Curt Johnson
Web Technology Writer, IIS Documentation Team
Microsoft Corporation
Updated May 7, 1999
New sample scripts and .vbs download
Administering Web sites can be time consuming and costly, especially for people who manage large Internet Service Provider (ISP) installations. To save time and money, many ISPs support only large company Web sites, at the expense of personal Web sites. But is there a cost-effective way to support both? The answer is yes, if you can automate administrative tasks and let users administer their own sites from remote computers. This solution reduces the amount of time and money it takes to manually administer a large installation, without reducing the number of Web sites supported. Microsoft® Internet Information Server (IIS) version 4.0 offers technologies to do this:
With these technologies working together behind the scenes, you can administer sites from the command line of a central computer, and you can group frequently used commands in batch files. Then, all you need to do is run the batch files to add new accounts, change permissions, add a virtual server to a site, and do many other tasks. In addition, you can hand over responsibility for administering personal Web sites directly to users.
In this article, you'll see how to perform common administrative tasks by running the administration scripts. For example, you'll see how to create a new virtual directory on a remote server and then add write access to that directory. You'll also see sample custom scripts that can change Windows NT® permissions on a server.
When you install Microsoft Windows NT Server version 4.0 and IIS, ADSI sample scripts and the WSH environment are installed by default. Although the sample scripts are fully functional, they also serve as templates from which you can customize your own scripts. For the syntax of the sample scripts, see "Sample Administration Scripts" in the Product Documentation for the Windows NT 4.0 Option Pack.
WSH is a language-independent scripting environment for 32-bit Windows platforms. Microsoft offers both Visual Basic® Scripting Edition (VBScript) and JScript® scripting engines with WSH. Third-party companies supply ActiveX® scripting engines for other languages such as Perl.
WSH can automate administrative tasks on a server, using any scripting language. For example, an administrator can write a script in VBScript to create a new virtual directory, and then, with WSH working in the background, run the script file from the command line to create a new virtual directory on the Web site. In addition, administrators can write a single script to target multiple Web sites or multiple physical servers. For detailed information about WSH, see "About Windows Scripting Host" in the Product Documentation for the Windows NT 4.0 Option Pack.
The IIS Admin Objects installed with IIS make programmatic administration as straightforward as possible. Based on Microsoft's ADSI, the IIS Admin Objects are compatible with automation and can easily be accessed and manipulated by any language that supports automation, such as VBScript or JScript in Active Server Pages (ASP), Visual Basic, Java, or C++.
When you install IIS, the sample IIS Admin Objects scripts are copied into the following directory by default:
%windir%\System32\Inetsrv\AdminSamples.
The variable %windir% represents the directory where Windows NT Server is installed.
Note This article comes with the latest version of the Adsutil.vbs script. Before working through the examples, please move your current version of Adsutil.vbs to another directory where it won't be overwritten, and download this new version into the %windir%\System32\Inetsrv\AdminSamples directory.
Download the Adsutil.vbs script file (90K).
These scripts can configure your IIS installation, create virtual directories, display information about a Web site (see the example in the following section, "Executing Scripts"), and manage the status of Web sites by stopping, pausing, and starting IIS. Each sample file is annotated with comments showing the syntax and an example.
In addition to running the sample scripts as they are, you can write your own customized scripts by extrapolating from the examples. With customized scripts, you can administer your IIS configuration by changing the settings stored in the metabase. The structure of the metabase parallels the structure of your IIS installation, and the property inheritance feature of the metabase lets you set up IIS configuration settings efficiently. You'll find samples of customized scripts in "Examples of Customized Scripts" later in this article.
For details about the metabase, see "About the Metabase and IIS Admin Objects" and for information about the IIS Admin Objects see "IIS Admin Objects Reference" in the Product Documentation for the Windows NT 4.0 Option Pack.
