Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Enumerating IIS 6 App Pools

216 views
Skip to first unread message

xWakawaka

unread,
Jan 14, 2008, 2:04:02 PM1/14/08
to
I need to enumerate and then get properties of remote IIS App Pools (IIS 6),
and am having a rough time.

WMI : Access Denied
Doing this remotely via Get-WMIObject consistently fails with “Access
Denied” (locally w/ same account works fine). I believe that this may because
the MicrosoftIISv2 WMI interface requires network security options which
Get-WMIObject does not use by default. Is anyone aware of any workarounds for
this?

ADSI : No Collection
Since I couldn’t get this to work using Get-WMIObject, I decided to try out
the IIS ADSI provider. According to various sources and sample scripts,
“IIS://Host/W3SVC/AppPools” should return an array of app pools, which would
be perfect and works great in vbscript. Unfortunately in powershell this
doesn't appear to return a collection or array of App Pools, but rather just
an object which seems ot have a mix of information about the AppPools object
itself, and some information about the DefaultAppPool (no information about
additional app pools).


>>[object[]]$appPools = [ADSI]"IIS://localhost/W3SVC/AppPools"
>>$appPools.count ## note that this will be 1, when several are expected
1
>>gm -i $appPools[0] ## note that this doesn’t seem to contain some kind of nested collection of app pools, but rather a single object as described above.


TypeName: System.DirectoryServices.DirectoryEntry

Name MemberType Definition

---- ---------- ----------

AdminACL Property
System.DirectoryServices.PropertyValueCollection AdminACL {get;set;}
AppPoolIdentityType Property
System.DirectoryServices.PropertyValueCollection AppPoolIdentityType {get;...
AppPoolQueueLength Property
System.DirectoryServices.PropertyValueCollection AppPoolQueueLength {get;s...
CPULimit Property
System.DirectoryServices.PropertyValueCollection CPULimit {get;set;}
CPUResetInterval Property
System.DirectoryServices.PropertyValueCollection CPUResetInterval {get;set;}
DisallowOverlappingRotation Property
System.DirectoryServices.PropertyValueCollection DisallowOverlappingRotati...
DisallowRotationOnConfigChange Property
System.DirectoryServices.PropertyValueCollection DisallowRotationOnConfigC...
IdleTimeout Property
System.DirectoryServices.PropertyValueCollection IdleTimeout {get;set;}
KeyType Property
System.DirectoryServices.PropertyValueCollection KeyType {get;set;}
LoadBalancerCapabilities Property
System.DirectoryServices.PropertyValueCollection LoadBalancerCapabilities ...
LogEventOnRecycle Property
System.DirectoryServices.PropertyValueCollection LogEventOnRecycle {get;set;}
MaxProcesses Property
System.DirectoryServices.PropertyValueCollection MaxProcesses {get;set;}
OrphanWorkerProcess Property
System.DirectoryServices.PropertyValueCollection OrphanWorkerProcess {get;...
PeriodicRestartMemory Property
System.DirectoryServices.PropertyValueCollection PeriodicRestartMemory {ge...
PeriodicRestartPrivateMemory Property
System.DirectoryServices.PropertyValueCollection PeriodicRestartPrivateMem...
PeriodicRestartRequests Property
System.DirectoryServices.PropertyValueCollection PeriodicRestartRequests {...
PeriodicRestartTime Property
System.DirectoryServices.PropertyValueCollection PeriodicRestartTime {get;...
PingingEnabled Property
System.DirectoryServices.PropertyValueCollection PingingEnabled {get;set;}
PingInterval Property
System.DirectoryServices.PropertyValueCollection PingInterval {get;set;}
PingResponseTime Property
System.DirectoryServices.PropertyValueCollection PingResponseTime {get;set;}
RapidFailProtection Property
System.DirectoryServices.PropertyValueCollection RapidFailProtection {get;...
RapidFailProtectionInterval Property
System.DirectoryServices.PropertyValueCollection RapidFailProtectionInterv...
RapidFailProtectionMaxCrashes Property
System.DirectoryServices.PropertyValueCollection RapidFailProtectionMaxCra...
ShutdownTimeLimit Property
System.DirectoryServices.PropertyValueCollection ShutdownTimeLimit {get;set;}
SMPAffinitized Property
System.DirectoryServices.PropertyValueCollection SMPAffinitized {get;set;}
SMPProcessorAffinityMask Property
System.DirectoryServices.PropertyValueCollection SMPProcessorAffinityMask ...
StartupTimeLimit Property
System.DirectoryServices.PropertyValueCollection StartupTimeLimit {get;set;}
WAMUserName Property
System.DirectoryServices.PropertyValueCollection WAMUserName {get;set;}
WAMUserPass Property
System.DirectoryServices.PropertyValueCollection WAMUserPass {get;set;}


