PowerShell scripts for automating Web Deploy setup
The v2.1 release of Web Deploy installs several PowerShell scripts that make it easy to configure your IIS server so that users can publish to it by using Web Deploy. This page shows you how to use these scripts to create a default publishing site, enable publishing for a new or existing site and user, create publishing SQL or MySQL databases, or to set up delegation rules – all using PowerShell.
The scripts that you will use are:
- SetupSiteForPublish.ps1
- CreateSqlDatabase.ps1
- CreateMySqlDatabase.ps1
- AddDelegationRules.ps1
Requirements
The server must have an operating system that comes with IIS7—this means either Windows Server 2008 or Windows Server 2008 R2. You must be an administrator on the machine.
Make sure the following conditions are met:
- PowerShell2 must be installed (this is built into Windows Server 2008 R2; for Windows Server 2008, you can get PowerShell2 as an update from here: https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=0be83604-db27-4b99-976a-136a92bd579b. A restart may be required.
- The Web Server (IIS) role must be enabled in Server Manager.
- The Web Management Service role service of IIS ("Management Service") must be enabled in Server Manager
- To use the PowerShell database scripts, the server must have access to a SQL or MySQL database. SQL Server Management Objects must also be installed for SQL.
- Web Deploy must be installed with the Management Service Integration component. (For this option to appear in the Web Deploy installer, the Web Management Service must be enabled first.)
General PowerShell instructions
Launch a PowerShell command window.
Click on the PowerShell icon in the task bar or click Start, type PowerShell, and select Windows PowerShell.
(The blue icon)Make sure your execution policy allows for running scripts.
Type "Get-ExecutionPolicy". If it is Restricted (the default) you must reset to a more permissive setting such as by typing "Set-ExecutionPolicy AllSigned". The AllSigned setting will allow running signed scripts, but prompt you in case they are not trusted
For more information on execution policy settings see Using the Set-ExecutionPolicy Cmdlet.
Change to the Web Deploy scripts directory.
- Type
cd '%programfiles%\IIS\Microsoft Web Deploy v2\Scripts'
(but replace%programfiles%
with the actual path, such asC:\Program Files
).
- Type
Use the SetupSiteForPublish script to create a default publishing web site (no databases)
Run the SetupSiteForPublish.ps1 script with no arguments:
What this does:
The script creates a user and site for non-admin publishing and saves the publish profile information in a file on the desktop. More specifically, it creates a site called WDeploySite with physical site root at %systemdrive%\inetpub\WDeploySite
. The site will have a matching application pool, WDeployAppPool, and will be assigned to port 8080 by default (or the next available port if another site is using 8080). The script also creates a non-administrator local Windows user called WDeploySiteuser and grants that user Full Control ACLs on the WDeploySite folder and IIS Manager Permissions to the site. The settings information is saved to the desktop in a file called WDeploy.PublishSettings - this file may be consumed by WebMatrix (or potentially Visual Studio) for publishing to the site. This profile does NOT contain any database publishing information at this point.
Enable Web Deploy Publishing for any Site and User using the SetupSiteForPublish script:
Script: SetupSiteForPublish.ps1
Description: For a specified site and user account, enables the specified user to publish to the specified site. The script creates the user account, site, and application pool; sets the directory ACLs and IIS Manager permissions for the site; and saves the setting information in a file.
