IIS7: How to enable webdav for (multiple) a website(s) via script
Configuring WebDAV requires some steps, e.g.:
- enabling webdav for a specific site
- add an webdav authoring rule for a specific user
- configure WebDAV with Request Filtering (i.e. not to apply rules for webdav traffic)
- enable / allow windows authentication for this site
- creating windows accounts and give them NTFS permissions on the physical path where the website content is located.
- (set dynamic IP restrictions)
If you want to do this for a couple of websites – you probably want to do this automatically.
This can be done by calling a batch file multiple times. Once for each website - doing all of the actions as stated above:
Here is my version:
here is what goes into the batch “webdav.cmd”:
@echo off
rem the first input parameter %1 takes the website name with quotation marks e.g. "Default Web Site"
rem the second input parameter %2 takes a password for the windows user that will associated with the webdav user has the same name as the website e.g."Default Web Site"
rem Create a windows account with the same name as the website
net user %1 %2 /add /EXPIRES:NEVER
rem build command string to get the root directory of a website using appcmd.exe
set name= %windir%\system32\inetsrv\appcmd.exe list vdir "%~1/" /text:physicalPath'
echo website "%~1/"
rem call icacls to set permissions on each directory
for /F %%X in ('call %name%) do (echo add NTFS permissions on root: %%X for user "%~1" && call icacls "%%X" /grant "%~1:(OI)(CI)(M)")
rem IIS per web site settings
rem enable windows authentication on webdav site
rem you might use basic auth in conjunction with SSL and https://support.microsoft.com/default.aspx?scid=kb;EN-US;963047
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/authentication/windowsAuthentication /enabled:"true" /commit:apphost
rem enable webdav on a site basis
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/webdav/authoring /enabled:"True" /requireSsl:"False" /commit:apphost
rem create a webdav allow rule for the user e.g."Default Web Site"
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/webdav/authoringRules /+"[users='%~1',path='*',access='Read, Write, Source']" /commit:apphost
rem disable locks for webdav authoring - you might need locks in a multi-source authoring environment.
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/webdav/authoring /locks.enabled:"False" /locks.requireLockForWriting:"False" /commit:apphost
rem make IIS Request filter behave nice to webdav requests
rem note that these settings get into applicationhost.config - so that the inetmgr UI picks them up
rem see also https://learn.iis.net/page.aspx/354/how-to-configure-webdav-with-request-filtering/
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/requestFiltering /fileExtensions.applyToWebDAV:"False" /commit:apphost
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/requestFiltering /verbs.applyToWebDAV:"False" /commit:apphost
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/requestFiltering /hiddenSegments.applyToWebDAV:"False" /commit:apphost
rem if you have dynamic request filtering installed
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/ipSecurity /dynamicRestrictions.denyByRequestsOverTime.enabled:"true" /commit:apphost
Run webdav.cmd with 2 parameters e.g.: webdav.cmd “Default web site” password
and the output should look similar to this:
The following will be done:
a user will be created “Default web site”
permissions will be granted for this user on the web content directory:
webdav will be enabled in IIS for the “Default web site” and an webdav authoring rule for this user created:
additionally windows auth will be enabled on this site:
and finally some webdav settings will be set for the site:
To enable webdav for multiple websites on an IIS automatically you just need to call the script multiple times from the cmd line:
FOR /F %f IN ('%systemroot%\system32\inetsrv\APPCMD list site /text:name') DO CALL webdav.cmd %f password
backup before - no warranties – hth