrator" $passwordSecure = convertto-securestring $PrivateKeyPassword -asplaintext -force $PrivateKeyPasswordSecure = convertto-securestring $PrivateKeyPassword -asplaintext -force
# Enable-IISCentralCertProvider Enable-IISCentralCertProvider -CertStoreLocation $sharePath -UserName $user -Password $passwordSecure -PrivateKeyPassword $PrivateKeyPasswordSecure |
Example 3. Configuring IIS Shared configuration
|
$sharedPath = "$env:systemdrive\temp_share2" md $sharedPath $username = "$env:computername\administrator" $password = convertto-securestring "password1&" -asplaintext -force $keyEncryptionPassword = convertto-securestring "password2&" -asplaintext -force Export-IISConfiguration -UserName $username -Password $password -PhysicalPath $sharedPath -KeyEncryptionPassword $keyEncryptionPassword -force Enable-IISSharedConfig -UserName $username -Password $password -PhysicalPath $sharedPath -DontCopyRemoteKeys |
|
NOTE: |
Example 4. Create a new web site with a SSL Binding
|
New-IISSite -Name "TestSite" -PhysicalPath "$env:systemdrive\inetpub\testsite" -BindingInformation "*:443:" -CertificateThumbPrint "D043B153FCEFD5011B9C28E186A60B9F13103363" -CertStoreLocation "Cert:\LocalMachine\Webhosting" -Protocol https |
Example 5. Add a SSL Binding to the Default Web Site
|
New-IISSiteBinding -Name "TestSite" -BindingInformation "*:443:" -CertificateThumbPrint "D043B153FCEFD5011B9C28E186A60B9F13103363" -CertStoreLocation "Cert:\LocalMachine\Webhosting" -Protocol https |
Example 6. Create a new WebSite with creating a new application pool
|
Reset-IISServerManager -Confirm:$false |