Powershell has an IIS module that you will need to import to run most of these commands – WebAdministration. Now for the first set of scripts:
Import-Module WebAdministration #expire web content after 30 days Set-WebConfigurationProperty -filter "/system.webServer/staticContent/clientCache" -name cacheControlMode -value "UseMaxAge" Set-WebConfigurationProperty -filter "/system.webServer/staticContent/clientCache" -name cacheControlMaxAge -value "30.00:00:00" # change logging to include two more properties Set-WebConfigurationProperty -filter "/system.applicationHost/sites/siteDefaults/logFile" -name logExtFileFlags -value "Date, Time, ClientIP, UserName, ServerIP, Method, UriStem, UriQuery, HttpStatus, Win32Status, BytesSent, BytesRecv, TimeTaken, ServerPort, UserAgent, HttpSubStatus" # change the IIS server's header value to from value -- applies to ENTIRE SERVER $computer = gc env:computername Set-WebConfiguration -filter "/system.webServer/httpProtocol/customHeaders/add[@value='ASP.NET']/@name" -value "From" Set-WebConfiguration -filter "/system.webServer/httpProtocol/customHeaders/add[@name='From']/@value" -value $computer
The above scripts are mostly self-explanatory – adjusting logging, static caching, and making sure the HTTP header of the sites on the box will include the box name. This is especially useful in load-balanced scenarios, when you need to troubleshoot an errant server.
The next script modifies IIS to allow anonymous and windows authentication to be set in the web.config of child applications.
# change the master IIS config file to allow override of anonymous and windows auth [xml]$config = Get-Content C:\Windows\System32\inetsrv\config\applicationHost.config $config.selectSingleNode("/configuration/configSections/sectionGroup[@name='system.webServer']/sectionGroup[@name='security']/sectionGroup[@name='authentication']/section[@name='anonymousAuthentication']").SetAttribute("overrideModeDefault", "Allow") $config.selectSingleNode("/configuration/configSections/sectionGroup[@name='system.webServer']/sectionGroup[@name='security']/sectionGroup[@name='authentication']/section[@name='windowsAuthentication']").SetAttribute("overrideModeDefault", "Allow") $config.Save("C:\Windows\System32\inetsrv\config\applicationHost.config")
By default IIS does not allow child applications to define their own authentication. You can change a site’s security policy in the IIS manager, but this modifies the security settings in the applicationHost.config file instead of the web.config of the application. You can allow the local site’s web.config to define this with the script below:
And finally, I prefer IIS to be clear of any default sites and application pools before I start adding my own, so I remove them (Warning: this will clear all sites and application pools from a server):
# RESET IIS environment Remove-Item 'IIS:\AppPools\*' -Recurse Remove-Item 'IIS:\Sites\*' -Recurse
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.