0

I'm looking for a way to script the whole IIS configuration through PowerShell and I've already done most of it. The problem I'm facing right now is how to set 'IP Address Restrictions' for Management Service in IIS. I know there is a simple way to do it for a domain or a site but my goal is to limit the number of IP's being able to deploy to IIS.

Including screenshot for clarification: IIS Management Service

lis
  • 1
  • 3
  • what have you tried? what did not work as expected? – Lee_Dailey Feb 27 '21 at 07:49
  • I have no idea on how to add the `mode` and the `requestor` values using PowerShell instead of using UI. – lis Mar 01 '21 at 11:10
  • As stated in the [documentation](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831792(v=ws.11)#add-allow-or-deny-connection-rule-dialog-box), these only can be configured in IIS manager. Information about requestor are stored in the registry in an encrypted manner, not config file.You can navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WebManagement\Server to check. – Bruce Zhang Mar 02 '21 at 08:20
  • Thank you @BruceZhang! As I already know the value I want to set up, I looked up it's value in the registry and thanks to that I could include it in my script. Mystery solved! – lis Mar 02 '21 at 14:11

1 Answers1

0

Following @BruceZhang advice, I've firstly set up the required value using the UI, then looked up the registry 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WebManagement\Server\RemoteRestrictions' and found out the encrypted value for my ip address. From now on setting it up was only a matter of changing the value for this key in the registry through PowerShell script. It works fine, thanks!

Stop-Service -Name "WMSVC"

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WebManagement\Server" -Name "RemoteRestrictions" -Value /wEZAgAAAAEAAABnAgAAABkBAAAAAAAAABkDAAAAAQAAAC4EA8ADqAMdAx0CAAAALgQD/wP/A/8D/wMAAAB

Start-Service -Name "WMSVC"

lis
  • 1
  • 3