under my log directory I have a list of subdirectories: W3SVC1, W3SVC2, W3SVC3, etc, etc. How do I match those folders with each website on IIS?
IIS 7 – Log File Directory Location
iis-7log-files
Related Solutions
Update: The original question was for Windows Server 2008, but the solution is easier for Windows Server 2008 R2 and Windows Server 2012 (and Windows 7 and 8). You can add the user through the NTFS UI by typing it in directly. The name is in the format of IIS APPPOOL\{app pool name}. For example: IIS APPPOOL\DefaultAppPool.
IIS APPPOOL\{app pool name}
Note: Per comments below, there are two things to be aware of:
- Enter the string directly into the "Select User or Group" and not in the search field.
- In a domain environment you need to set the Location to your local computer first.
Reference to Microsoft Docs article: Application Pool Identities > Securing Resources
Original response: (for Windows Server 2008) This is a great feature, but as you mentioned it's not fully implemented yet. You can add the app pool identity from the command prompt with something like icacls, then you can manage it from the GUI. For example, run something like this from the command prompt:
icacls c:\inetpub\wwwroot /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)(RX)
Then, in Windows Explorer, go to the wwwroot folder and edit the security permissions. You will see what looks like a group (the group icon) called DefaultAppPool. You can now edit the permissions.
However, you don't need to use this at all. It's a bonus that you can use if you want. You can use the old way of creating a custom user per app pool and assigning the custom user to disk. That has full UI support.
This SID injection method is nice because it allows you to use a single user but fully isolate each site from each other without having to create unique users for each app pool. Pretty impressive, and it will be even better with UI support.
Note: If you are unable to find the application pool user, check to see if the Windows service called Application Host Helper Service is running. It's the service that maps application pool users to Windows accounts.
I've used this VB script on IIS 6. It should work on IIS 7 if you install IIS/WMI on Windows Server 2008.
Save it as EnumerateWebSites.vbs and run it on a command line.
Option Explicit
Dim ServerName
Dim fso, WriteStuff, OutputText
Dim ws, wmiService, colItemz, item, sPath
Dim CrLf, TabChar
TabChar = Chr(9)
CrLf = Chr(13) & Chr(10)
Set wmiService = GetObject("winmgmts:{authenticationLevel=pktPrivacy}\\.\root\microsoftiisv2")
If WScript.Arguments.Length = 1 Then
ServerName = WScript.Arguments(0)
Else
ServerName = "localhost"
End If
WScript.Echo "Enumerating websites on " & ServerName & CrLf
Set ws = GetObject( "IIS://" & ServerName & "/W3SVC" )
EnumWebsites ws
Sub EnumWebsites( ws )
Dim webServer, bindings
For Each webServer IN ws
If webServer.Class = "IIsWebServer" Then
Set colItemz = wmiService.ExecQuery("select * from IIsWebVirtualDirSetting where name = 'W3SVC/" & webServer.Name & "/root'")
For Each item in colItemz
sPath = item.Path
Next
WScript.Echo _
"Site ID = " & webServer.Name & CrLf & _
"Comment = """ & webServer.ServerComment & """ " & CrLf & _
"State = " & StateTranslation( webServer.ServerState ) & CrLf & _
"LogDir = " & webServer.LogFileDirectory & CrLf & _
"Path = " & sPath & _
""
OutputText = OutputText & CrLf & "Site ID = " & webServer.Name & CrLf & _
"Comment = """ & webServer.ServerComment & """ " & CrLf & _
"State = " & StateTranslation( webServer.ServerState ) & CrLf & _
"LogDir = " & webServer.LogFileDirectory & CrLf & _
"Path = " & sPath & _
""
bindings = EnumBindings(webServer.ServerBindings) & _
EnumBindings( webServer.SecureBindings )
If Not bindings = "" THEN
WScript.Echo "IP Address" & TabChar & _
"Port" & TabChar & _
"Host" & CrLf & _
bindings
OutputText = OutputText & CrLf & "IP Address" & TabChar & _
"Port" & TabChar & _
"Host" & CrLf & _
bindings
End If
End If
NEXT
FileWriter OutputText
End Sub
Sub FileWriter(WriteText)
Set fso = CreateObject("Scripting.FileSystemObject")
Set WriteStuff = fso.OpenTextFile("OneOff.txt", 8, True)
WriteStuff.WriteLine(WriteText)
WriteStuff.Close
Set WriteStuff = nothing
Set fso = nothing
End Sub
Function EnumBindings( objBindingList )
Dim i, strIP, strPort, strHost
Dim reBinding, reMatch, reMatches
Set reBinding = NEW RegExp
reBinding.Pattern = "([^:]*):([^:]*):(.*)"
For i = LBOUND( objBindingList ) TO UBOUND( objBindingList )
Set reMatches = reBinding.Execute( objBindingList( i ) )
For Each reMatch In reMatches
strIP = reMatch.SubMatches( 0 )
strPort = reMatch.SubMatches( 1 )
strHost = reMatch.SubMatches( 2 )
If strIP = "" Then strIP = "All Unassigned"
If strHost = "" Then strHost = "*"
If LEN( strIP ) < 8 Then strIP = strIP & TabChar
EnumBindings = EnumBindings & _
strIP & TabChar & _
strPort & TabChar & _
strHost & TabChar & _
""
Next
EnumBindings = EnumBindings & CrLf
Next
End Function
Function StateTranslation(StatusID)
Select Case StatusID
Case 1
StateTranslation = "Starting"
Case 2
StateTranslation = "Started"
Case 3
StateTranslation = "Stopping "
Case 4
StateTranslation = "Stopped"
Case 5
StateTranslation = "Pausing"
Case 6
StateTranslation = "Paused"
Case 7
StateTranslation = "Continuing"
Case ELSE
StateTranslation = "Unknown state"
End Select
End Function
Best Answer
You can get the site id by clicking on the Sites node (major heading). Each site has a site id beside it in the 2nd column. The log folder will be in the format of "w3svc{siteId}", matching the site ID.
You can also find it by going to the site first and clicking on "Advanced Settings..." in the Action pane. Then the ID will be shown as one of the top fields in that dialog box.