The IIS Admin Objects Reference is installed as an option for IIS with the Windows NT 4.0 Option Pack. If you haven't installed the reference documentation or are unsure if it's installed, follow these steps:
The IIS Admin Objects Reference contains a list of all the objects with links to the appropriate reference page. The reference page for each object includes:
For example, in the "IIS Admin Objects Reference" section of the Product Documentation for the Windows NT 4.0 Option Pack, click IISWebVirtualDir, and you'll find the following information:
The IIsWebVirtualDir object is an ADSI container object.
ADsPath
For the server's root virtual directory,
IIS://MachineName/W3SVC/n/Root
Where MachineName can be any name or "LocalHost".
For a specific virtual directory,
IIS://MachineName/W3SVC/n/Root/vdirName
Where MachineName can be any name or "LocalHost".
Syntax
varReturn = object.{Method}
Parts
varReturn
A variable that receives the return value from the method.
object
A variable that contains the IIsWebVirtualDir object, usually as a result of a previous GetObject operation.
Method
The object method chosen.
May Contain
IIsWebVirtualDir IIsWebDirectory IIsWebFile
You'll also find list of ADSI Object properties as well as metabase properties and methods, along with links to information about each property and method.
You can execute a script in one of two ways. Just type the appropriate syntax on the command line.
To execute a script on the command line, type: Cscript.exe ScriptName
To execute a script in a graphical user interface, type: Wscript.exe ScriptName
Alternatively, you can type the syntax into a batch (.bat) file, and execute your scripts from there. If you execute the same script repeatedly, putting it into a batch file saves you from retyping the script every time you want to run it.
Note The examples will not work correctly unless you have downloaded the updated Adsutil.vbs file, as recommended in the previous section.
The following example shows the current settings for the root of the default Web site. On the command line, type:
cscript.exe %windir%\system32\inetsrv\adminsamples\adsutil.vbs enum w3svc/1/root
To execute any other script on the command line, type the following syntax: Cscript.exe path\ScriptName
Instead of typing the syntax on the command line, you can type it into a batch (.bat) file and execute your scripts from there. If you execute the same script repeatedly, putting it into a batch file saves you from retyping the script every time you want to run it.
If you've added the path to the AdminSamples subdirectory, you don't have to type the full path to Cscript.exe. For information about editing the path, see the Windows NT Server documentation.
Also, if you have registered Cscript.exe as your default scripting host, you don't have to type Cscript.exe in front of the scripts to execute them. To learn how to register Cscript.exe, see Step 1 in the next section.
For more information about Cscripte.exe and Wscript.exe, see "Running Scripts Using the Command-Based Scripting Host" and "Running Scripts Using the Windows-Based Scripting Host" in the Product Documentation for the Windows NT 4.0 Option Pack.
The following examples show you how ADSI scripts can automate tasks that need to be done repeatedly. The first two examples show how to run the sample scripts and make them work for you. The final two examples show how to create custom scripts to automate various administrative tasks. For a detailed explanation of the syntax, see the Product Documentation for the Windows NT 4.0 Option Pack.
Let's say you want to create a virtual directory called "Test." This directory is on your company's intranet, on a computer named "Server2." Server2 is located in another building, about half a block from your office. Instead of walking over to the other building, you prefer to make this change right from the computer in your office, Server1.
Note For these examples to work, you must change the Windows NT environment variable on Server1 to include the path to the administration scripts. If you don't want to change this variable, you can alternatively run the scripts from their default location: %windir%\System32\Inetsrv\AdminSamples.To create a virtual directory on another server
mkwebdir -c Server2 -w "Default Web Site" -v "Test","C:\Test"
Note You don't have to create the physical directory before you run this script. The script creates both the physical and virtual directories for you. Also, the name of the virtual directory can be different from the name of the physical directory.
Now let's say you want to allow users write access on the virtual directory "Test."
adsutil set w3svc/1/root/test/accesswrite "true"-S:server2
This line adds write access to the virtual directory Test on Server2.
