Exporting IIS Configurations

You can use the command-line script iiscnfg.vbs, stored in the systemroot\System32\ directory, to copy all or part of an IIS metabase to an XML file, in an encrypted or unencrypted format. The XML file can be used in an import operation to copy all or part of the metabase to another IIS configuration.

The computer issuing the command must be running WindowsXP or a Windows.NET Server family system. The computer that the command affects must be running Windows.NET with IIS 6.0.

Important You must be a member of the Administrators group on the local computer to run scripts and executables, or you must have been delegated the appropriate authority. As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Runas command to run your script or executable as an administrator. From the command prompt, type runas /user:administrative_accountname "script or executable command".

This topic includes the following sections:

• Overview: Key concepts in understanding the export procedures.
• Syntax: The order in which you type a command and any arguments and options that follow it.
• Parameters: The values given to variables in the command.
• Examples: Sample code and an explanation of the results.

Overview

The metabase of an IIS server includes system-specific and computer-specific properties. Do not export the configuration of one IIS server to another IIS server without modification. Instead, use iisback.vbs or the iiscnfg.vbs copy operation (/copy), which replace system-specific and computer-specific properties so that the configuration is valid on the destination computer.

Iiscnfg.vbs provides an option to include inherited properties in the export file.

To prevent unauthorized use of export files, iiscnfg.vbs allows you to encrypt the export file with a password. The password encrypts the session key which, in turn, encrypts all properties for which the secure attribute is set.

You can read an encrypted export file (only the session key and secure properties are encrypted) and you can delete the file. However, you cannot use the export file in a /import operation unless you provide the encrypting password. Also, you cannot remove the password encryption from an export file and you cannot change the encrypting password.

The copy operation changes the computer-specific and system-specific properties in the metabase so that they are valid on the target computer. However, it does not adjust the directory or file paths. As a result, paths in the configuration might not be valid on the target computer.

Syntax

iiscnfg /export /f [Path\]FileName**.xml /spSourcePath [/d** EncryptingPassword] [/inherited] [/children] [/sComputer [/u [Domain\]User [/pPassword]]]

Parameters

• /f [Path\]FileName.xml
  Required. Specifies a unique name and location for the export file. If you specify an existing file or if the directories in the path you specify do not exist, the command fails.

  The file path must be local. When exporting a file from a remote computer, the /f parameter refers to a path on the remote computer.

• /spSourcePath
  Required. Specifies the metabase keys to export. Enter a metabase path, including the /lm/ root, to indicate the selected keys.

• /dEncryptingPassword
  Encrypts the export file with the specified password. You can use any string as the password.

  The /d parameter creates a secure export file by encrypting the session key and secure properties with the specified password. You must provide the password to use the file in an import operation.

  If you omit this parameter or omit the password argument, then the export file is encrypted with a blank password. As a result, only the secure properties are encrypted and any administrator can use the export file to import a metabase configuration.

• /inherited
  Adds inherited properties of the exported keys to the export file. Without this parameter, the export file does not include properties inherited from higher-level keys.

  If you select this option, iiscnfg.vbs adds the inherited properties of the exported keys to an IIsInheritedProperties key in the export file. When you import keys from this file, you can elect to import the inherited properties with the keys.

  When inherited properties are imported, the imported keys retain the properties they inherited in the exporting configuration. If inherited properties are not imported, the keys inherit the properties of the importing configuration.

• /children
  Recursively adds the subkeys of the specified key to the export file.

• /sComputer
  Specifies the name or IP address of a remote computer (with no backslashes). The default is the local computer.

• /u*[Domain\]User*
  Runs the script with the permissions of the specified user account. The default is the current user of the local computer.

• /pPassword
  Specifies the password of the user account specified in the /u parameter. If you omit this parameter, iiscnfg.vbs prompts you for the password and obscures the text you type.

Example 1: Exporting a Local Web Site Configuration

The following example exports the configuration of the Finance Web site to the C:\Finance\Finance.xml file. The command uses the /sp parameter to specify the metabase path of the Web site /lm/W3SVC/2, and the /children parameter to export all subkeys of the configuration. It also uses the /inherited parameter to include inherited properties in the export file. This assures that the Web site configuration retains these properties even if it is imported into a different system.

iiscnfg /export /f c:\finance\finance.xml /sp /lm/w3svc/2 /children /inherited

In response, iiscnfg.vbs displays the following success message:

Configuration exported from /lm/w3svc/2 to file c:\finance\finance.xml

The resulting file includes all the keys and subkeys within the /lm/w3svc/2 path. It also includes an IisInheritedProperties key that contains the values of all inherited properties.

Example 2: Exporting the Entire IIS Configuration of the Local Computer

The following example exports the IIS configuration of the local computer to the D:\IIStest\Config.xml file. It uses the /f parameter to specify the file name and location and the /sp parameter to specify the root key (/)of the metabase. The /children parameter adds all subkeys of the root key recursively to the export file. (Without the /children parameter, only the root key is exported.) Finally, the command uses the /d parameter and a password to encrypt the export file.

iiscnfg /export /f d:\iistest\config.xml /sp / /children /d p@sswoRd61

In response, iiscnfg.vbs displays the following success message:

Configuration / has been exported to d:\iistest\config.xml

Note that even a complete export of the configuration is not identical to the MetaBase.xml file for the system. The session key, access control lists (ACLs), and passwords differ.

You cannot tell by looking at the export file that it is encrypted. However, if you compare an encrypted and unencrypted version of the same file, you can see that the values of secure properties are changed in the encrypted version. Therefore, the file cannot be used in an import command without the password.

Related Topics

• For information on copying IIS configurations, see Copying IIS Configurations.
• For information on importing IIS configurations, see Importing IIS Configurations.
• For information on saving IIS configurations, see Saving Configurations to Disk.