Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Remote access to IIS properties problem

161 views
Skip to first unread message

JS

unread,
Nov 24, 2008, 6:53:02 PM11/24/08
to
I see other posts similar to this, but I have to believe there is a better
way of getting this info than the one solution I've found, which I cannot
implement for reasons i explain below.

I need to query many remote systems to get their LogFileDirectory property
(among other properties). Locally this works fine, but accessing a remote
server (Win2003 SP2+) I get a WMI access denied error unless I turn on
"Enable COM Internet Services on this Computer" in dcomcnfg. This is a
showstopper because I cannot reduce security on production web servers for an
administrative function and I think most would agree this is a big step in
the wrong direction.
$s = "RemoteServerName"
$IISSettings = Get-WmiObject IIsWebServerSetting -ComputerName '.'
-namespace 'root\microsoftiisv2'

On the remote system I get an Application EventLog
Event Source: WinMgmt
Event ID: 5605
Access to the root\microsoftiisv2 namespace was denied. The namespace is
marked with RequiresEncryption but the client connection was attempted with
an authentication level below Pkt_Privacy. Re try the connection using
Pkt_Privacy authentication level.

I was hopeful when I ran in to some advice that says this might be resolved
by setting packet privacy in the script like so:
PS> $w = [wmi]''
PS> $w.PSBase.Scope.Options.Authentication = 'PacketPrivacy'
PS> $w.PSBase.Scope.Options.Authentication
PacketPrivacy

But no help there, the error persists.
Can anyone offer a resolution to this?
Many thanks for the help

JS

unread,
Nov 24, 2008, 7:56:03 PM11/24/08
to
"JS" wrote:

Adding here, this is the vbscript equivelant

Set objWMIService = GetObject("winmgmts:
{authenticationLevel=pktPrivacy}\\" & strComputer & "\root
\microsoftiisv2")

What I'm looking for is a way to mimic the authentication level in my
powershell script. It would seem using the PSBase.Scope snippit would work,
I'm just lacking the PS scripting knowledge on how to do this.
Thanks again

Shay Levy [MVP]

unread,
Nov 25, 2008, 4:18:01 AM11/25/08
to
Hello JS,


Get-WMIObject in v1 doesn't support authentication, try this way:

$server="computerName"
$wmi = [WmiSearcher] "Select __SERVER,LogFileDirectory From IIsWebServerSetting
"
$wmi.scope.Path = "\\$server\root\microsoftiisv2"
$wmi.Scope.Options.Authentication = [System.Management.AuthenticationLevel]::PacketPrivacy
$wmi.get() | ft __SERVER,LogFileDirectory


It is much easier in v2:

gwmi IIsWebServerSetting -Namespace root\microsoftiisv2 -Authentication
PacketPrivacy -ComputerName computerName| ft __SERVER,LogFileDirectory

---
Shay Levy
Windows PowerShell MVP
http://blogs.microsoft.co.il/blogs/ScriptFanatic
PowerShell Toolbar: http://tinyurl.com/PSToolbar


J> I see other posts similar to this, but I have to believe there is a
J> better way of getting this info than the one solution I've found,
J> which I cannot implement for reasons i explain below.
J>
J> I need to query many remote systems to get their LogFileDirectory
J> property
J> (among other properties). Locally this works fine, but accessing a
J> remote
J> server (Win2003 SP2+) I get a WMI access denied error unless I turn
J> on
J> "Enable COM Internet Services on this Computer" in dcomcnfg. This is
J> a
J> showstopper because I cannot reduce security on production web
J> servers for an
J> administrative function and I think most would agree this is a big
J> step in
J> the wrong direction.
J> $s = "RemoteServerName"
J> $IISSettings = Get-WmiObject IIsWebServerSetting -ComputerName '.'
J> -namespace 'root\microsoftiisv2'
J> On the remote system I get an Application EventLog
J> Event Source: WinMgmt
J> Event ID: 5605
J> Access to the root\microsoftiisv2 namespace was denied. The namespace
J> is
J> marked with RequiresEncryption but the client connection was
J> attempted with
J> an authentication level below Pkt_Privacy. Re try the connection
J> using
J> Pkt_Privacy authentication level.
J> I was hopeful when I ran in to some advice that says this might be
J> resolved by setting packet privacy in the script like so:
J>

