« Previous Next »

• 11-04-2009, 5:21 AM

  wimdows Joined on 11-04-2009, 10:17 AM Posts 1

  Remote and automated IIS 7 management from build server - permissions issue Reply Contact I've posted the following question on StackOverflow: Here's the scenario: Win2003 Build Server (CCNET) IIS7 target deployment server The various MSBuild tasks (Sdc.Tasks, MSBuild Community, MSBuild Extension Pack) for doing this (creating VDirs, setting AppPool properties) are not suitable for at least one or more of the following reasons: No support for IIS 7. No possibility to pass domain username/password to perform the operation. Microsoft.Web.Management.dll is not available on build server. 'Access Denied' error. There are no issues creating Vdirs on IIS 6 - though we're actually shelling out to iisvdir.vbs, as using any of the MSBuild task as described above seem to either not support domain username/password auth when performing the operation or will simply throw a basic 'Access Denied' message (despite having the appropriate permissions on the IIS 6 metabase). Also - bear in mind that the various methods work perfectly on IIS 7 if not specifying a specific domain user/pw as long as the current authentication context has the correct permissions, but for obvious reasons we don't want all of our CCNET build to run in that context. I've even used psexec.exe to run appcmd.exe on the box remotely, which also works fine if the current security context has appropriate permission, but as soon as you specify username/password on psexec, you get an error message saying "Cannot read configuration file due to insufficient permissions." The user specified is a domain account, and is part of the local Administrators group on the 2008 server. Also - I've ended up rolling my own RunAs MSBuild task, inheriting from the Exec task and using programmatic impersonation. I then use this to call psexec without specifying the username and password in psexec, but by impersonating when shelling to psexec, but I'm simply getting an exitcode of 1 - without any more details. As you see, I've pretty much exhausted all options, or so I reckon. If you can think of anything else, or have achieved managing IIS7 remotely, from an automated process on a non IIS7 box (using a specific non local admin user), please let me know.

  Tags: securitypermissionsIIS7ImpersonationPsexecMSBuild

• 11-04-2009, 7:20 PM

  In reply to

  SuperTramp Joined on 07-06-2008, 10:41 PM Seventies Posts 112

  Re: Remote and automated IIS 7 management from build server - permissions issue Reply Contact Can you tell me what exactly you're trying to do.  Are you trying to deploy a directory of files to a remote IIS 7 virtual directory?  Are you trying to deploy an application remotely?  Without knowing exactly what you want to do, I can tell you that MAYBE the Web Deployment Tool can help you.  Suppose all you wanted to do was take a directory of files from your build server and deploy it to IIS 7 application.  Once you have the tool installed on both the IIS 7 server and your build machine, you could run the following command (from your build machine). msdeploy -verb:sync -source:iisApp=c:\mylocalbuilddirectory -dest:iisapp=MySiteName/MyAppName,computername=iis7server,username=iis7admin,password=iis7password This command would create (if necessary) the application "MyAppName" on your remote site MySiteName, and then sync all the content from your local location to the remote app.  The tool runs on IIS 5.1+ and does the conversion for you.  You must specify remote admin credentials to the iis7server.  Like I said, I don't know if this is what you want to do, so I'm just stabbing in the dark.  More details might help me figure out if your SOL.