If you create custom software that works
with web servers, sooner or later you are going to want to be able to
include some way to create and custom configure the IIS virtual directory
that your application's web files should reside in, rather than depending
on the uninitiated user to follow your instructions. I say this because
personal experience has shown that the more you leave up to the user,
the more time you'll be spending on the phone and via Email helping users
to accomplish things that you originally thought would prove be "no
- brainers"! Ah, Murphy's Law at work again!
Fortunately, starting with IIS 4.0 and
now even more so in IIS 5.0, virtually everything about IIS is fully scriptable.
You can set up web sites, configure users and permissions, set applications,
determine process isolation, start and stop web sites and much, much more.
The following annotated script shows how easy it is to do some of these
What we'll do here is what I would think
is the most common scenario a developer might need:
1. Find the physical web root, and create
a new physical folder under it for our application.
2. Create a new IIS virtual directory of the same name associated with
the folder, and mark it as an IIS application.
3. Determine the name of the Anonymous IIS user account.
4. Set read, write and execute permissions for the Anonymous user.
5. Set Anonymous access on.
6. Go into the NTFS filesystem and set EXECUTE (Change) permissions on
the folder for the IUSR account so that COM and COM+ dlls can be instantiated.
Having said all this, the basic process
you'll see next can be easily modified by anyone willing to take ten minutes
or so to read the IIS documentation. All the properties of the IIS Admin
Base Object are there to see, fully laid out and expertly documented in
the MSDN library. So let's get started.
' File name: CreateIISApp.vbs
' Set some variables and constants we will use...
Dim strVirtualDirectoryName 'IIS Virtual Directory
Dim blnInProcessApplication 'IIS In Process Application Flag
Dim objIIS 'ADSI IIS Object
Dim strVirtualDirectoryPath 'IIS Virtual Directory Path
Dim objFileSystem 'VBScript FileSystemObject
Dim strOwner 'NT Folder Owner
Dim objVirtualDirectory 'ADSI IIS Virtual Directory Object
Dim blnScriptPermissions 'IIS script permissions flag
Dim blnExecutePermissions ' IIS Execute permissions flag
Dim blnWritePermissions '
Dim blnReadPermissions '
Dim strHTTPReferer 'IIS Referrer Page
Dim objWSH 'Windows Scripting Host Object
Dim objRTC 'Return
Dim strACLCommand 'Command Line string to set ACLs
Dim MachineName ' computer name
strVirtualDirectoryName = "MyIISApp"
' Get the Computer name using Wscript.Network and
assign to IUSR to create IIS IUSR account name
Set WshNetwork = WScript.CreateObject("WScript.Network")
strOwner = "IUSR_" & MachineName
Set WshNetwork = Nothing
set wsc = Wscript.CreateObject("WScript.Shell")
wsc.Popup "Setting Permissions for Computer Name = " & strOwner
blnScriptPermissions = "True"
blnExecutePermissions = "True"
blnWritePermissions = "True"
blnReadPermissions = "True"
' Does this IIS application already exist in the
On Error Resume Next
Set objIIS = GetObject("IIS://localhost/W3SVC/1/Root/" &
If Err.Number = 0 Then
Wscript.echo ("An application with this name already exists. ")
Set objIIS = Nothing
IIS administration objects to create the IIS application in the metabase.
'Create the IIS application
Set objIIS = GetObject("IIS://localhost/W3SVC/1/Root")
strVirtualDirectoryPath = objIIS.Path & "\" & strVirtualDirectoryName
' First check for and optionally create the physical
folder under wwwroot
Set objFileSystem = Wscript.CreateObject("Scripting.FileSystemObject")
On Error Resume Next
Set Folder = objFileSystem.GetFolder(strVirtualDirectoryPath)
If Hex(Err.number) = "4C" Then
wsc.Popup "Creating folder " & strVirtualDirectoryPath ,
set f= objFileSystem.CreateFolder(strVirtualDirectoryPath)
Set objFileSystem = Nothing
'Using IIS Administration object , turn on script/execute
permissions and define the virtual directory as an 'in-process application.
Set objVirtualDirectory = objIIS.Create("IISWebVirtualDir",
objVirtualDirectory.AccessScript = blnScriptPermissions
objVirtualDirectory.Path = strVirtualDirectoryPath
objVirtualDirectory.AccessWrite = blnWritePermissions
objVirtualDirectory.AccessRead = blnReadPermissions
objVirtualDirectory.AccessExecute = blnExecutePermissions
'Set Change Permissions for the owner using CACLS.exe
' need to "|" pipe the "Y" yes answer to the command
"Are you sure?" prompt for this to work (see KB: Q135268 )
strACLCommand = "cmd /c echo y| CACLS "
strACLCommand = strACLCommand & strVirtualDirectoryPath
strACLCommand = strACLCommand & " /g " & strOwner &
Set objWSH = Server.CreateObject("WScript.Shell")
objRTC = objWSH.Run (strACLCommand , 0, True)
Set objWSH = Nothing
strRes = "Web Application
Created Sucessfully" & vbCRlf
strRes = strRes & "Path : "& strVirtualDirectoryPath
strRes =strRes & "Script Permissions : "& blnScriptPermissions
strRes = strRes & "Read Permissions : " & blnReadPermissions
strRes = strRes & "Write Permissions: " & blnWritePermissions
strRes = strRes & "Execute Permission: " & blnExecutePermissions
strRes = strREs & strOwner & " granted change permissions"
That's it! You
just set up an IIS Application with all the permissions needed to drop
in a DLL, register it, and have it work for the users.
Peter Bromberg is an independent consultant specializing in distributed .NET solutionsa Senior Programmer
/Analyst at in Orlando and a co-developer of the NullSkull.com
developer website. He can be reached at firstname.lastname@example.org