Parameters:
Name | Description | Default Value | Notes |
---|---|---|---|
siteName | Name of the site. If site does not exist, it will be created. | WDeploySite | |
sitePhysicalPath | Physical file location for the site content. If the directory does not exist, it will be created. | %systemdrive%\inetpub\WDeploySite |
|
siteAppPoolName | Name of the application pool that will be associated with the site. If the application pool does not exist, it will be created. | WDeployAppPool | It is recommended to dedicate one application pool per site. |
sitePort | Port for the site bindings. | First port from 8080-8200 that is not in use by another site. | A firewall rule may be required to open the port for remote traffic. |
deploymentUserName | Name of the user to be given access to the site. If the user does not exist, a non-administrator user will be created. | WDeploySiteuser | |
deploymentUserPassword | Password for the deployment user. If a password is not specified, one will be automatically generated and saved in the settings file. | [autogenerated] | |
managedRunTimeVersion | If specified, will try to set the specified run-time version for the application pool. If a matching runtime version is not found, the application pool defaults will be used. | Application pool defaults | Example format "v2.0" or "v4.0" |
publishSettingSavePath | An existing directory where the settings file will be saved. | Current user's desktop | Must be an existing directory. If the directory specified does not exist, an error will result. |
publishSettingFileName | Name of the settings file, including the extension. | WDeploy.PublishSettings | Remember to include the extension. If the file already exists, the site information in it will be overwritten. |
Examples:
Enable publishing for an existing user on an existing site (the password will not be saved in the settings file):
.\SetupSiteForPublish.ps1 -siteName ExistingSite -deploymentUserName UserA -publishSettingSavePath C:\profiles -publishSettingFileName UserA.PublishSettings
Enable publishing for a new user on a new site, with a custom name and location for the publish settings file:
.\SetupSiteForPublish.ps1 -siteName NewSite -sitePhysicalPath C:\inetpub\NewSiteRoot -siteAppPoolName NewSitePool -sitePort 81 -deploymentUserName NewSiteUser -deploymentUserPassword Passw0rd -publishSettingSavePath C:\profiles -publishSettingFileName NewSite.PublishSettings
The PublishSettings file also contains the new user password. Notice that the connection string fields are empty - they can be filled by hand or you can add this to the profile using the database generation scripts:
<?xml version="1.0" encoding="utf-8"?>
<publishData>
<publishProfile publishUrl="RWS-2008R2" msdeploySite="NewSite" destinationAppUrl="http://RWS-2008R2:81" mySQLDBConnectionString="" SQLServerDBConnectionString="" profileName="Default Settings" publishMethod="MSDeploy" userName="NewSiteUser" userPWD="Passw0rd" savePWD="True" />
</publishData>
Create a SQL database for a publishing account using the CreateSqlDatabase script
Script: CreateSqlDatabase.ps1
Description: Creates a database, a login, a database user that has db_owner permissions to the database, and saves the corresponding connection string information in a settings file.
Parameters:
Name | Description | Default Value | Notes |
---|---|---|---|
databaseName | Name of the database to be created. | wDeploySqldb | |
databaseUserName | Name of the database user and login. | wdeploySqlUser | Specify a new user every time, or you may end up resetting a user's login password and invalidating the user's previous connection credentials. |
databaseUserPassword | Password for the database user and login. If no password is specified, one will automatically be generated. | [autogenerated] | In some cases the auto-generated password may contain characters that cause issues with certain publishing clients. Consider modifying the script if you are using the script for automated database creation. |
databaseAdminUser | SQL server administrator user name (typically "sa"). | REQUIRED | |
databaseAdminPassword | Password for the SQL server administrator account. | REQUIRED | |
sqlServerInstanceName | Location of the SQL server. | .\SQLExpress |
General
publishSettingSavePath | An existing directory where the settings file will be saved. | Current user's desktop | Must be an existing directory. If the directory specified does not exist, an error will result. |
---|---|---|---|
publishSettingFileName | Name of the settings file, including the extension. | WDeploy.PublishSettings | Remember to include the extension. If the file already exists, the site information in it will be overwritten. |
Examples:
Create a database with user using the defaults (local SQLExpress database):
.\CreateSqlDatabase.ps1
Create a new database and add the connection string information to existing publish settings file c:\profiles\UserA.PublishSettings
:
