Creating And Configuring an IIS Web Application with Script

By Peter A. Bromberg, Ph.D.

Peter Bromberg  

If you create custom software that works with web servers, sooner or later you are going to want to be able to include some way to create and custom configure the IIS virtual directory that your application's web files should reside in, rather than depending on the uninitiated user to follow your instructions. I say this because personal experience has shown that the more you leave up to the user, the more time you'll be spending on the phone and via Email helping users to accomplish things that you originally thought would prove be "no - brainers"!   Ah, Murphy's Law at work again!



Fortunately, starting with IIS 4.0 and now even more so in IIS 5.0, virtually everything about IIS is fully scriptable. You can set up web sites, configure users and permissions, set applications, determine process isolation, start and stop web sites and much, much more. The following annotated script shows how easy it is to do some of these items.

What we'll do here is what I would think is the most common scenario a developer might need:

1. Find the physical web root, and create a new physical folder under it for our application.
2. Create a new IIS virtual directory of the same name associated with the folder, and mark it as an IIS application.
3. Determine the name of the Anonymous IIS user account.
4. Set read, write and execute permissions for the Anonymous user.
5. Set Anonymous access on.
6. Go into the NTFS filesystem and set EXECUTE (Change) permissions on the folder for the IUSR account so that COM and COM+ dlls can be instantiated.

Having said all this, the basic process you'll see next can be easily modified by anyone willing to take ten minutes or so to read the IIS documentation. All the properties of the IIS Admin Base Object are there to see, fully laid out and expertly documented in the MSDN library. So let's get started.

' File name: CreateIISApp.vbs
' Set some variables and constants we will use...

Dim strVirtualDirectoryName 'IIS Virtual Directory Name
Dim blnInProcessApplication 'IIS In Process Application Flag
Dim objIIS 'ADSI IIS Object
Dim strVirtualDirectoryPath 'IIS Virtual Directory Path
Dim objFileSystem 'VBScript FileSystemObject
Dim strOwner 'NT Folder Owner
Dim objVirtualDirectory 'ADSI IIS Virtual Directory Object
Dim blnScriptPermissions 'IIS script permissions flag
Dim blnExecutePermissions ' IIS Execute permissions flag
Dim blnWritePermissions '
Dim blnReadPermissions '
Dim strHTTPReferer 'IIS Referrer Page
Dim objWSH 'Windows Scripting Host Object
Dim objRTC 'Return
Dim strACLCommand 'Command Line string to set ACLs
Dim MachineName ' computer name
strVirtualDirectoryName = "MyIISApp"
' Get the Computer name using Wscript.Network and assign to IUSR to create IIS IUSR account name
Set WshNetwork = WScript.CreateObject("WScript.Network")
MachineName=WshNetwork.ComputerName
strOwner = "IUSR_" & MachineName
Set WshNetwork = Nothing
set wsc = Wscript.CreateObject("WScript.Shell")
wsc.Popup "Setting Permissions for Computer Name = " & strOwner , 1
blnScriptPermissions = "True"
blnExecutePermissions = "True"
blnWritePermissions = "True"
blnReadPermissions = "True"
' Does this IIS application already exist in the metabase?
On Error Resume Next
Set objIIS = GetObject("IIS://localhost/W3SVC/1/Root/" & strVirtualDirectoryName)
If Err.Number = 0 Then
Wscript.echo ("An application with this name already exists. ")
Wscript.quit
End If
Set objIIS = Nothing
'Now use IIS administration objects to create the IIS application in the metabase.
'Create the IIS application
Set objIIS = GetObject("IIS://localhost/W3SVC/1/Root")
strVirtualDirectoryPath = objIIS.Path & "\" & strVirtualDirectoryName
' First check for and optionally create the physical folder under wwwroot
Set objFileSystem = Wscript.CreateObject("Scripting.FileSystemObject")
On Error Resume Next
Set Folder = objFileSystem.GetFolder(strVirtualDirectoryPath)
If Hex(Err.number) = "4C" Then
wsc.Popup "Creating folder " & strVirtualDirectoryPath , 1
set f= objFileSystem.CreateFolder(strVirtualDirectoryPath)
End If
Set objFileSystem = Nothing
'Using IIS Administration object , turn on script/execute permissions and define the virtual directory as an 'in-process application.
Set objVirtualDirectory = objIIS.Create("IISWebVirtualDir", strVirtualDirectoryName)
objVirtualDirectory.AccessScript = blnScriptPermissions
objVirtualDirectory.Path = strVirtualDirectoryPath
objVirtualDirectory.AppCreate blnInProcessApplication
objVirtualDirectory.AccessWrite = blnWritePermissions
objVirtualDirectory.AccessRead = blnReadPermissions
objVirtualDirectory.AccessExecute = blnExecutePermissions
objVirtualDirectory.AuthAnonymous =True
objVirtualDirectory.AnonymousUserName=strOwner
objVirtualDirectory.AnonymousPasswordSync=True
objVirtualDirectory.AppCreate (True)
objVirtualDirectory.SetInfo
'Set Change Permissions for the owner using CACLS.exe
' need to "|" pipe the "Y" yes answer to the command "Are you sure?" prompt for this to work (see KB: Q135268 )
strACLCommand = "cmd /c echo y| CACLS "
strACLCommand = strACLCommand & strVirtualDirectoryPath
strACLCommand = strACLCommand & " /g " & strOwner & ":C"
Set objWSH = Server.CreateObject("WScript.Shell")
objRTC = objWSH.Run (strACLCommand , 0, True)
Set objWSH = Nothing
strRes = "Web Application Created Sucessfully" & vbCRlf
strRes = strRes & "Path : "& strVirtualDirectoryPath & vbCRlf
strRes =strRes & "Script Permissions : "& blnScriptPermissions & vbCRlf
strRes = strRes & "Read Permissions : " & blnReadPermissions & vbCRlf
strRes = strRes & "Write Permissions: " & blnWritePermissions & vbCrLf
strRes = strRes & "Execute Permission: " & blnExecutePermissions & vbCrLf
strRes = strREs & strOwner & " granted change permissions" & vbCrlF
wscript.echo strRes

That's it! You just set up an IIS Application with all the permissions needed to drop in a DLL, register it, and have it work for the users.

Peter Bromberg is an independent consultant specializing in distributed .NET solutionsa Senior Programmer /Analyst at in Orlando and a co-developer of the NullSkull.com developer website. He can be reached at info@eggheadcafe.com