HOWTO: Installing and configuring IIS 5.0

OK, so a lot of people have switched to using Windows 2003, but there are still a lot of people using Windows 2000 out there. This script can be used to install /uninstall / reset IIS 5.0 at any time after your initial OS install.

One reason I use this script is that my SIF files are now more uniform, I simply specify "OFF" to all the IIS options in WINNT.SIF and determine afterwards at the desktop in a RunOnce script (by hostname or using devcon to identify web servers by hardware specifics) which systems get IIS installed on them.

This script will delete a lot of the default settings on IIS 5.0, while I would not call this a hardened install by any means, it's better than what the default IIS installer puts on your system...

A logic flow diagram (In PDF format) is attached for those who get dizzy looking at my crappy code.

It should not be difficult to convert this script to Windows 2003 using IIS 6.0 you should just need to check the metabase settings first. I'm not sure if MDUtil will even work on the IIS 6.0 metabase since it's supposed to be XML...

I'm not sure if you can install IIS on XP with the same settings as W2K, I think it should work, maybe someone who runs IIS on XP can enlighten me here...

Anyway, I'm hoping that this will be of use to someone else out there or at least will stimulate your imagination to write something better.

@ECHO OFF
REM Script for installing IIS 5.0 on Windows 2000 and setting the correct IIS metabase settings.

REM ============================================================================================

@Echo Off
SetLocal
Set action=%1
If Not Defined action (
  Echo Installs/uninstalls and configures IIS 5.0 on Windows 2000.
  Echo.
  Echo Syntax: %~n0 action
  Echo.
  Echo  action  Valid options are "Install", "Uninstall" and "SetDefaults"
  Echo.
  Echo 	 "Install" Will install and configure IIS 5.0
  Echo.
  Echo 	 "Uninstall" Will uninstall IIS 5.0
  Echo.
  Echo 	 "SetDefaults" will configure IIS 5.0 to the default
  Echo 	 secure settings. Note this may destroy any valid existing
  Echo 	 configurations. This should only be run on new builds.
  Goto End
)

REM ============================================================================================

GOTO %action%

REM ============================================================================================

:Install

REM in order to make this script as self contained as possible, if the required INF file is not in existance, then make it.

IF EXIST C:\TEMP\SCRIPTS\IIS_Install.inf GOTO IISInstallCheck

Echo; sysocmgr.exe /i:sysoc.inf /u:C:\TEMP\SCRIPTS\IIS_Install.inf>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo; Running this script will _NOT_ reboot the server>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo [Version]>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo     Signature = "$Windows NT$">>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo [Global]>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo     FreshMode = Custom>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo     MaintenanceMode = RemoveAll>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo     UpgradeMode =  UpgradeOnly>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo [Components]>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_common=On>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iisdbg=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_doc=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_ftp=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_htmla=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_inetmgr=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_nntp=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_nntp_docs=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_pwmgr=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_smtp=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_smtp_docs=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_www=On>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo [InternetServer]>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	PathWWWRoot = "C:\Data\WWWRoot">>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	PathFTPRoot = "C:\Data\FTPRoot">>C:\TEMP\SCRIPTS\IIS_Install.inf

:IISInstallCheck
REM Check if IIS is already installed and if so, question the reinstall.
IF EXIST %WinDir%\system32\inetsrv\inetinfo.exe GOTO IISExistsError
GOTO InstallIIS

:IISExistsError
@ECHO It seems that IIS is already installed on this system.
@ECHO If you press "Y" then this script will reinstall IIS over the 
@ECHO current configuration and the existing settings may no longer be valid.
@ECHO.
@ECHO Are you sure you want to reinstall IIS 5.0 over the existing instance?
choice /c:YN Selection  
if errorlevel 2 GOTO End
if errorlevel 1 GOTO InstallIIS

:InstallIIS
CALL sysocmgr.exe /i:sysoc.inf /u:C:\TEMP\SCRIPTS\IIS_Install.inf
GOTO SetDefaults

