Sunday, May 16, 2010

Migrating IIS7 from System Drive to a Non-System Drive

As most of you know, IIS is by default installed on C$ in Windows Server 2008 and there is no way to install it on any other drives. The only solution is to migrate it to a different drive is post installation.

Recently i had a situation where the IIS was installed on C$ of a fully functional web server. During the server security review, we had to migrate it to a non-system drive (D$ in our case). It is a security best practice to have the IIS installed on a non-system drive. As the server was in production and we could not afford much downtime on the server, we had to figure out a way to migrate IIS from C$ to D$ with minimal impact and least downtime.

The APPCMD of the Windows Server 2008 is a fantastic utility which helps this migration without much hassles. Migrating IIS from C$ to D$ will include some data migration, log migration, registry key modifications etc.. