Additional Resources1
Chapter 9
IIS6.0 Administration Scripts, Tips, and Tricks
Day-to-day administration of Internet Information Services (IIS)6.0 includes tasks such as creating and configuring Web and File Transfer Protocol (FTP) sites, managing server certificates, and backing up IIS–based content and configuration. To work more efficiently, you can perform most of these administration tasks programmatically and remotely, whether you are administering IIS in a single-site or multi-site environment.
In This Chapter
Creating and Configuring a Site Programmatically
Creating a Web Site from a Template
Comparing Programmatic Administration Methods for IIS6.0
Managing Server Certificates Programmatically
Managing IIS6.0 Remotely
Scheduling IIS6.0 Backups
Restarting and Alternatives to Restarting IIS6.0
Additional Resources
Related Information
For information about specific commands, including command syntax, see “Command-line reference A-Z” in Help and Support Center for Microsoft® Windows® Server2003.
For information about configuring Web sites as well as the File Transfer Protocol (FTP), Network News Transfer Protocol (NNTP), and Simple Mail Transfer Protocol (SMTP) services, see “Configuring Internet Sites and Servicesiisrg_cfg_OMKX” in this book.
For information about installing and using FrontPage®2002 Server Extensions from Microsoft, see “Using FrontPage2002 Server Extensions with IIS6.0iisrg_fpe_GQZU” in this book.
Creating and Configuring a Site Programmatically
One of the most common tasks for Internet service providers (ISPs) and administrators who manage complex intranet sites hosted on servers running Internet Information Services (IIS)6.0 is creating and configuring new Web sites and File Transfer Protocol (FTP) sites. Although you can create these sites by using IIS Manager, if you create sites often or create many sites at once, it can be faster and easier to create sites programmatically. For more information about creating Web sites and FTP sites by using IIS Manager, see “Configuring Internet Sites and Servicesiisrg_cfg_OMKX” in this book.
You can use a combination of scripts and tools to create a batch file that will automate all of the creating and configuring tasks. The steps for creating the batch file are as follows:
Set up and configure DNS.
Create directories.
Add temporary content.
Create Web sites.
Set up FrontPage®2002 Server Extensions from Microsoft.
Create FTP sites.
Set access control lists (ACLs).
Include verification and error checking.
The following sections provide details, including sample scripts, for each step of the process for creating a batch file. In the final section, a complete batch file that you can customize for your environment is provided.
Variables
Some of the sample scripts in the following sections contain one or more of the following variables:
%1 =User
%2 = Domain
%3 = .com (extension)
%4 = y or n (indicates whether FrontPage2002 Server Extensions should be installed)
If you type newsite.bat user domain.com y at a command prompt, after you save the complete batch file in a text editor, each entry becomes a variable in the script. The variable %1 represents User; the variable %2%3 represents Domain.com; and the variable %2 represents Domain.
Setting Up and Configuring DNS
Domain Name System (DNS) is an important part of creating new sites, especially if you host many sites on a single server with one Internet Protocol (IP) address. For more information about DNS and IP addresses, see “Configuring Internet Sites and Servicesiisrg_cfg_OMKX” in this book.
One tool that can be helpful in managing DNS is the Dnscmd.exe command-line tool that is provided with the Support Tools for Microsoft® Windows® Server2003, Standard Edition; Microsoft® Windows® Server2003, Enterprise Edition; and Microsoft® Windows® Server2003, Datacenter Edition operating systems. You can use Dnscmd.exe to view, manage, and update existing DNS server configurations or to set up and configure new DNS servers on your network. Before you use Dnscmd.exe, decide how best to configure DNS zones for your network, or, if you have a designated DNS administrator for the network, ask him or her which parameters to use. For more information about using Dnscmd.exe, see “Server administration using Dnscmd” in Help and SupportCenter for Microsoft® Windows® Server2003.