REM ============================================================================================

:Uninstall

IF EXIST C:\TEMP\SCRIPTS\IIS_Uninstall.inf GOTO UnInstallCheck

Echo; sysocmgr.exe /i:sysoc.inf /u:C:\TEMP\SCRIPTS\IIS_Uninstall.inf>>C:\TEMP\SCRIPTS\IIS_Uninstall.INF
Echo; Running this script will _NOT_ reboot the server>>C:\TEMP\SCRIPTS\IIS_Uninstall.INF
Echo [Version]>>C:\TEMP\SCRIPTS\IIS_Uninstall.INF
Echo     Signature = "$Windows NT$">>C:\TEMP\SCRIPTS\IIS_Uninstall.INF
Echo [Global]>>C:\TEMP\SCRIPTS\IIS_Uninstall.INF
Echo     FreshMode = Custom>>C:\TEMP\SCRIPTS\IIS_Uninstall.INF
Echo     MaintenanceMode = RemoveAll>>C:\TEMP\SCRIPTS\IIS_Uninstall.INF
Echo     UpgradeMode =  UpgradeOnly>>C:\TEMP\SCRIPTS\IIS_Uninstall.INF
Echo [Components]>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_common=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iisdbg=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_doc=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_ftp=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_htmla=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_inetmgr=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_nntp=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_nntp_docs=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_pwmgr=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_smtp=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_smtp_docs=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	iis_www=Off>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo [InternetServer]>>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	PathWWWRoot = "C:\Data\WWWRoot">>C:\TEMP\SCRIPTS\IIS_Install.inf
Echo	PathFTPRoot = "C:\Data\FTPRoot">>C:\TEMP\SCRIPTS\IIS_Install.inf

:UnInstallCheck
REM Check if IIS is already installed and if not, cancel the uninstall.
REM If it is installed then question the uninstall
IF NOT EXIST %WinDir%\system32\inetsrv\inetinfo.exe GOTO NoIISExistsError
IF EXIST %WinDir%\system32\inetsrv\inetinfo.exe GOTO IISExistsErrorUnInstall

:IISExistsErrorUnInstall
@ECHO It seems that IIS is already installed on this system.
@ECHO If you press "Y" then this script will uninstall IIS
@ECHO and this system will no longer we usable as a web server.
@ECHO.
@ECHO Are you sure you want to uninstall IIS 5.0?
choice /c:YN Selection  
if errorlevel 2 GOTO End
if errorlevel 1 GOTO UninstallIIS
GOTO End

:UninstallIIS
sysocmgr.exe /i:sysoc.inf /u:C:\TEMP\SCRIPTS\IIS_Uninstall.INF
GOTO End

REM ============================================================================================

:SetDefaults

REM Check if IIS is already installed and if not, cancel the config.
IF NOT EXIST %WinDir%\system32\inetsrv\inetinfo.exe GOTO NoIISExistsError

:CheckMDUTIL
REM Check to see if MDUTIL is already installed, if not then install it
IF EXIST %SystemRoot%\MDUtil.Exe GOTO CommonKeys

REM Expanding MDUTIL to the system path, hope we have an install CD handy in the D:\ or Z:\ drives
IF EXIST D:\i386\MDUTIL.EX_ EXPAND D:\i386\MDUTIL.EX_ %SystemRoot%\MDUtil.Exe
IF EXIST Z:\i386\MDUTIL.EX_ EXPAND Z:\i386\MDUTIL.EX_ %SystemRoot%\MDUtil.Exe
GOTO CommonKeys

:MDUTILERROR
@ECHO Cannot find the MTUTIL.EXE file, this script requires this utility to function.
@ECHO MDUTIL can be found at i386\MDUTIL.EX_ on any Windows 2000 install CD-ROM.
@ECHO Expand it to %SystemRoot%\MDUtil.Exe
@ECHO i.e. EXPAND Z:\i386\MDUTIL.EX_ %SystemRoot%\MDUtil.Exe
@ECHO
pause
GOTO End

REM ============================================================================================

:CommonKeys

@ECHO.
@ECHO Delete the unnecessary virtual directories from all systems
MDUTIL DELETE w3svc/1/root/MSADC
MDUTIL DELETE w3svc/1/root/IISAdmin
MDUTIL DELETE w3svc/1/root/IISHelp
MDUTIL DELETE w3svc/1/root/IISSamples
MDUTIL DELETE w3svc/1/root/Scripts
MDUTIL DELETE w3svc/1/root/Printers

