Last week I posted a basic script that took advantage of file encryption to securely backup the iis metabase. Today’s script builds upon it by backing up the IIS configuration and exporting it using iiscnfg.vbs.
REM delete mapping for H: if it exists
net use h: /del
REM map H: to remote server share
net use h: \\RemoteServer\backup /user:RemoteServer\user password
REM replace YouriisServerName with the name of your IIS web server
SET SERVER=YouriisServerName
REM yymmdd will be the current date.
REM For example June 18 2008 will be in the format 080618
SET yymmdd=%date:~12,2%%date:~4,2%%date:~7,2%
REM replace YouriiSserverPassword with the password of an
REM administrative user on the IIS box
SET PASSWORD=YouriiSserverPassword
REM replace User with an administrative user on IIS server
SET USER=Administrator
REM replace DECRYPTPWD with the password for decrypting IIS exported configuration
SET DECRYPTPWD=pwd
REM Saves configuration to C:\WINDOWS\system32\inetsrv\metabase.xml
iiscnfg.vbs /save /s %SERVER% /u %USER% /p %PASSWORD%
REM export IIS Configuration to date.metabase.xml.file
REM The following command should be on one line
iiscnfg.vbs /export /s %SERVER% /u %USER% /p %PASSWORD% /d %PASSWORD% /f H:\%SERVER%\%yymmdd%.metabase.xml /sp / /children
Now, for the secure part. We need to encrypt the bkupmeta.bat file so that not just anyone can read it’s contents. That would be a bad thing, since we have our password saved in the script.
To encrypt the bkupmeta.bat file:
In Windows Explorer right click on the bkupmeta.bat file
Select Properties
Select Advanced
Check the Encrypt Contents to Secure Data check box – OK – Apply
Select Encrypt the File Only
While you’re at it, double check the bkupmeta.bat’s ntfs permissions to make sure only the appropriate administrative user has access to the file. You should also verify the %windir%\system32\inetsrv\metaback\ directory has the appropriate permissions, even though it’s secured by default.
Finally, create a scheduled task that runs bkupmeta.bat whenever you’d like. Verify the backups are occuring by checking for the MD* and SC* files on the remote server.
This script was modified from one found in Chapter 9 of ”IIS 6.0 Administration Scripts, Tips, and Tricks”.