PowerShell script to collect information about IIS websites

ravi doshi
ravi doshi used Ask the Experts™
on
I need a powershell script that will capture the following details about websites residing in IIS:

.NET CLR version
Authentication method
Enable 32bit application flag
Connections strings

I'd like to be able to run it against a group of servers and output the server OS version and server name as well but that is a "nice to have"
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Sam JacobsDirector of Technology Development, IPM

Commented:
What OS? The IIS PowerShell cmdlets are different for Windows Server 2012 and 2016.

Author

Commented:
Windows server 2012
Sam JacobsDirector of Technology Development, IPM

Commented:
Have a go with this ... you will need to run it in an elevated PowerShell session.
Let me know if you have any questions.

$serverFile = "c:\temp\IISServers.txt"
$outputCSV  = "c:\temp\WebSiteInfo.csv"

# make sure script is running elevated
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
    Write-Warning "This script needs to be run elevated.`nPlease re-run this script as an Administrator!"
    Break
}

$servers = Get-Content $serverFile

$allSiteInfo = @()
$servers | foreach{
	$webSiteInfo = Invoke-Command -ComputerName $_ -ScriptBlock {
		$osInfo = Get-WMIObject Win32_OperatingSystem
		Import-Module WebAdministration
		$sites = @(Get-ChildItem -Path IIS:\Sites)
		$pools = @(Get-ChildItem -Path IIS:\AppPools)

		$siteInfo = @()
		foreach ($site in $sites) {
		   $name = $site.name
		   $pool =  $pools | ? name -eq $site.applicationpool
		   $netVer = $pool.managedRuntimeVersion
		   $authMethod = $pool.managedPipelineMode
		   $enable32bit = $pool.enable32bitAppOnWin64
		   $connStrings = (Get-WebConfiguration "IIS:\Sites\$($site.name)" -filter "connectionstrings/add").ConnectionString
		   $siteInfo += New-Object -Type PSObject -Property @{
				'server'=$env:ComputerName
				'OSname'=$osInfo.Caption
				'OSver'=$osInfo.Version
				'OSbits'=$osInfo.OSArchitecture
				'siteName'=$name
				'netVer'=$netVer
				'auth'=$authMethod
				'32bit'=$enable32bit
				'connStrings'=$connStrings
				}
		}
		$siteInfo | Select server, OSname, OSver, OSbits, siteName, auth, 32bit, connStrings
	}
	$allSiteInfo += $webSiteInfo
}
$allSiteInfo | Select server, OSname, OSver, OSbits, siteName, auth, 32bit, connStrings | Export-Csv $outputCSV -NoTypeInformation

Open in new window

OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

Author

Commented:
This is very close but a couple items are missing/incorrect.  I need all the authentication methods for a site.  Some of them are Anonymous and Windows authentication.  Others are Forms and Windows, etc.  I need all the authentication methods for each site listed.  

For the application pools, I need the .NET CLR Version which is either v4.0 or v2.0.  That information is the first listing on the Advanced setting section, right above Enable 32-Bit Applications setting.
Sam JacobsDirector of Technology Development, IPM

Commented:
Let me double - check it...

Author

Commented:
And how do I specify multiple servers names in the IISServers.txt file?  Comma, semicolon, quotes doen't work.  What is the separator?
Sam JacobsDirector of Technology Development, IPM

Commented:
Just put each server name on a separate line ...
Sam JacobsDirector of Technology Development, IPM

Commented:
I'm working on updating the code ...
Sam JacobsDirector of Technology Development, IPM

Commented:
Ravi ... still working on the authentication filters for forms authentication and impersonation, but please check this out in the meantime:
$serverFile = "c:\temp\IISServers.txt"
$outputCSV  = "c:\temp\WebSiteInfo.csv"

# make sure script is running elevated
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
    Write-Warning "This script needs to be run elevated.`nPlease re-run this script as an Administrator!"
    Break
}

$servers = Get-Content $serverFile

$allSiteInfo = @()
$servers | foreach{
	$webSiteInfo = Invoke-Command -ComputerName $_ -ScriptBlock {
		$anonAuthFilter  = "/system.WebServer/security/authentication/anonymousAuthentication"
		$winAuthFilter   = "/system.WebServer/security/authentication/windowsAuthentication"
		$basicAuthFilter = "/system.WebServer/security/authentication/basicAuthentication"

		$osInfo = Get-WMIObject Win32_OperatingSystem
		Import-Module WebAdministration
		$sites = @(Get-ChildItem -Path IIS:\Sites)
		$pools = @(Get-ChildItem -Path IIS:\AppPools)

		$siteInfo = @()
		foreach ($site in $sites) {
		   $name = $site.name
		   $pool =  $pools | ? name -eq $site.applicationpool
		   $netVer = $pool.managedRuntimeVersion
		   $enable32bit = $pool.enable32bitAppOnWin64
		   $connStrings = (Get-WebConfiguration "IIS:\Sites\$($site.name)" -filter "connectionstrings/add").ConnectionString
		   $authMethods = @()
		   if ((Get-WebConfigurationProperty -filter $anonAuthFilter -PSPath "IIS:\Sites\$($site.name)" -name Enabled).Value -eq $True)
			{ $authMethods += "Anonymous" } 
		   if ((Get-WebConfigurationProperty -filter $winAuthFilter -PSPath "IIS:\Sites\$($site.name)" -name Enabled).Value -eq $True)
			{ $authMethods += "Windows" } 
		   if ((Get-WebConfigurationProperty -filter $basicAuthFilter -PSPath "IIS:\Sites\$($site.name)" -name Enabled).Value -eq $True)
			{ $authMethods += "Basic" } 
		   $strMethods = $authMethods -join ","