PS>> $w = [wmi]''
PS>> $w.PSBase.Scope.Options.Authentication = 'PacketPrivacy'
PS>> $w.PSBase.Scope.Options.Authentication

J> PacketPrivacy
J>
J> But no help there, the error persists.
J> Can anyone offer a resolution to this?
J> Many thanks for the help


Flowering Weeds

unread,
Nov 25, 2008, 12:51:53 PM11/25/08
to

>I see other posts similar to this, but I have
> to believe there is a better way
>

>


> I need to query many remote systems to get
> their LogFileDirectory property
> (among other properties).
>

Mmm (local or remote) data
parsing AD (here IIS with
powershell.exe)!

The Log Parser query:

LogParser.exe -h -i:ads

Returns (amoung other data):

Input format: ADS (Active Directory)
Returns properties of Active Directory objects

FROM syntax:

and so on until

Fields:

ObjectPath (S) ObjectName (S) ObjectClass (S) PropertyName
(S)
PropertyValue (S) PropertyType (S)

Examples:

Display users' job title breakdown from Active Directory:

LogParser "SELECT title, MUL(PROPCOUNT(*), 100.0) AS Percentage
INTO
DATAGRID FROM
'LDAP://myusername:mypassword@mydomain/CN=Users,DC=mydomai
n,DC=com' WHERE title IS NOT NULL GROUP BY title ORDER BY
Percentage
DESC" -objClass:user

Retrieve all the AccessFlags properties from IIS metabase objects:

LogParser "SELECT ObjectPath, PropertyValue FROM IIS://localhost
WHERE
PropertyName = 'AccessFlags'"

Or perhaps

$find = "Interop.MSUtil"

$loadFrom = $((Get-Command $find*).Path)

[void][System.Reflection.Assembly]::LoadFrom("$loadFrom")

$logQuery = New-Object "$find.LogQueryClassClass"

" "
"The Log Parser object settings."
$logQuery

$a = new-object Interop.MSUtil.COMADSInputContextClassClass

" "
"The Log Parser input ADS object settings."
$a

Exit

Returns:

The Log Parser object settings.

maxParseErrors : -1
lastError : 0
inputUnitsProcessed : 0
outputUnitsProcessed : 0
errorMessages : {}
versionMin : 2
versionMaj : 2

The Log Parser input ADS object settings.
objClass :
username :
password :
recurse : -1
multiValuedSep : |
ignoreDSErrors : True
parseBinary : False
binaryFormat : HEX

For more help, ask any PowerShell user
or MVP or any IIS (where Log Parser
comes from - no need to have IIS installed
in order to use Log Parser in PowerShell)
user or MVP or just perhaps:

LogParser.exe -h

Have fun data parsing
within powershell.exe!


JS

unread,
Nov 25, 2008, 3:37:01 PM11/25/08
to
Thanks so much, guys! You've all been tremendously helpful as I am working my
way in to Powershell. Can't wait until I can implement v2, but for now have
to work with v1.

Late last night i kind of fell in to the wmisearcher method but your hint,
Shay, helped me finalize the query to get exactly what I'm looking for.
Here's what I've ended up with to get my logfiledirectory string to a
variable:

#Get remote IIS logfiledirectory path in to $ld variable
$server="RUSTY"

$wmi = [WmiSearcher] "Select __SERVER,LogFileDirectory From
IIsWebServerSetting"
$wmi.scope.Path = "\\$server\root\microsoftiisv2"
$wmi.Scope.Options.Authentication =
[System.Management.AuthenticationLevel]::PacketPrivacy

$out=$wmi.get()
$out.LogfileDirectory
foreach ($o in $out) {$ld=$o.LogFileDirectory}
$ld

Thanks again!!

0 new messages