PS C:\Program Files\IIS\Microsoft Web Deploy V2\Scripts> .\CreateSqlDatabase.ps1 -databaseName UserADb -databaseUserName UserADbUser -databaseUserPassword Passw0rdA -databaseAdminUser sa -databaseAdminPassword Passw0rd -sqlServerInstanceName .\SQLExpress -publishSettingSavePath C:\profiles -publishSettingFileName UserA.PublishSettings
Create a MySQL database for a publishing account using the CreateMySqlDatabase script
Script: CreateMySqlDatabase.ps1
Description: Creates a database, a database user with all privileges on the database (at localhost), and saves the connection string information in a settings file
Parameters:
Name | Description | Default Value | Notes |
---|---|---|---|
databaseName | Name of the database to be created. | WDeployDb | |
databaseUserName | Name of the database user. | WDeployUser | |
databaseUserPassword | Password for the database user and login. If no password is specified, one will automatically be generated. | [autogenerated] | In some cases the auto-generated password may contain characters that cause issues with certain publishing clients. Consider modifying the script if you are using the script for automated database creation. |
databaseAdminUser | Name for the database administrator, typically "root". | REQUIRED | You will be prompted for this parameter if not supplied |
databaseAdminPassword | Password for the server administrator account. | REQUIRED | You will be prompted for a value for this parameter if you do not provide one. |
serverHostName | Location of the MySQL server | localhost | *see note below table |
General:
publishSettingSavePath | An existing directory where the settings file will be saved. | Current user's desktop | Must be an existing directory. If the directory specified does not exist, an error will result. |
---|---|---|---|
publishSettingFileName | Name of the settings file, including the extension. | WDeploy.PublishSettings | Remember to include the extension. If the file already exists, the site information in it will be overwritten. |
*If you specify a non-localhost value for serverHostName and do not modify the permissions for the user, the user may not be able to access his or her database. By default the permissions granted in this script provide the database user access from the local machine. If the database server is not hosted on the same machine, the permission granting section of the PowerShell script should be modified to grant more general permissions, such as by changing the following line of script to allow access from any machine:
Default script permissions line:
$createUserScript = "Grant all privileges on {0}.* to '{1}'@'localhost' identified by '{2}';"
Modified script permissions line:
$createUserScript = "Grant all privileges on {0}.* to '{1}'@'%' identified by '{2}';"
Examples:
Create a database with user using the defaults:
.\CreateMySqlDatabase.ps1
Create a new database and add the connection string information to existing publish settings file c:\profiles\UserA.PublishSettings
:
.\CreateMySqlDatabase.ps1 -databaseName UserADb -databaseUsername UserADbUser -databaseUserPassword Passw0rd -databaseAdminUser root -databaseAdminPassword iis6!dfu -publishSettingSavePath C:\profiles -publishSettingFileName UserA.PublishSettings
Set up Delegation Rules for the server using the AddDelegationRules script
Script: AddDelegationRules.ps1
Description: This script is run automatically at setup time by the installer during a full install, but if you did not do a full install or wish to repair the rules at any time, you can re-run this AddDelegationRules script.
Parameters:
Name | Description | Default Value | Notes |
---|---|---|---|
elevatedUsername | Name for the user account that will be granted write access to the server's applicationHost.config file. This user will be used as the run-as user on the appPoolPipeline, appPoolNetFx and createApp rules. | WDeployUser | Creates only a local Windows user and will not work if shared configuration is enabled. The password for this user account will be reset if the script is run a second time. |
elevatedPassword | Automatically generated if not specified. | [autogenerated] | |
adminUsername | Name for an Administrator user account that will be used as the run-as user on the recycleApp rule. | WDeployAdmin | Creates only a local Windows user and will not work if shared configuration is enabled. The password for this user account will be reset if script is run a second time. |
adminPassword | Automatically generated if not specified | [autogenerated] | |
ignorePasswordResetErrors | Switch. If elevated/adminUsername references an existing account, this switch allows the script to reset the password for the account. | [omitted - resetting user passwords not allowed] | Resetting a user password can result in the user losing access to data. This switch should be used with caution. For more information, see https://windows.microsoft.com/windows-vista/What-are-the-risks-of-resetting-a-password. Note also that the new user password is not stored and cannot be retrieved later. |