Listing9.1 shows how you can use Dnscmd.exe to set up a DNS zone for contoso.com, create entries for contoso.com and that point to IP address 10.1.1.1, and then set up a canonical name (CNAME) for that instructs the DNS server to use the same IP address that is configured for contoso.com.
Important
You must be a member of the Administrators group on the local computer to run scripts and executables, or you must have been delegated the appropriate authority. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the command to run your script or executable as an administrator. At a command prompt, type runas /profile /User:MyMachine\Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (including the full path with parameters, if any).
Listing9.1Sample Script for Setting Up and Configuring DNS
dnscmd PRIMARY /zoneadd contoso.COM /primary /file contoso.COM.dns
//sets up the overall zone contoso.COM on the primary name server
dnscmd SECONDARY /zoneadd contoso.COM /secondary /file contoso.COM.dns
//sets up the zone on the secondary
dnscmd PRIMARY /recordadd contoso.COM @ A 1.1.1.1
//sets up the record on the primary server for contoso.COM pointing to the IP 10.1.1.1
dnscmd PRIMARY /recordadd contoso.COM www CNAME contoso.COM
//sets up a CNAME record for to point to the same IP as
// contoso.COM
Creating Directories
After you set up and configure DNS, you should create the physical directory for your sites. You can use the mkdir command to create a directory programmatically. For more information about mkdir, including command syntax, see “Mkdir” in the command-line reference section of Help and SupportCenter for Windows Server2003.
Although it is simple to create a directory, the task requires advanced planning to create logical structures. Listing9.2 uses C:\Web\UserName\Domain, where a user’s content is in a directory that has the same name as the user name. Each user’s domain is a subdirectory of the user name directory. This structure allows users to use FTP to download files to their folders and access other directories as necessary.
Listing9.2Sample Script for Setting Up Directories
mkdir C:\WEB\USERNAME\
mkdir C:\WEB\USERNAME\DOMAIN\
To prevent mistakes, such as unintentionally overwriting an existing directory, include error handling in your script. You can use the if [not] exist command in batch programs to check for and respond to certain conditions, as seen in Listing9.3. For more information about the if commands, including command syntax, see “If” in the command-line reference section of Help and Support Center for Windows Server2003.
Listing9.3Sample Script for Error Handling
If NOT exist C:\WEB\USERNAME\ goto errornofolder1
If NOT exist C:\WEB\USERNAME\DOMAIN\ goto errornofolder2
‘errornofolder1 and errornofolder2 refer to locations in the script where those ‘errors are handled.
Creating Directories Remotely
Important
As a best security practice, use the net use command to authenticate with the remote computer before you use mkdir remotely. For more information about the net use command, including command syntax, see “Net services commands” in the command-line reference section of Help and SupportCenter for Windows Server2003.
To create directories on a remote computer, use the following command-line syntax:
mkdir \\Server\c$\Web\UserName\
Adding Temporary Content
When you create sites, you can add temporary content files that users can replace with their own content when they are ready. An example of a temporary content file is a home page that says “Coming Soon” or “Under Construction.” Use the Adsutil.vbs command-line script to add temporary content files.
Adsutil.vbs is a flexible tool that uses the Microsoft® Visual Basic® development system, Scripting Edition (VBScript), with Microsoft® ActiveDirectory® Service Interfaces (ADSI) to manipulate the IIS configuration. Note that Adsutil.vbs is not a Microsoft-supported product. The documentation for, and the format of, Adsutil.vbs can change at any time. For more information about Adsutil.vbs, including syntax and parameters, see “Using the Adsutil.vbs Administration Script” in IIS6.0 Help, which is accessible from IIS Manager.
You must use the CScript.exe command-line tool, which is installed with Windows Script Host, to run Adsutil.vbs. You can set CScript.exe as the default run-time program by typing CScript //h:cscript //nologo //s at the command prompt.The optional //nologo parameter disables the display of the CScript copyright banner. Alternatively, you can type Cscript.exe at the beginning of the Adsutil.vbs script. For more information about using Adsutil.vbs, including commands and parameters, see “Adsutil.vbs Commands” in IIS6.0 Help.
Listing9.4 uses Adsutil.vbs to add a file named temp.htm to the list of default documents. Although you do not have to use the name temp.htm, do not name the file default.htm because default.htm would take precedence if the user added only index.htm as the home page. The sample script adds the temp.htm file as the last file on the Documents tab in the Web site properties so that temp.htm can never override a user’s home page, even if the user never deletes temp.htm. You must type the complete Adsutil.vbs script on one line.
Listing9.4Sample Script for Setting Up Temporary Files
Adsutil.vbs set w3svc/defaultdoc "default.htm,default.html,default.asp,default.aspx,index.htm,index.html,index.
asp,index.aspx,temp.htm"
After you add a temporary file, use the copy command to copy the file to the user’s directory. For example, to copy temp.htm to the user’s directory, at the command prompt, type copy temp.htm C:\WEB\USERNAME\DOMAIN\temp.htm.
Adding Temporary Content Remotely
You can run any of the Adsutil.vbs commands remotely. To add temporary content to a remote computer, add -s:Server to the end of the command, where Server is the name of the target server.
Creating Web Sites
After you configure DNS, create the directories, and populate the directories with temporary content, you need to create the Web sites. You can use IIS Manager to create Web sites, or you can use the Iisweb.vbs command-line script, which is stored in the systemroot\System32 folder.
When you use Iisweb.vbs to create a Web site, you specify only the basic properties that are needed to create the site and identify its contents. Iisweb.vbs uses the same default properties that IIS Manager uses when creating new Web sites, and it adheres to the same rules for inheriting properties. For more information about default Web site properties, see “Configuring Internet Sites and Servicesiisrg_cfg_OMKX” in this book. For more information about Iisweb.vbs, including command syntax, see “Creating Web Sites” in IIS6.0 Help. For example, to create a Web site on the local computer using the directory specified in the preceding sample scripts, at a command prompt, type iisweb /create C:\WEB\USER\DOMAIN “contoso.COM” /d .
Creating Web Sites Remotely
To create a Web site on a remote computer, type /s Server after the /create parameter, where Server is the name of the target computer. To specify the IP address of the target computer, type /i IPAddress after the /s parameter, where IPAddress is the IP address.
Providing Additional Host Headers
Many users request additional host headers, such as contoso.com, without the www prefix. You can use Adsutil.vbs to set host headers, but you need to specify the site identification (ID). Although you can find out the site ID by parsing it from Adsutil.vbs output, an easier way is to integrate the Translate.js command-line script, which uses the IIS Windows Management Instrumentation (WMI) provider, into your Adsutil.vbs command. For more information about the IIS WMI provider, see the Microsoft Windows Management Instrumentation (WMI) SDK link on the <A HREF=" TARGET="_blank">Web Resources page</A> at
The Translate.js script appears below. Copy it exactly as it is shown, and then save it in the same location as your other scripts. If you do not specify a location, it will be saved to C:\Windows\System32 by default. You need to use CScript.exe to run Translate.js. For information about using CScript.exe, see “Adding Temporary Contentiisrg_adm_VWKC” earlier in this chapter.
TRANSLATE.JS
var serverComment = WScript.Arguments(0);
var query = "SELECT Name, ServerComment FROM IIsWebServerSetting WHERE ServerComment='" + serverComment + "'";
var providerObj = GetObject("winmgmts:/root/MicrosoftIISv2");
var sites = providerObj.ExecQuery(query);
if (sites.Count != 0)
{
for(e = new Enumerator(sites); ! e.atEnd(); e.moveNext())
{
var item = e.item();
// Print the site ID only by leaving the "W3SVC/" prefix out.
