Script to securely backup and export IIS 6.0 Configuration

Last week I posted a basic script that took advantage of file encryption to securely backup the iis metabase. Today’s script builds upon it by backing up the IIS configuration and exporting it using iiscnfg.vbs.

REM delete mapping for H: if it exists
net use h: /del

REM map H: to remote server share
net use h: \\RemoteServer\backup /user:RemoteServer\user password

REM replace YouriisServerName with the name of your IIS web server
SET SERVER=YouriisServerName

REM yymmdd will be the current date.
REM For example June 18 2008 will be in the format 080618
SET yymmdd=%date:~12,2%%date:~4,2%%date:~7,2%

REM replace YouriiSserverPassword with the password of an
REM administrative user on the IIS box
SET PASSWORD=YouriiSserverPassword

REM replace User with an administrative user on IIS server
SET USER=Administrator

REM replace DECRYPTPWD with the password for decrypting IIS exported configuration
SET DECRYPTPWD=pwd

REM Saves configuration to C:\WINDOWS\system32\inetsrv\metabase.xml
iiscnfg.vbs /save /s %SERVER% /u %USER% /p %PASSWORD%

REM export IIS Configuration to date.metabase.xml.file
REM The following command should be on one line
iiscnfg.vbs /export /s %SERVER% /u %USER% /p %PASSWORD% /d %PASSWORD% /f H:\%SERVER%\%yymmdd%.metabase.xml /sp / /children

Now, for the secure part. We need to encrypt the bkupmeta.bat file so that not just anyone can read it’s contents. That would be a bad thing, since we have our password saved in the script.

To encrypt the bkupmeta.bat file:

In Windows Explorer right click on the bkupmeta.bat file
Select Properties
Select Advanced
Check the Encrypt Contents to Secure Data check box – OKApply
Select Encrypt the File Only

While you’re at it, double check the bkupmeta.bat’s ntfs permissions to make sure only the appropriate administrative user has access to the file. You should also verify the %windir%\system32\inetsrv\metaback\ directory has the appropriate permissions, even though it’s secured by default.

Finally, create a scheduled task that runs bkupmeta.bat whenever you’d like. Verify the backups are occuring by checking for the MD* and SC* files on the remote server.

This script was modified from one found in Chapter 9 of ”IIS 6.0 Administration Scripts, Tips, and Tricks”.

Leave a Reply

Your email address will not be published. Required fields are marked *