		   $siteInfo += New-Object -Type PSObject -Property @{
				'server'=$env:ComputerName
				'OSname'=$osInfo.Caption
				'OSver'=$osInfo.Version
				'OSbits'=$osInfo.OSArchitecture
				'siteName'=$name
				'netVer'=$netVer
				'auth'=$strMethods
				'32bit'=$enable32bit
				'connStrings'=$connStrings
				}
		}
		$siteInfo | Select server, OSname, OSver, OSbits, siteName, netVer, auth, 32bit, connStrings
	}
	$allSiteInfo += $webSiteInfo
}
$allSiteInfo | Select server, OSname, OSver, OSbits, siteName, netVer, auth, 32bit, connStrings | Export-Csv $outputCSV -NoTypeInformation

Open in new window

Director of Technology Development, IPM
Commented:
Yikes! That was not easy ... I believe this should do it ... Please let me know if anything is missing ...
$serverFile = "c:\temp\IISServers.txt"
$outputCSV  = "c:\temp\WebSiteInfo.csv"

# make sure script is running elevated
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
    Write-Warning "This script needs to be run elevated.`nPlease re-run this script as an Administrator!"
    Break
}

$servers = Get-Content $serverFile

$allSiteInfo = @()
$servers | foreach{
	$webSiteInfo = Invoke-Command -ComputerName $_ -ScriptBlock {
		$anonAuthFilter  = "/system.WebServer/security/authentication/anonymousAuthentication"
		$winAuthFilter   = "/system.WebServer/security/authentication/windowsAuthentication"
		$basicAuthFilter = "/system.WebServer/security/authentication/basicAuthentication"
		$imperAuthFilter = "/system.Web/identity"

		$osInfo = Get-WMIObject Win32_OperatingSystem
		Import-Module WebAdministration
		$sites = @(Get-ChildItem -Path IIS:\Sites)
		$pools = @(Get-ChildItem -Path IIS:\AppPools)

		$siteInfo = @()
		foreach ($site in $sites) {
		   $name = $site.name
		   $pool =  $pools | ? name -eq $site.applicationpool
		   $netVer = $pool.managedRuntimeVersion
		   $enable32bit = $pool.enable32bitAppOnWin64
		   $connStrings = (Get-WebConfiguration "IIS:\Sites\$($site.name)" -filter "connectionstrings/add").ConnectionString
		   $authMethods = @()
		   if ((Get-WebConfigurationProperty -filter $anonAuthFilter -PSPath "IIS:\Sites\$($site.name)" -name Enabled).Value -eq $True)
			{ $authMethods += "Anonymous" } 
		   if ((Get-WebConfigurationProperty -filter $winAuthFilter -PSPath "IIS:\Sites\$($site.name)" -name Enabled).Value -eq $True)
			{ $authMethods += "Windows" } 
		   if ((Get-WebConfigurationProperty -filter $basicAuthFilter -PSPath "IIS:\Sites\$($site.name)" -name Enabled).Value -eq $True)
			{ $authMethods += "Basic" } 
		   if ((Get-WebConfiguration -Filter system.web/authentication -PSPath "IIS:\sites\$($site.name)").mode -eq "Forms")
			{ $authMethods += "Forms" } 
		   if (((Get-WebConfiguration -Filter system.web/identity -PSPath "IIS:\sites\$($site.name)").Attributes | ? name -eq impersonate).Value -eq $True)
			{ $authMethods += "ASP.NET impersonation" } 

		   $strMethods = $authMethods -join ","

		   $siteInfo += New-Object -Type PSObject -Property @{
				'server'=$env:ComputerName
				'OSname'=$osInfo.Caption
				'OSver'=$osInfo.Version
				'OSbits'=$osInfo.OSArchitecture
				'siteName'=$name
				'netVer'=$netVer
				'auth'=$strMethods
				'32bit'=$enable32bit
				'connStrings'=$connStrings
				}
		}
		$siteInfo | Select server, OSname, OSver, OSbits, siteName, netVer, auth, 32bit, connStrings
	}
	$allSiteInfo += $webSiteInfo
}
$allSiteInfo | Select server, OSname, OSver, OSbits, siteName, netVer, auth, 32bit, connStrings | Export-Csv $outputCSV -NoTypeInformation

Open in new window

Author

Commented:
You are a god among men and saved me countless hours of manual data entry.  I very much appreciate your assistance!!
Sam JacobsDirector of Technology Development, IPM

Commented:
You are most welcome ... Sorry it took so long ... It was a learning experience for me as well!
There were a lot of pieces to pull together (especially with the authentication methods), and it was not very intuitive.
The Microsoft documentation was pretty sparse and not very helpful.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial