IIS and Powershell Automation

When designing web applications becomes extremely sophisticated, CI/CD is keeping accelerating and supporting and troubleshooting is every day more challenging and complex, talking about webservers seems completely old fashioned, Well… I don’t think so. Let me explain!

Web development, Networking, Security are still moving targets, but webservers are still a key component for the delivery of our content.

Focusing on implementing scripting and automation to improve one of these: web development tools, testing, network operations, security…  can have a positive impact on making more meaningful use of your time and your energies.

Internet Information Service

On a Windows Server, the default choice for a Web Server is Internet Information Services ( IIS), it is extensible and has a rich user interface that makes it easier to configure it.  If we think of all .Net web app, Sharepoint, Dynamics CRM, etc… well IIS the common denominator webserver!

Let’s see how popular is IIS

Have a look at some stats from we can see that IIS is still popular https://w3techs.com/technologies/details/ws-microsoftiis/all/all

 

Installing IIS with a oneliner

To install on a Windows Server with a powershell (run as administrator) oneliner without even opening Server Manager :

Let’s Look at the alternatives

I love the versatility, organisation, and modularity and the large number of options offered by apache or nginx and I like being able to manage them or duplicate the text format of the configuration of webservers or simply compare them with a diff command. Of course, there is the risk of complicating things along the way is always there.

How I change my approach to IIS and why

Where the CLI helped me a lot in the past, with powershell or netsh.exe, is not just for configuration,  but mainly for management or simple troubleshooting purposes. So I’ve started to threat IIS as the same way I approach other webservers like apache and nginx, regardless of the difference is that treating the tool via its configuration and not via the UI helped me out to find errors and automating checks and mitigations.

Some surprises moving from the UI to the CLI

Where automation shows more options but can also be the ins and outs of the tool with possible issues.

If you stop a website from the UI, you’re not just setting the website but you’re at the same time setting the “SERVERAUTORESTART” to $False, and if you’re starting the website to start that property is set to $TrueSo from the UI, as far as I know, these settings will always be tightly/strongly coupled.

The result is that the expectation from start and stop operations from the CLI of having the same behavior, well is wrong. Some of us would say that is not a BUG, it’s a FEATURE!

I like that the CLI is giving a more granular control and options, but if you’re not testing it properly you’ll get caught by a really bad surprise at the next reboot.

For this reason, my logical approach is checking the expected state before and after the execution of my tasks and logging the steps and the states of my system to be able to rewind and analyze it if needed and something goes wrong.

That’s the IIS Administration blog

https://blogs.iis.net/iisteam/introducing-iisadministration-in-the-powershell-gallery

WebAdministrations VS IIS Administration

What module to use to manage IIS via PowerShell? Good question. The older module has more than double the cmd-lets. The choice seems obvious, but it’s maybe the wrong one.

I came across this article https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/iisadministration-powershell-cmdlets  and I started using iisadministrator and considering to gradually replacing the webadministrator module.

Webadministration Module

IISAdministration Module

https://docs.microsoft.com/en-us/powershell/module/webadministration/?view=win10-ps

SCALING OUT IIS

Scaling out to multiple IIS web servers is possible with some feature like IIS shared configuration settings, central certificates store that powershell made easier to perform, I will link to some example that replicates what I’ve done sometimes from the UI via powershell and make it cleaner and easier to reproduce programmatically.

https://blogs.iis.net/jeonghwan/how-to-use-iisadministration-powershell-cmdlets-to-configure-iis-configuration-settings

Where I can start scripting? What is the first step script?

If you’re passionate about security, well there are infinite possibilities…, but simple wikis (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd450371(v=ws.10) ) or https://www.owasp.org/index.php/Hardening_IIS are a good place to start.

Why don’t start from a github or  book?

Today, I found this interesting GitHub repository of Thomas Lee AKA DoctorDNS and he is the author of this book, the foreword is by Jeffrey Snover and the book title is Window Server 2019 Automation with PowerShell. I haven’t read the book,  but I’ve read the code snippet and the book content seems interesting and also to cover a lot of ground.

The author seems to abuse of hash tables, but except these minor things that are my personal preference… there are a lot of interesting examples that can be reused and useful for everybody.

https://www.packtpub.com/au/virtualization-and-cloud/windows-server-2019-automation-powershell-cookbook-third-edition

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.