使用Powershell操纵IIsWebVirtualDir上的IP限制 [英] Using Powershell to Manipulate IP Restrictions on IIsWebVirtualDir
问题描述
使用Powershell操纵IIsWebVirtualDir(虚拟目录)上的IP限制时遇到麻烦.
Having trouble using Powershell to manipulate IP Restrictions on IIsWebVirtualDir (Virtual Directories).
但是,我有在VBS中执行此操作的代码,因此希望这是一件容易的事情:)
However, i have the code to do this in VBS, so hopefully this will be a simple matter to get help with :)
VBS中的代码
Sub Add2IPRList(WebsiteADSI, strIP2Add, strIP2AddSubnet)
Set WebRootObj = GetObject(WebsiteADSI) '"IIS://localhost/W3SVC/2/ROOT/TestVDIR"
set IPSecObj = WebRootObj.IPSecurity
If(IPSecObj.GrantByDefault)then
IPList = IPSecObj.IPDeny
Else
IPList = IPSecObj.IPGrant
End If
ReDim Preserve IPList (Ubound(IPList)+1) 'resize local copy of IPList array to CurrentSize+1
IPList(Ubound(IPList))=strIP2Add&","&strIP2AddSubnet 'add the entry to the end of the array
If(IPSecObj.GrantByDefault)then
IPSecObj.IPDeny = IPList
Else
IPSecObj.IPGrant = IPList
End If
WebRootObj.IPSecurity = IPSecObj
WebRootObj.SetInfo 'apply the setttings on the server.
set IPSecObj = Nothing
set WebRootObj = Nothing
End Sub
在Powershell中尝试1:对象返回,但类型奇怪.
Attempt 1 in Powershell: The object returns, but is of a strange type.
PS C:\> $vdir=[adsi]"IIS://localhost/W3SVC/2/ROOT/TestVDIR";([adsi]$vdir).IPSecurity;
System.__ComObject
在Powershell中尝试2:对象不返回
Attempt 2 in Powershell: The object doesnt return
PS C:\> $VDir = Get-WmiObject -Namespace 'root\MicrosoftIISv2' -Class IIsWebVirtualDir |where ($_.name).contains("TestVDIR")};$VDir.IPSecurity;
PS C:\>
任何人都知道如何1)在Powershell中使用ADSI时处理System .__ ComObject或2)知道如何通过Powershell中的WMI提供程序在IIS6中使用IPSecurity对象?
Anyone know how to either 1) deal with the System.__ComObject when using ADSI in Powershell or 2) have any idea how to work with the IPSecurity object in IIS6 via the WMI provider in Powershell?
另外:
我找到了一种使用以下代码来拉出和修改与W3SVC/2/ROOT/TestVDIR关联的IIsIPSecuritySetting对象的方法.
I found a way to pull and modify the IIsIPSecuritySetting object associated with W3SVC/2/ROOT/TestVDIR by using the following code.
param([string]$computer, [string]$W3SVCPath, [string]$strIP2Add, [string]$strIP2AddSubnet)
<# $W3SVCPath = "W3SVC/2/ROOT/TestVDir" #>;
$IPSecurity = Get-WmiObject -Authentication PacketPrivacy -class IIsIPSecuritySetting -computername $computer -namespace 'root\MicrosoftIISv2' | where {($_.name).equals("$W3SVCPath")};
if($IPSecurity.GrantByDefault){$GD="Deny"}else{$GD="Grant"}
if($IPSecurity.GrantByDefault){$IPList=$IPSecurity.IPDeny;}else{$IPList=$IPSecurity.IPGrant;};
"IPSecurity.GrantByDefault=$GD($IPList)";
$IPList=$IPList+"$strIP2Add, $strIP2AddSubnet";
if($IPSecurity.GrantByDefault){$IPSecurity.IPDeny=$IPList;}else{$IPSecurity.IPGrant=$IPList;};
if($IPSecurity.GrantByDefault){$IPList=$IPSecurity.IPDeny;}else{$IPList=$IPSecurity.IPGrant;};
"($IPList)";
我似乎无法找到一种方法来将对象设置回元数据库,因此它将应用更改.在VBS中,始终在WebRootObj中直接引用IPSecurity对象,因此使用.setInfo()函数.但是,由于我们将直接使用WMI Object类,并且引用是在对象本身内设置的,因此我似乎找不到在IIsIPSecuritySettings类内设置它的函数.
