IIS script privileges with powershell

Question

I've created a script for most of the functions I need when creating a Site for my IIS, however, there is still one thing missing.

Namely, I can't seem to find the commands for setting script privileges on a Site.

I want all script rights but no execution rights if I've understood it correctly.

So, how do you set those privileges through powershell?

Edit: The answer I was looking for was:

set-webconfigurationproperty -filter /system.webserver/handlers -name accesspolicy -value $flagsPermissions -PSPath $PS_PATH -Location $siteDescription

It works nicely.

By default Execute permissions are turned off, so there is not need to change anything when creating a new site. Unless you changed the defaults. — Peter Hahndorf, Nov 15 '12 at 10:31
I might've been unclear. I want to turn scripts on, not off. It seperates between scripts and executables in the GUI, and I don't want normal programs executable, jsut scripts. — Andtalath, Nov 15 '12 at 10:54

score 3 · Accepted Answer · answered Nov 15 '12 at 11:16

3

A new site on IIS 7+ should have it's handler accessPolicy set to 'Read, Script' so that's exactly what you want, no need for changes.

If you still want to change it:

You could use appcmd.exe from PowerShell:

appcmd set config /section:handlers /accessPolicy:Read,Script

More info on TechNet

For specific sites this setting is usually set in web.config rather than ApplicationHost.config

answered Nov 15 '12 at 11:16

Peter Hahndorf

14,058
3
41
58

Ah, then it seems that someone else have modified the defaults (I've also verified this with a local install), I'll have to check why that is before I make any changes to that. However, appcmd doesn't seem to exist on either of the systems I am working on. Also, yes, modifying web.config would work fine as well. – Andtalath Nov 15 '12 at 12:24
1

appcmd.exe is not in the path by default. It is in C:\Windows\system32\inetsrv – Peter Hahndorf Nov 15 '12 at 12:29
Ah, thanks. The command partly works, however, only if I enter Read OR Script, otherwhise, the second option is ignored with an error message (In swedish unfortunately). Also, the thing I'm looking to do is in fact in web.config, just across 82 different sites. – Andtalath Nov 15 '12 at 12:49
Two things: First, thanks, your messages led me to realize what the terms I was actually looking for (handlers, accesspolicy read, script). Second, that led me to the following line: set-webconfigurationproperty -filter /system.webserver/handlers -name accesspolicy -value $flagsPermissions -PSPath $PS_PATH Which works wonderfully. Also, we switched to inherited script privileges as well. Thanks for the assistance! – Andtalath Nov 15 '12 at 14:28
Ah, look, I tried upvoting it, but Accepting was the way to go. – Andtalath Nov 15 '12 at 15:50

IIS script privileges with powershell

1 Answers1