Web server permissions control how users access and interact with specific FTP and Web sites. For example, Web server permissions can control whether users visiting a Web site are allowed to see a particular page, upload information, or run scripts on the site. Unlike Windows NT File System (NTFS) permissions, Web server permissions apply to all users accessing a Web or FTP site. This distinction is very important because NTFS permissions apply only to a specific user or group of users with a valid Windows NT account.
The following example contains customized scripts that set permissions on a virtual directory in two ways:
The example also demonstrates how inheritance works. In the first part of the example, the GET/PUT notation denies write permission (sets it to False) from the root level of the default Web site on MyComputer. When you set permission at the root level, all directories below the root level inherit this setting. However, the dot notation (the second part of the example) grants write permission (sets it to True) on the virtual directory named Dir1a, overwriting the inherited setting from the root.
<% Dim WebServerRootObj Dim VDirObj Dim WritePerm ' Open the object for the first virtual Web server root Set WebServerRootObj = GetObject("IIS://MyComputer/W3SVC/1/Root") ' Deny write access for all directories and files ' for the server (except those already specifically set) ' Using the Put method WebServerRootObj.Put "AccessWrite", False ' Save the changed value to the metabase WebServerRootObj.SetInfo ' Get a directory subordinate to the Web server root. Note that this line of code assumes ' Vdir1 has already been created. Set VDirObj = GetObject("IIS://MyComputer/W3SVC/1/Root/Vdir1/Dir1a") ' Overwrite the inherited value for write access ' using the dot method equivalent to Put VDirObj.AccessWrite = True ' Save the changed value to the metabase VDirObj.SetInfo %>
The next example shows you how to write a customized script to create a virtual directory with Read, Script, and Directory browsing permission.
<% ''''''''''''''''''''''''''''''''' ' ADSI ASP Sample Program ' This is a sample of how to create a virtual directory using ADSI. ' ''''''''''''''''''''''''''''''''' Option Explicit On Error Resume Next ''''''''''''''''''''''' ' First, open the path to the Web server you are ' trying to add a virtual directory to. Dim ServObj Dim VdirObj Dim Testpath Set ServObj = GetObject("IIS://LocalHost/w3svc/1/Root") if (Err <>0) then Response.Write "GetObject (""IIS://LocalHost/w3svc/1/Root"") Failed! <br>" Response.Write "Error! " & Err.Number & "(" & Hex(Err.Number) & "): " & Err.Description & "<br>" Response.End end if ''''''''''''''''''''''' ' Second, Create the virtual directory (Vdir) path Set VdirObj = ServObj.Create("IIsWebVirtualDir", "MyVdir") VdirObj.SetInfo if (Err<>0) then Response.Write "CreateObject (""IIS://LocalHost/w3svc/1/Root/MyVdir"") Failed!<br>" Response.Write "Error! " & Err.Number & "(" & Hex (Err.Number) & "): " & Err.Description & "<br>" Response.End end if '''''''''''''''''''''''' ' Finally, create a Path variable containing the virtual root path and ' set the permissions to read, script, and directory browsing VdirObj.AccessRead = True VdirObj.AccessScript = True VdirObj.EnableDirBrowsing = True Testpath = "C:\Temp" VdirObj.Put "Path", (Testpath) VdirObj.SetInfo if (Err<> 0) then Response.Write "Put (""Path"") Failed!" Response.Write "Error! " & Err.Number & "(" & Hex (Err.Number) & "): " & Err.Description & "<br>" Response.End end if Response.Write "VDIR successfully created" '''''''''''''''''''''''' ' The minimum amount necessary to create a virtual directory has now ' been completed. If you need to add more, do it here. %>
Now it's your turn to jump in, create your own scripts and tailor them to your needs. For details about scripting, see "Automating and Customizing your Operations" in the product documentation for the Windows NT 4.0 Option Pack and the Microsoft Scripting Technologies Web site.