Problem description
I am trying to use IisFeatureDelegation to override security so I can write set new log paths. When I do this however it wipes out the config lines in the applicationHost file and rewrites new stanzas to the bottom that IIS doesn't know what to do with. I have to restore from backup when this happens. Adding the stanzas to the Verbose Logs.
If I try and use 'IIS:\Sites\Default Web Site' instead of 'MACHINE/WEBROOT/APPHOST' it does not work. This is on Server 2022.
Verbose logs
<sites>
<site name="Default Web Site" id="1">
<application path="/">
<virtualDirectory path="/" physicalPath="D:\inetpub\wwwroot" />
</application>
<application path="/MSMQ" applicationPool="DefaultAppPool">
<virtualDirectory path="/" physicalPath="D:\inetpub\wwwroot\msmq" />
</application>
<bindings>
<binding protocol="http" bindingInformation="*:80:" />
</bindings>
<logFile />
<traceFailedRequestsLogging />
<ftpServer>
<sessions />
<connections />
<security>
<dataChannelSecurity />
<commandFiltering />
<ssl />
<sslClientCertificates />
<authentication>
<anonymousAuthentication />
<basicAuthentication />
<clientCertAuthentication />
<customAuthentication>
<providers />
</customAuthentication>
</authentication>
<customAuthorization>
<provider />
</customAuthorization>
</security>
<customFeatures>
<providers />
</customFeatures>
<messages />
<fileHandling />
<firewallSupport />
<userIsolation>
<activeDirectory />
</userIsolation>
<directoryBrowse />
<logFile />
</ftpServer>
</site>
<siteDefaults>
<logFile logFormat="W3C" directory="%SystemDrive%\inetpub\logs\LogFiles" />
<traceFailedRequestsLogging directory="%SystemDrive%\inetpub\logs\FailedReqLogFiles" />
</siteDefaults>
<applicationDefaults applicationPool="DefaultAppPool" />
<virtualDirectoryDefaults allowSubDirConfig="true" />
</sites>
DSC configuration
IisFeatureDelegation applicationHostsitesUnlock
{
Filter = '/system.applicationHost/sites'
OverrideMode = 'Allow'
Path = 'MACHINE/WEBROOT/APPHOST'
}
IisFeatureDelegation applicationHostlogUnlock
{
Filter = '/system.applicationHost/log'
OverrideMode = 'Allow'
Path = 'MACHINE/WEBROOT/APPHOST'
}
IisFeatureDelegation ftpServerUnlock
{
Filter = '/system.ftpServer/log'
OverrideMode = 'Allow'
Path = 'MACHINE/WEBROOT/APPHOST'
}Suggested solution
No idea
Operating system the target node is running
PowerShell version and build the target node is running
WebAdministrationDsc version
Problem description
I am trying to use IisFeatureDelegation to override security so I can write set new log paths. When I do this however it wipes out the config lines in the applicationHost file and rewrites new stanzas to the bottom that IIS doesn't know what to do with. I have to restore from backup when this happens. Adding the stanzas to the Verbose Logs.
If I try and use 'IIS:\Sites\Default Web Site' instead of 'MACHINE/WEBROOT/APPHOST' it does not work. This is on Server 2022.
Verbose logs
DSC configuration
IisFeatureDelegation applicationHostsitesUnlock { Filter = '/system.applicationHost/sites' OverrideMode = 'Allow' Path = 'MACHINE/WEBROOT/APPHOST' } IisFeatureDelegation applicationHostlogUnlock { Filter = '/system.applicationHost/log' OverrideMode = 'Allow' Path = 'MACHINE/WEBROOT/APPHOST' } IisFeatureDelegation ftpServerUnlock { Filter = '/system.ftpServer/log' OverrideMode = 'Allow' Path = 'MACHINE/WEBROOT/APPHOST' }Suggested solution
No idea
Operating system the target node is running
PowerShell version and build the target node is running
WebAdministrationDsc version