Jaa


PowerShell - Advanced configuration editing in IIS7

I've written a lot of PowerShell posts lately and here's another one. :-)

I got a question from one of the account managers if it was possible to alter the FTP Authorization Rules for a specific folder on his IIS.

The appcmd for the operation was

appcmd.exe set config "FTPFolder" -section:system.ftpServer/security/authorization /+"[accessType='Allow',users='*',roles='*',permissions='Read, Write']" /commit:apphost

He wanted to know if there was a PowerShell equivalent. Sure, you could use the appcmd directly from powershell, but if you're going to use the command line for everything, then what's the use of PowerShell?

The section in applicationhost.config that we want to edit is the following:

<location path="FTPFolder">
    <system.ftpServer>
        <security>
            <authorization>
                <add accessType="Allow" users="?" permissions="Read, Write" />
            </authorization>
        </security>
    </system.ftpServer>
</location>

 

System Specs

As you might have noticed from the screenshots already he was Running Windows 2008 with FTP 7 installed. He also had the IIS 7.0 PowerShell Provider installed.

Troubleshooting

There are a lot of cool things you can do with the WebSites using the IIS7 PowerShell provider. Below is a sample copied from iis.net. To use it properly, go to an IIS directory such as IIS:\DemoSite\DemoApp:

$winAuth = Get-WebConfiguration -filter /system.webServer/security/authentication/windowsAuthentication
$winAuth.enabled = $false
$winAuth | set-Webconfiguration -filter /system.webServer/security/authentication/windowsAuthentication -PSPath IIS:\ -location "DemoSite/DemoApp"

So judging from the sample above we should simply have to set anonymousAuthentication.enabled = $true or something like that. Unfortunately this isn't the case. If you try to access the section of applicationhost.config that we're attempting to edit (see above) you will see that we don't have any applicable properties for the object. $ftpAuth = Get-WebConfiguration -filter /system.ftpServer/security/authorization will not throw any exceptions, but using TAB to cycle through the properties of $ftpAuth will show us no immediate properties or methods of use.

Solution

The solution in this scenario is to use the Add-WebConfiguration cmdlet. The applicationhost.config can easily be translated to a valid Add-WebConfiguration call:

Add-WebConfiguration "/system.ftpServer/security/authorization"  -value @{accessType="Allow";users="?";permissions=3} -PSPath IIS:\ -location FTPFolder

The only thing that sticks out as being out of the ordinary is the permissions=3 setting. Why isn't it "Read, Write"? Actually, passing "Read, Write" as a parameter will not work. It will leave the permissions setting blank. "Read" or "Write" only will work, but not both together. I've tried figuring out if there's a valid way of passing both arguments, but so far I've drawn blanks. I've tried putting them in an array {"Read";"Write"}, passing them as "ReadWrite", "Read;Write", "Read+Write" etc. but the only way I've found so far is to pass the value 3 which is the obvious sum of the two enum values for Read and Write.

Later! / Johan

Comments

  • Anonymous
    October 02, 2008
    PingBack from http://blog.a-foton.ru/index.php/2008/10/02/powershell-advanced-configuration-editing-in-iis7/

  • Anonymous
    August 06, 2010
    How do I remove a user from a specific directory in Powershell Command?

  • Anonymous
    August 06, 2010
    To Parse Read Write Permission in the sams command, use this syntaxe. Add-WebConfiguration -Filter /System.FtpServer/Security/Authorization -Value (@{AccessType="Allow"; Roles=$Account; Permissions="Read,Write"}) -PSPath IIS: -Location $Location