Section 8.11. Automating IIS Administration

8.11. Automating IIS Administration

Many scripts are available for administering IIS from the command-line, and they're detailed in this section. Most of these are located in the \inetpub\adminscripts directory; exceptions are noted within the individual command's discussion.

8.11.1. iisreset

You can control IIS using a command-line function called iisreset. Depending on the argument switches you use with the command, you can perform any number of tasks.

iisreset /restart

Restarts all IIS-related services.

iisreset /start

Starts IIS.

iisreset /stop

Stops IIS.

iisreset /reboot

Restarts the actual server machine, not just IIS.

iisreset /rebootonerror

Use this to simply restart IISbut, if errors are encountered during the process, reboot the server.

iisreset /noforce

Doesn't forcefully terminate services that don't respond to requests.

iisreset /timeout:value

IIS will wait for a service to respond for the number of seconds in the preceding value field. If the service still doesn't respond, and /rebootonerror is used in the command as well, the machine will restart.

iisreset /status

Lists the status of all IIS services.

iisreset /enable && iisreset /disable

Toggles the ability to start or stop IIS services on the machine.

8.11.2. iisweb

iisweb can create new web sites from the command-line. For instance:

iisweb /create e:\webcontent "Main Website" /d www.win.com

creates a web site named Main Website that can be addressed at www.win.com from content stored in the directory e:\webcontent.

By default, iisweb will start the new web site. To prevent this, add the /dontstart switch at the command-line.

8.11.3. iisvdir

Using the utility iisvdir you can create virtual web directories from the command-line. For instance:

iisvdir /create "Default Website" support e:\webcontent\support

creates a virtual directory named support in the web site named Default Website, deriving its content from the directory e:\webcontent\support.

If you specify a path that doesn't exist, IIS will create it.

8.11.4. iisapp

iisapp enables you to look at what process IDs (PIDs) are being used by which application pool. Simply type iisapp from the command-line, and the result will display the worker PID and the application pool to which that process is assigned. This is a good way to monitor the health of worker processes and application pools.

8.11.5. iisftp

iisftp can create new FTP sites from the command-line. For instance:

iisftp /create e:\webcontent "Main Website" /i 64.246.42.130

creates a web site named Main Website at the IP address 64.246.42.130 from content stored in the directory e:\webcontent.

iisftp contains a couple of other switches.

/b

This switch enables you to specify a port number other than 21, which is assumed when this switch is not present in the command.

/isolation

This switch creates new sites in one of the two isolation modes. Use Local as the argument for local user isolation or AD as the argument for Active Directory-integrated isolation.

The utility iisftp, as discussed earlier in this chapter, also explicitly defines a user's home directory with his Active Directory profile. This is for use with user isolation mode in FTP. You can call it directly from the command-line, and the syntax to set these properties is as follows:

iisftp /SetADProp nameofuser FTPRoot pathtohomedirectory iisftp /SetADProp nameofuser FTPDir pathtohomedirectory

8.11.6. iisftpdr

Using the utility iisftpdr, you can create virtual FTP directories from the command-line. For instance:

iisftpdr /create "Default Website" support e:\webcontent\support

creates a virtual directory named support in the web site named Default Website, deriving its content from the directory e:\webcontent\support.

iisftpdr does not support UNC network naming. You need to either have content stored locally for use with the command or map a drive to the network share.

8.11.7. winpop

You can use winpop, located in \Windows\system32\pop3server, to automatically add mailboxes and create user accounts within Windows, depending on the authentication method you've chosen for the POP3 service. For instance:

winpop add lisa@divelover.net

simply adds the mailbox to the POP3 service. This command assumes a preexisting user account unless your authentication method is Encrypted Password File.

This command:

winpop add lisa@divelover.net /createuser luv2dive

adds a mailbox and creates a corresponding user within Active Directory with the password "luv2dive." There isn't any need to use this version of the command with the Encrypted Password File method of authentication.

8.11.8. Remote Administration

The Remote Administration web site is a way to manage IIS functions and configurations from a web browser. You can administer most settings within IIS from a web browser anywhere in the world. Remote Administration is installed by default when you install IIS on a server running Windows Server 2003 Web Edition. This might not be the best security idea in the world; I provide instructions for disabling it in the next section.

To use Remote Administration, first you need to find out the port on which it's installed. You can do this from within IIS Manager by opening the properties for the web site called Administration Website. Look on the General tab, note the port numberfor nonsecure connections, the default port is 8099, and for secure connections, it's 8098. You'll also want to lock down access to Remote Administration to a few specific IP addresses, so navigate to the Directory Security tab and proceed to lock out access via addresses. By default, everyone has access. Click Apply and then OK when you're done.

Once you've configured Remote Administration, you can access it from any web browser after authenticating. The default screen is shown in Figure 8-44.

Figure 8-44. Remote administration web page