itramblings

Ramblings from an IT manager and long time developer.

By

IIS7: Moving the INETPUB directory to a different drive

Great article on what is involved in moving the IIS root folder in Server 2008 and newer OSs.

 

Having your content on a different partition than your Operating System is a good security practice. In previous IIS versions is was possible to do this during setup time in an unattend file. Due to changes in Vista and Windows Server 2008 setup it became impossible to do that however. After setup the IIS7 INETPUB directory will be on the same partition as Windows. Moving the INETPUB directory to a different drive has to be done after setup completes. Here is a table of configuration entries that use the INETPUB directory on a default install. An example in the right column shows how to move the setting to a different drive using the APPCMD command-line tool. Once all the settings are moved the only step left is to copy the INETPUB directory via XCOPY. Here is a link to a batch file (packaged up in MOVEIIS7ROOT.ZIP) that moves the INETPUB directory to a drive of your choice.

Directory Config setting location Example how to move setting to a different drive (this example uses the F: drive)
LOGSFREBLOGS Failed Request Event Buffering (FREB) is a new IIS7 feature that logs failed requests. The default path for FREB logs is %systemdrive%inetpublogsFailedReqLogfiles. %windir%system32inetsrvappcmd set config -section:system.applicationHost/sites -siteDefaults.traceFailedRequestsLogging.directory:”F:inetpublogsFailedReqLogFiles”
LOGSLOGFILES The default path for IIS7 log files is %systemdrive%inetpublogslogfiles. %windir%system32inetsrvappcmd set config -section:system.applicationHost/sites -siteDefaults.logfile.directory:”F:inetpublogslogfiles”%windir%system32inetsrvappcmd set config -section:system.applicationHost/log -centralBinaryLogFile.directory:”F:inetpublogslogfiles”%windir%system32inetsrvappcmd set config -section:system.applicationHost/log -centralW3CLogFile.directory:”F:inetpublogslogfiles”
TEMPAPPPOOLS AppPool isolation is a new feature in IIS7. A dedicated AppPool configuration file gets automatically created before a new Application Pool is started. The default location of these files is %systemdrive%inetpubtempappPools  reg add HKLMSystemCurrentControlSetServicesWASParameters /v ConfigIsolationPath /t REG_SZ /d f:inetpubtempappPools 
HISTORY Configuration history ensures that changes can be rolled back. The default location for configuration history is %systemdrive%inetpubhistory %windir%system32inetsrvappcmd set config -section:system.applicationhost/configHistory -path:f:inetpubhistory
TEMPASP COMPILED TEMPLATES Classic ASP stores compiled ASP code on disk if more than 250 compiled templates are in memory. The default disk cache location is “%systemdrive%inetpubtempASP Compiled Templates” %windir%system32inetsrvappcmd set config -section:system.webServer/asp -cache.disktemplateCacheDirectory:”f:inetpubtempASP Compiled Templates”
TEMPIIS TEMPORARY COMPRESSED FILES IIS7 will cache compressed responses on disk if necessary. The default location for the compression cache is “%systemdrive%inetpubtempIIS Temporary Compressed Files” %windir%system32inetsrvappcmd set config -section:system.webServer/httpCompression -directory:”f:inetpubtempIIS Temporary Compressed Files”
WWWROOT IIS7 comes with a Default Web Site which points to %systemdrive%inetpubwwwroot. %windir%system32inetsrvappcmd set vdir “Default Web Site/” -physicalPath:f:inetpubwwwroot
CUSTERR IIS7 stores Custom Error Pages in %systemdrive%inetpubcusterr %windir%system32inetsrvappcmd set config -section:httpErrors /[statusCode=’401′].prefixLanguageFilePath:f:inetpubcusterr%windir%system32inetsrvappcmd set config -section:httpErrors /[statusCode=’403′].prefixLanguageFilePath:f:inetpubcusterr%windir%system32inetsrvappcmd set config -section:httpErrors /[statusCode=’404′].prefixLanguageFilePath:f:inetpubcusterr%windir%system32inetsrvappcmd set config -section:httpErrors /[statusCode=’405′].prefixLanguageFilePath:f:inetpubcusterr%windir%system32inetsrvappcmd set config -section:httpErrors /[statusCode=’406′].prefixLanguageFilePath:f:inetpubcusterr%windir%system32inetsrvappcmd set config -section:httpErrors /[statusCode=’412′].prefixLanguageFilePath:f:inetpubcusterr%windir%system32inetsrvappcmd set config -section:httpErrors /[statusCode=’500′].prefixLanguageFilePath:f:inetpubcusterr%windir%system32inetsrvappcmd set config -section:httpErrors /[statusCode=’501′].prefixLanguageFilePath:f:inetpubcusterr%windir%system32inetsrvappcmd set config -section:httpErrors /[statusCode=’502′].prefixLanguageFilePath:f:inetpubcusterr
WWWROOT and FTPROOT Locations Service Packs and other installers need to know where your WWWROOT and FTPROOT directory is. That’s why the location is also specified in the registry.

reg add HKLMSoftwareMicrosoftinetstp /v PathWWWRoot /t REG_SZ /d f:inetpubwwwroot
reg add HKLMSoftwareMicrosoftinetstp /v PathFTPRoot /t REG_SZ /d f:inetpubftproot

 

MOVING THE CONTENT:

Once the configuration is changed you have to copy all content from your root drive to your new drive including ACLs and empty directories:

Example:

                    xcopy c:inetpub f:inetpub /E /O /I

 

/E copies all directories even if they are empty
/O copies all security settings, i.e. Access Control Lists on files and directories
/I assumes the destination is a directory

PLEASE BE AWARE OF THE FOLLOWING:
WINDOWS SERVICING EVENTS (I.E. HOTFIXES AND SERVICE PACKS) WOULD STILL REPLACE FILES IN THE ORIGINAL DIRECTORIES. THE LIKELIHOOD THAT FILES IN THE INETPUB DIRECTORIES HAVE
TO BE REPLACED BY SERVICING IS LOW BUT FOR THIS REASON DELETING THE ORIGINAL DIRECTORIES IS NOT POSSIBLE.

Local copy of download

moveiis7root.zip (1.66 kb)