@ECHO.
@ECHO Delete the administration site (Really should not be installed if iis_htmla=Off)
MDUTIL DELETE w3svc/2

@ECHO.
@ECHO More than 100K hits
MDUTIL DELETE /w3svc/1/ServerSize
MDUTIL SET /w3svc/ServerSize 2
MDUTIL SET /w3svc/1/ServerSize 2

@ECHO.
@ECHO Read permisssion no indexing
MDUTIL SET /w3svc/IsContentIndexed 0
MDUTIL SET /w3svc/AccessPerm 201

@ECHO.
@ECHO Disable Parent Paths
MDUTIL SET /w3svc/AspEnableParentPaths 0

@ECHO.
@ECHO Enable Buffering
MDUTIL SET /w3svc/AspBufferingOn 1

@ECHO.
@ECHO Cache all requested ASP pages
MDUTIL SET /w3svc/AspScriptFileCacheSize 0xffffffff

@ECHO.
@ECHO Read SSL RequireCert MapCert Script
MDUTIL SET w3svc/AccessPerm 0x2c9

@ECHO.
@ECHO Read Script
MDUTIL SET w3svc/1/Root/AccessPerm 0x201

@ECHO.
@ECHO Directory browsing off
MDUTIL SET w3svc/1/Root/DirectoryBrowsing 0x4000003e

@ECHO.
@ECHO Set the web server comment/name
MDUTIL SET w3svc/1/ServerComment "My Web Site"

@ECHO.
@ECHO Delete mapping for default site, will inherit master properties
MDUTIL DELETE /w3svc/1/root/ScriptMaps

@ECHO.
@ECHO Set mapping for master properties
REM Leave only the following mappings
REM .asp .cer .cdx .asa
MDUTIL SET /w3svc/ScriptMaps ".asp,C:\WINDOWS\system32\inetsrv\asp.dll,1,GET,HEAD,POST,TRACE" ".cer,C:\WINDOWS\system32\inetsrv\asp.dll,1,GET,HEAD,POST,TRACE" ".cdx,C:\WINDOWS\system32\inetsrv\asp.dll,1,GET,HEAD,POST,TRACE" ".asa,C:\WINDOWS\system32\inetsrv\asp.dll,1,GET,HEAD,POST,TRACE"

@ECHO.
@ECHO Registering ASP.NET...
REM ASP.NET mappings must be registered, the easy way to do this using aspnet_regiis.exe
%WinDir%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe -i
@ECHO.
@ECHO.
@ECHO IIS Should now be installed and configured correctly on this system
GOTO End

REM ============================================================================================

:NoIISExistsError
@ECHO.
@ECHO IIS is not currently installed on this system, uninstall/config is cancelled.
GOTO End

REM ============================================================================================

:End
EndLocal

Attached File(s)

IIS_Script_Logic_Diagram.pdf (41.94K)
Number of downloads: 25

Thanks for catching the typo, I would probally never have seen that

I use a lot of .NET & ASP.NET components on my web servers. For the typical home users static web server this is unnecessary. However as more systems start using .NET components you will need this sooner or later...
The .NET framework really isn't that big (about 20MB for the runtimes), it gets installed by default on Windows 2003 anyway. Pretty much all future software from Microsoft will require it anyway what MS is saying these days... In reality it's no different that having the VB runtimes on your system.

I install .NET Framework v1.1 from CMDLINES.TXT during the "Registers Components" part of GUI mode setup in my unattended server installs. When I had IIS installed during the regular setup(iis_www=On in WINNT.SIF), ASP.NET would correctly register itself during the install of the .NET framework.

Since I moved the IIS install from GUI mode setup to the RunOnce script after initial logon, there is a need to register ASP.NET correctly without completely reinstalling the .NET framework. The aspnet_regiis.exe does this nicely and is included with the .NET Framework for just this purpose. It's just one of those things that MS really didn't document too well...

I could of course simply install the .NET Framework after the IIS install, but what if I add some new application that needs the .NET runtimes to my build that runs before the .NET Framework is installed?
So in my mind it is safest to install .NET during GUI mode setup and then I don't have to worry about anything not working afterwards.

MSFN Forum: HOWTO: Installing and configuring IIS 5.0 - MSFN Forum

Unattended CD/DVD Guide Homepage · MSFN Forum Rules