Thursday, August 7, 2014

Move the IIS default path on Windows Server 2008 or later

For security reason, administrators might be needed to move the default IIS path, Inetpub, to non-system drive. 

According to KB2752331, IIS is a core Windows component and cannot be installed on a non-system drive and Moving the Inetpub folder structure completely off of the system drive is not supported.

It seems that Microsoft doesn't suggest moving the default IIS path to non-system drive and administrators can select to save websites or applications to other folders and drives.  

However, Microsoft recommended to move the Inetpub to a different partition to save space and improve security in Security Best Practices for IIS 8 article.

Anyway, Microsoft provided the script for us to moving to a different drive but the script isn't supported by Microsoft. Administrators might take their own risk to perform this script to move the IIS default path.

The script example like this.



Prerequisite


Lab
Assuming that administrator logged in the IIS server.

1. After installing IIS, launch "Command Prompt" as administrator.
2. Perform the script file like this.


Remark: D is a destination drive letter. Administrators have to provide the drive letter for moving.

3. Perform "xcopy c:\inetpub d:\inetpub /E /O /I" to copy all contents with ACL to a new IIS path.


As a result, the default contents of IIS have move to a new path. However, administrators shouldn't delete the original IIS default path on the system drive.

References:
Guidance for relocation of IIS 7.0 and IIS 7.5 content directories

Security Best Practices for IIS 8

IIS7: Moving the INETPUB directory to a different drive

This posting is provided “AS IS” with no warranties, and confers no rights!

No comments:

Post a Comment