- Create a certificate-signed RDP shortcut via Group Policy - Fri, Aug 9 2019
- Monitor web server uptime with a PowerShell script - Tue, Aug 6 2019
- How to build a PowerShell inventory script for Windows Servers - Fri, Aug 2 2019
Setting up IIS on a Windows Server installs a PowerShell module called WebAdministration and creates the IIS PowerShell drive. Using both of these items lets us create, read, modify, and remove IIS bindings with PowerShell. To demonstrate this, you'll first either need to RDP to the web server directly and open up a PowerShell console or use PowerShell remoting to connect to a remote session. Since I'm not up for RDPing to a server, I'll connect to my web server via PowerShell remoting.
$computerName = 'SRV1' $credential = Get-Credential Enter-PSSession -ComputerName $computerName -Credential $credential
Once connected to my session, I'll then need to import the WebAdministration module gained when installing the Web-Server Windows feature.
Querying web bindings ^
Once authenticated, I'm ready to get started. First, since a binding is no good without a website, I'll first ensure I can query my default website using the Get-Website cmdlet.
Get-Website -Name 'Default Web Site' Name ID State Physical Path Bindings ---- -- ----- ------------- -------- Default Web Site 1 Stopped %SystemDrive%\inetpub\wwwroot http *:80:
After I confirm I have a website available, I now need to investigate the bindings on that site. By default, you can only see the string output of the Bindings property when using Get-Website. We need to get some further information about this so I'll pipe the output to Select-Object and use the ExpandProperty parameter to see whether there's more information about bindings available if needed.
I can also approach this task of finding web bindings by using the Get-WebBinding command as well. This command will only return information about the bindings attached to a site rather than returning lots of other site information.
PS C:\> Get-WebBinding -Name 'Default Web Site' protocol bindingInformation sslFlags -------- ------------------ -------- http *:80: 0
The information returned from Get-WebBinding is the same information as what's in the Collection property inside the binding property from the output that Get-Website returns.
PS> (Get-Website -Name 'Default Web Site').bindings.Collection protocol bindingInformation sslFlags -------- ------------------ -------- http *:80: 0
Changing web bindings ^
Once we've confirmed attachment of a binding to a site, we can modify it and use the Set-WebBinding command. This command allows you to specify the website name using the Name parameter, the binding information, and the binding property you'd like to change. In the example below, I'm changing the binding attribute for my Default Web Site from port 80 to port 81.
Set-WebBinding -Name 'Default Web Site' -BindingInformation "*:80:" ‑PropertyName Port -Value 81
I can then verify this change using Get-WebBinding.
Get-WebBinding -Name 'Default Web Site' protocol bindingInformation sslFlags -------- ------------------ -------- http *:81: 0
As you probably already know, you can have multiple bindings attached to a single site. Using Set-WebBinding only modifies existing bindings. To create new bindings, we need to use the New-WebBinding cmdlet that allows you to point to a specific website name, provide the protocol, port, and other information to create a binding that fits your needs.
Below you can see I'm creating a new binding that binds HTTP to port 82. I'm then reading the web binding using Get-WebBinding to ensure the default website returns both bindings.
New-WebBinding -Name 'Default Web Site' -Protocol http -Port 82 Get-WebBinding -Name 'Default Web Site' protocol bindingInformation sslFlags -------- ------------------ -------- http *:81: 0 http *:82: 0
SSL bindings ^
You've been working with HTTP bindings only, but IIS also has SSL bindings you need to manage periodically. Luckily, we can perform all the same actions on SSL bindings as we do on HTTP bindings.
To work with SSL bindings, we'll use the IIS PowerShell drive instead of the cmdlets to show you a different approach.
Let's say I have a certificate installed on my web server, and I want to bind that certificate to my Default Web Site. To do this, I'd first need to read the certificate. I can do this with PowerShell by reading the certificate from the Cert: drive.
PS> $cert = Get-ChildItem cert:\localmachine\my PS> $cert PSParentPath: Microsoft.PowerShell.Security\Certificate::localmachine\my Thumbprint Subject ---------- ------- BD34F8866D09803C7049F296ED3580355B220B78 OU=Testing, CN=SRV1
Once I have assigned the certificate to a variable, I then need to create the binding information string. Notice I'm using SSLBindings in the path. In the example below, I plan to bind the certificate to listen on all IP addresses bound to port 445.
$bindingInfo = "IIS:\SSLBindings\*!445"
Finally, I can pipe the certificate I just gathered to the SSLBindings object I retrieved above to create the SSL binding.
Subscribe to 4sysops newsletter!
$cert | Set-Item -Path $bindingInfo
PowerShell's WebAdministration module and IIS drive are great resources to use when needing to automate or manage IIS web bindings via the command line.