WScript.Echo(item.Name.substr(6));
}
}
else
{
WScript.Echo("No sites found.");
}
After you save Translate.js, you can integrate it with Adsutil.vbs to provide additional host headers. Listing9.5 uses 80:contoso.com to designate the site IP binding as All Unassigned. If you want to designate a specific IP address, type the IP address followed by a colon (:) in front of this string, as in IPAddress:80:contoso.com.
Listing9.5Sample Script for Setting Up Host Headers
cscript //nologo translate.js "CONTOSO.COM" > siteid.txt
for /f %%I in (siteid.txt) do SET SITEID=%%I
Adsutil set w3svc/%SITEID%/serverbindings ":80: ":80:CONTOSO.COM"
Del siteid.txt
Providing Additional Host Headers Remotely
Important
To provide additional host headers remotely while logged in with a domain account, you must have administrative credentials on both computers. When logged in with a local user account, you must have an account with the same user name and password on the remote computer, as well as administrative credentials on both computers.
To modify Translate.js to access a remote server, add the server name when you get the object by changing GetObject(“winmgmts:/root/MicrosoftIISv2”); to GetObject(“winmgmts://Server/root/MicrosoftIISv2”);, where Server is the name of the remote server.
Installing and Setting Up FrontPage2002 Server Extensions
FrontPage2002 Server Extensions provide Web-based and command-line administration for extending virtual servers. Extending a virtual server means enabling various FrontPage2002 Server Extensions features to improve the way that you manage the content development and security of your site. Extending virtual servers with FrontPage2002 Server Extensions enables the site owner to author the site in FrontPage and delegate site ownership and administration credentials.
FrontPage2002 Server Extensions include new security features, such as roles and rights, and new features for monitoring server health and Web site use. For more information about improvements in FrontPage2002 Server Extensions, see “Using FrontPage2002 Server Extensions with IIS6.0iisrg_fpe_GQZU” in this book.
Listing9.6 enables both FrontPage2002 Server Extensions and FTP on the same site. The sample script sets up FTP by default and checks the %4 variable. If the %4 variable is y, the script goes to the FrontPage2002 Server Extensions setup section. Otherwise, FrontPage2002 Server Extensions setup is skipped.
Listing9.6Sample Script for Setting Up FTP and FrontPage2002 Server Extensions
:iffp
if "%4"=="y" goto fpse
goto skipfp
There are two options for setting up FrontPage2002 Server Extensions. You can add the full FrontPage2002 Server Extensions path to System Properties, or you can include the path in the batch file each time you run it. The locations are as follows:
For FrontPage2002 Server Extensions: Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\Bin
For FrontPage2000 Server Extensions: Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\Bin
To add the FrontPage2002 Server Extensions path to System Properties
1.From the Start menu, right-click My Computer, and then click Properties.
2.In the System Properties dialog box, click the Advanced tab, and then click Environment Variables.
3.In the Environment Variables dialog box, in System variables, click the path, and then click Edit.
4.In the Edit System Variable dialog box, in the Variable value box, type a semicolon (;) at the end of the path, and then do one of the following:
For FrontPage2002 Server Extensions, type:
Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin
For FrontPage2000 Server Extensions, type:
Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin
To include the FrontPage2002 Server Extensions path in the batch file each time you run it, run a script like Listing9.7. This sample script does not add the path to System Properties.
Listing9.7Sample Script for Installing FrontPage2002 Server Extensions Batch Files
@set path=%path%;%SYSTEMDRIVE%\inetpub\adminscripts;%SystemDrive%\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin
After you set up FrontPage2002 Server Extensions, you can use SharePoint™ Team Services from Microsoft command-line tools to install and administer FrontPage2002 Server Extensions from the local server or from a remote computer. The Owsadm.exe command-line tool runs on only the server, and the Owsrmadm.exe command-line tool can be run from a remote computer. These tools are available at systemroot\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\Bin.