Shay Levi

unread,
Jan 14, 2008, 3:51:59 PM1/14/08
to

Hi

Remote WMI requires secure connections. In PowerShell v1.0 try (uncomment
if necessary):

$computer="server"

$co = new-object System.Management.ConnectionOptions
#$co.Username="domain\username"
#$co.Password="password"
$co.Authentication=[System.Management.AuthenticationLevel]::PacketPrivacy
#$co.EnablePrivileges=$true;

$wmi = New-Object System.Management.ManagementObjectSearcher
$wmi.Query="Select * From IIsApplicationPool"
$wmi.Scope.Path="\\$computer\root\MicrosoftIISv2"
$wmi.Scope.Options=$co

$wmi.Get() | foreach { $_.name }


In PowerShell v2.0 there is a new parameter, -Authentication, to specify
the authentication level (one line):

gwmi -class IIsApplicationPool -namespace "root\MicrosoftIISv2" -computer
$computer -authentication PacketPrivacy | foreach { $_.name}


-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com

xWakawaka

unread,
Jan 14, 2008, 4:13:02 PM1/14/08
to
Thanks Shay-

I tried something similar to what you suggested (but hoping to use logged on
user credentials) by setting the connection options on the
ManagementObjectSearcher object, but this didn't help. See below:

74# [wmisearcher]$wmisearcher = "SELECT * FROM IISApplicationPoolSetting"
75# $wmisearcher.scope = "\\AA1-CA-52-023.a.a\root\MicrosoftIISv2"
76# $wmisearcher.scope.options.EnablePrivileges = $true
77# $wmisearcher.scope.options.Impersonation = "Impersonate"
78# $wmisearcher.scope.options.Authentication = "PacketPrivacy"
81# $wmisearcher.scope.options
Locale :
Username :
Password :
Authority :
Impersonation : Impersonate
Authentication : PacketPrivacy
EnablePrivileges : True
Context : {}
Timeout : 10675199.02:48:05.4775807
82# $wmisearcher.get()
format-default : Exception retrieving members: "Access denied "

Shay Levi

unread,
Jan 14, 2008, 4:21:55 PM1/14/08
to

Can you check the following settings on the remote computer:

1. Start > Run > dcomcnfg > ENTER
2. In the left pane (Compnent Services.msc) expand "Component Services" >
Computers
3. Right click "My Computer"
4. In the "Default Properties" tab tick the "Enable COM Internet Services
on this computer" checkbox
5. Reboot remote server and test again

-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com

> Thanks Shay-

xWakawaka

unread,
Jan 14, 2008, 4:46:00 PM1/14/08
to
It turns out this was a new / second problem. When Format-Default was trying
to enumerate throughthe properties of the object, it was causing WMI to go
off-box again and use default parameters, not the special connection that had
been set up. This resulted in an access denied for format-default (as seen
below), even though the initial query with the special parameters worked.

So in summary for future dl searchers:
You CAN perform WMI queries in psh v1 against remote boxes and where
namespaces require special options (like PacketPrivacy).

You just have to:
1) Create the WMI searcher object manually (not use Get-WMIObject)
a. Use either [wmisearcher] or the real .Net class name
2) Set the relevant properties on the .scope.options structure
3) Never do anything that enumerates through the properties of the resulting
object(s) (Get-Member, Format-*, etc). If you just access individual locally
stored properties it seems to work.

Thanks

-Matt

0 new messages