I cant seem to find a way to SET the object back to the metabase so it will apply the change. In VBS the IPSecurity object was always referenced directly within the WebRootObj and thus the .setInfo() function was used. However, as we're going for the WMI Object class directly, and the references are set within the object itself, i cant seem to find a function that will set it within the IIsIPSecuritySettings class.
由于使用上述使用WMI的"Powershell中的尝试2"时,在WebRootObj中找不到对IPSecurity属性/对象的引用,因此我不确定下一步要向哪个方向移动.
Since i cant find a reference to the IPSecurity property/object within the WebRootObj when using "Attempt 2 in Powershell" above, which uses WMI, i'm not sure which direction to move in next.
有什么想法吗?
推荐答案
这可能很棘手,但可以使用System.DirectoryServices来实现.我将为您提供两个示例,一个示例将GrantByDefault的值设置为true或false,另一个示例向您展示如何将IP地址添加到IPDeny或IPGrant列表.
This can be tricky but is doable using System.DirectoryServices. I'll give you two examples, one to set the value of GrantByDefault to true or false, the other to show you how to add IP addresses to the IPDeny or IPGrant list.
$iisObject = new-object System.DirectoryServices.DirectoryEntry("IIS://localhost/W3SVC/2/ROOT/TestVDIR")
$ipSec = $iisObject.Properties["IPSecurity"].Value
# We need to pass values as one element object arrays
[Object[]] $grantByDefault = @()
$grantByDefault += , $false # <<< We're setting it to false
$ipSec.GetType().InvokeMember("GrantByDefault", $bindingFlags, $null, $ipSec, $grantByDefault);
$iisObject.Properties["IPSecurity"].Value = $ipSec
$iisObject.CommitChanges()
2.将IP地址添加到IPDeny或IPGrant列表
2. Add an IP address to the IPDeny or IPGrant lists
$iisObject = new-object System.DirectoryServices.DirectoryEntry("IIS://localhost/W3SVC/2/ROOT/TestVDIR")
$ipSec = $iisObject.Properties["IPSecurity"].Value
$bindingFlags = [Reflection.BindingFlags] "Public, Instance, GetProperty"
$isGrantByDefault = $ipSec.GetType().InvokeMember("GrantByDefault", $bindingFlags, $null, $ipSec, $null);
# to set an iplist we need to get it first
if($isGrantByDefault)
{
$ipList = $ipSec.GetType().InvokeMember("IPDeny", $bindingFlags, $null, $ipSec, $null);
}
else
{
$ipList = $ipSec.GetType().InvokeMember("IPGrant", $bindingFlags, $null, $ipSec, $null);
}
# Add a single computer to the list:
$ipList = $ipList + "10.0.0.1, 255.255.255.255"
# This is important, we need to pass an object array of one element containing our ipList array
[Object[]] $ipArray = @()
$ipArray += , $ipList
# Now update
$bindingFlags = [Reflection.BindingFlags] "Public, Instance, SetProperty"
if($isGrantByDefault)
{
$ipList = $ipSec.GetType().InvokeMember("IPDeny", $bindingFlags, $null, $ipSec, $ipArray);
}
else
{
$ipList = $ipSec.GetType().InvokeMember("IPGrant", $bindingFlags, $null, $ipSec, $ipArray);
}
$iisObject.Properties["IPSecurity"].Value = $ipSec
$iisObject.CommitChanges()
这已在Windows 2003上使用PowerShell 2.0进行了测试.
This was tested with PowerShell 2.0 on Windows 2003.
希望不会太晚,以节省您的时间.
Hopefully not too late to save your day.
这篇关于使用Powershell操纵IIsWebVirtualDir上的IP限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
