'How to set "ConnectAs" user in IIS using Powershell

I'm having trouble scripting the "ConnectAs" domain user account for nested web apps in IIS. My target environment is MS Server 2012 R2 with IIS 8, however, I see the same issues on Windows 7 with IIS 7.5.

For example, suppose I have the "Default Web Site". Under that I have "MainApplication". Under that I have another web application for "SubApplication".

I've tried suggestions found on other sites similar to below with partial success: These first 2 statements work.

Set-WebConfigurationProperty "system.applicationHost/sites/site[@name='Default Web Site']/application[@path='/MainApplication']/virtualDirectory[@path='/']" -name "username" -value "mydomain\user" 
Set-WebConfigurationProperty "system.applicationHost/sites/site[@name='Default Web Site']/application[@path='/MainApplication']/virtualDirectory[@path='/']" -name "password" -value "mypassword"

I can't seem to get the syntax right for the next two statements: 

Set-WebConfigurationProperty "system.applicationHost/sites/site[@name='Default Web Site']/application[@path='/MainApplication/SubApplication']/virtualDirectory[@path='/']" -name "username" -value "mydomain\user" 
Set-WebConfigurationProperty "system.applicationHost/sites/site[@name='Default Web Site']/application[@path='/MainApplication/SubApplication']/virtualDirectory[@path='/']" -name "password" -value "mypassword"

In a perfect world, I would be able to do something similar to below to quickly make all of the web applications run under the same domain user account: 

Get-WebApplication | ForEach-Object { $_ | Set-ItemProperty -Name "username" -Value "domain\user" }
Get-WebApplication | ForEach-Object { $_ | Set-ItemProperty -Name "password" -Value "passwordValue" }

or something like this: 

Get-WebApplication | ForEach-Object { $_.ChildElements | Select-Object -First 1 | Get-Member -Name "Attributes" | Set-Member -Name "userName" -Value "domain\username" }

Is there a good way to script set all sites, apps, etc to run under a domain user account?

powershelliispermissions


Solution 1:[1]

The solution I ended up using was to utilize a xpaths to get the full path for each site, app, & virtual directory. I found that each type needed to be iterated independently. Below is the function I ended up creating to resolve the issue. 

function Set-IIS-ConnectAsUser($username, $password)
{
    $dir = Get-Location

    cd IIS:\Sites

    # update all the web sites to run under the context of the specified user
    $webSites = Get-Website
    ForEach($webSite in $webSites)
    {
        $siteName = ($webSite | Select -Property "Name").name
        $fullPath = "system.applicationHost/sites/site[@name='$siteName']/application[@path='/']/virtualDirectory[@path='/']"
        Set-WebConfigurationProperty $fullPath -Name "username" -Value $username
        Set-WebConfigurationProperty $fullPath -Name "password" -Value $password
    }

    # update all the web applications to run under the context of the specified user
    $apps = Get-WebApplication
    ForEach($app in $apps)
    {
        $xpath = ($app | Select -Property "ItemXPath").ItemXPath
        $fullPath = "$xpath/virtualDirectory[@path='/']" 
        $fullPath = $fullPath.Substring(1)
        Set-WebConfigurationProperty $fullPath -Name "username" -Value $username
        Set-WebConfigurationProperty $fullPath -Name "password" -Value $password
    }

    # update all the virtual directories to run under the context of the specified user
    $virtualDirs = Get-WebVirtualDirectory
    ForEach($vdir in $virtualDirs)
    {
        $xpath = ($vdir | Select -Property "ItemXPath").ItemXPath
        $fullPath = $xpath.Substring(1)
        Set-WebConfigurationProperty $fullPath -Name "username" -Value $username
        Set-WebConfigurationProperty $fullPath -Name "password" -Value $password
    }


    cd $dir
}

Solution 2:[2]

Try this. Change parent and child names with yours.

Set-WebConfiguration "/system.applicationHost/sites/site[@name='Default Web Site']/application[@path='/parent/child']/virtualdirectory[@path='/']" -Value @{userName='andy';password='password'}

Solution 3:[3]

Try the below script

$deepestPath        =   "MACHINE/WEBROOT/APPHOST"
$sectionPath        =   "system.applicationHost/sites/site/application/virtualDirectory"
$appPhysicalPath    =   "D:\Inetpub\wwwroot\yourApp"
$userName           =   "domain\serviceaccount"
$password           =   "#######"
$fullPath=$sectionPath+"[@physicalPath='$appPhysicalPath']"
Set-WebConfigurationProperty -PSPath $deepestPath -Filter $fullPath -Name "userName" -Value $userName
Set-WebConfigurationProperty -PSPath $deepestPath -Filter $fullPath -Name "password" -Value $password

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Michael
Solution 2 Andy Arismendi
Solution 3 grOOt Ockley

Related Questions

Creating/Duplicating a Certificate Template with Powershell

Creating/Duplicating a Certificate Template with Powershell

Creating/Duplicating a Certificate Template with Powershell

New-ExoPSSession: Index was out of range

PowerShell Cannot dot-source this command because it was defined in a different language mode

How do I get only directories using Get-ChildItem?

Powershell - windows hard-disk health status is giving inconsistent results

The term 'AzCopy' is not recognized as a name of a cmdlet, function, script file

check if an string exists in a list of strings, using powershell

Can Powershell Run Commands in Parallel?

How can ensure that a function only accepts a positive integer?

Powershell: Two dimension arrays

PowerShell and process exit codes

PowerShell Script to set the size of pagefile.sys

Trying to install Angular 2 Material from npm - unrecognized token in source text