IIS Manage With AppCmd

2022-04-10

筆記如何使用 AppCmd 進行 IIS 的站台管理、部署與各項組態設定，藉由活用 AppCmd 精進 IIS 的管理之道。

說明

AppCmd Folder

IIS Express

cd C:\Program Files\IIS Express

IIS

cd %systemroot%\system32\inetsrv\

Useful Command

Check Site, Application And Application Pool

appcmd list site
appcmd list app
appcmd list apppool

Check Application Pool And Worker Process Mapping

appcmd list wps

Check Reuqests

appcmd list requests

Disable Upload Folder Script ⭐

appcmd set config "Default Web Site/MyApp/Upload" /section:system.webServer/handlers /accessPolicy:Read /commit:url

Add Site

appcmd add site /name:MySite /bindings:http://*:80 /physicalpath:"D:\Websites"

Add Application Pool (4.0, 2.0, No Managed Code)

appcmd add apppool /name:MyAppPool /managedRuntimeVersion:v4.0
appcmd add apppool /name:MyAppPool /managedRuntimeVersion:v2.0

REM No Managed Code
appcmd add apppool /name:MyAppPool /managedRuntimeVersion:""

Add Application

appcmd add app /site.name:"MySite" /path:/MyApp /physicalpath:"D:\Websites\MyApp"

Delete Site, Application & Application Pool

appcmd delete site "MySite"
appcmd delete app "MySite/MyApp"
appcmd delete apppool MyAppPool

Assign Application Pool To Application

appcmd set app "MySite/MyApp" /applicationpool:MyAppPool

Enable Anonymous Authentication (匿名驗證)

REM Anonymous Authentication
appcmd set config "MySite/MyApp" -section:system.webServer/security/authentication/anonymousAuthentication /enabled:"True" /commit:apphost

REM Windows Authentication
appcmd.exe set config "MySite/MyApp" -section:system.webServer/security/authentication/windowsAuthentication /enabled:"True" /commit:apphost

Swithc Windows Authentication Providers (NTLM / Negotiate)

REM Clear Provider List First
appcmd set config MySite/MyApp -section:system.webServer/security/authentication/windowsAuthentication /~providers /commit:apphost

REM NTLM
appcmd set config MySite/MyApp -section:system.webServer/security/authentication/windowsAuthentication /-providers.[value='NTLM'] /commit:apphost

REM Negotiate
appcmd set config MySite/MyApp -section:system.webServer/security/authentication/windowsAuthentication /+providers.[value='Negotiate'] /commit:apphost

Custom Header

appcmd  set config MySite -section:system.webServer/httpProtocol /+customHeaders.[name='X-Content-Type-Options',value='nosniff'] /commit:apphost
appcmd set config MySite -section:system.webServer/httpProtocol /+customHeaders.[name='X-UA-Compatible',value='IE=EmulateIE7'] /commit:apphost

Setting Default Document

appcmd set config "MySite/MyApp" /section:defaultDocument /+files.[value='hello.aspx']

Backup and Restore IIS Settings

appcmd add backup MyBackup
appcmd restore backup MyBackup

IIS Backup & Restore Sites & Application Pools 備份與還原 IIS 站台與應用程式集區

HTTPS Binding

appcmd set site /site.name:"MyApp" /+bindings.[protocol='https',bindingInformation='*:443:MySSLCertificate']

Application Pool Always Running

set apppool /apppool.name:AppPoolName /startMode:AlwaysRunning
set apppool /apppool.name:AppPoolName /autoStart:true
set config /section:applicationPools /[name='AppPoolName'].processModel.idleTimeoutAction:Suspend

aspnet_regiis

加密 web.config 連線字串密碼的方式，使用 pef

aspnet_regiis.exe -pef "connectionStrings" "D:\Sites\MyApplication"

解密 web.config 連線字串密碼的方式，，使用 pdf

aspnet_regiis.exe -pdf "connectionStrings" "D:\Sites\MyApplication"

IIS Encrypt Web.config (Single Server, AppSettings, Web Farm)

Web Server Hardening

REM 設定回收間隔時間為 0 (取消自動回收)
appcmd set apppool /apppool.name:"AppPoolName" /recycling.periodicRestart.time:00:00:00

REM 設定每天回收時間為 12:00
appcmd set apppool /apppool.name:"AppPoolName" /+recycling.periodicRestart.schedule.[value='12:00:00']

REM 設定失敗次數上限為 20
appcmd set apppool /apppool.name:"AppPoolName" /failure.rapidFailProtectionMaxCrashes:20

REM 設定閒置逾時為 5 分鐘
appcmd set apppool /apppool.name:"AppPoolName" /processModel.idleTimeout:00:05:00

參考資料

Getting Started with AppCmd.exe | learn.microsoft

Appcmd Most Common Commands | gist by Mike Mahon

相關連結

IIS 筆記整理

IIS 網頁伺服器的安全設定 (IIS Security Configuration)