IIS Site Creation Using Just PowerShell

Here I’ll be going in-depth on creating an IIS site solely using PowerShell commands (CLI or bust). Specifically I’ll go over creating an FTP site, but many of the steps and logic behind them are transferable to creating any other IIS site. Commands will be in bold. You may be asking why anyone would want to do this with commands as opposed to the completely functional and intuitively designed IIS GUI. That’d be because scripts are useful and going through the CLI can get you much further. You will also cultivate a greater degree of knowledge and appreciation for the dark and scary place that is the behind the scenes machinery of Windows, at least a high level view of it.

 

To preface, this was done on Windows Server 2008 R2 with PowerShell version 5.1. This should work just fine on R1 and according to Bailey works on Server 2012 R2 and later, but I wouldn’t hold my breath on anything before 2008. While it may be possible, I have not yet tested it. Different PowerShell versions may require additional or less steps depending on what sort of modules they already have. To check what PowerShell version you have, type: $PSVerisonTable.

 

Installing The Correct Windows Features

First off, we’ll need to install some Windows features (server roles). You can list out available features and see which ones you have enabled/disabled by using the command Get-WindowsFeature. Your output should look something like this:

 

 

Now we’ll install the features needed to make our FTP IIS site. The commands are as follows:

Install-WindowsFeature -Name Web-Server

Install-WindowsFeature -Name Web-Mgmt-Tools

Install-WindowsFeature -Name Web-FTP-Server

Install-WindowsFeature -Name Web-FTP-Ext

 

Administration

To give us the ability to work on IIS sites through the CLI we need to import the WebAdministration cmdlet (commandlet). This command varies depending on which version of Server you are using. For 2008 R2 and newer you use:

Import-Module WebAdministration

But on 2008 you use:

Add-PSSnapin WebAdministration

 

Making The FTP Site

The following command creates the site and sets its name to ftp and port 21:

New-WebFtpSite -Name "FTP" -Port "21" -Force

Here’s where we run into some more version variability and long explanations. The variability here lies in the IIS version. The next command will be dependent on whether or not you’re running IIS 6 or below (This command is structured for IIS 7+). What changes is the site/app/virtdirectory hierarchy and how they are used. You can read more about that here. I have only tested this on IIS 7 thus far, but here it is:

C:\Windows\System32\inetsrv\appcmd set SITE "FTP" "-virtualDirectoryDefaults.physicalPath:C:\inetpub\ftproot"

 

Site Configuration

Now that creating the site is out of the way, we still need to configure it to make it actually functional. There are numerous ways to do this which I’ll leave up to you, but here are a few examples from a challenge I made (THESE ARE NOT SECURE SETTINGS):

Set-ItemProperty "IIS:\Sites\FTP" -Name ftpServer.security.ssl.controlChannelPolicy -Value 0 

Set-ItemProperty "IIS:\Sites\FTP" -Name ftpServer.security.ssl.dataChannelPolicy -Value 0

Set-ItemProperty "IIS:\Sites\FTP" -Name ftpServer.security.authentication.anonymousAuthentication.enabled -Value $true

Set-ItemProperty "IIS:\Sites\FTP" -Name ftpserver.userisolation.mode -Value 4

Add-WebConfiguration "/system.ftpServer/security/authorization" -Value @{accessType="Allow";roles="";permissions="Read,Write";users="*"} -PSPath IIS:\ -location "FTP"

We then need to restart it for all of the changes to take effect:

Restart-WebItem "IIS:\Sites\FTP"

Additionally, you can view your site config in the following directory:

C:\Windows\System32\inetsrv\config\applicationHost.config

After opening that file with notepad you will find a great deal of configuration options. If you scroll for a bit and ran the same commands as above, it should look just like this (Disregard the default site):

You can also make configuration changes here if you really know what you’re doing, but this post is focused more towards scripting it.


Closing Thoughts

Well that only sucked a little. Depending on what you want to do with whatever site you’ve created, you can make it suck a whole lot more! This should give you a good idea of the site creation process and and what you can do with it. If you need to mess with FTP just save yourself the trouble and use something like FileZilla. Unfortunately this process varies depending on the versions of some key components and I have only tested it with one specific configuration, but I’ll make the necessary edits if I find out more.



PowerShell. Power Shell. Powers Hell. Not a coincidence.

 

 

About: James Block

Netfilter's very own Anubis. Odd job IT. Over the top data and disk destruction. Security/privacy oriented. I can pick your door lock pretty fast, but I can unlock your heart even faster.


Leave a Reply

Your email address will not be published. Required fields are marked *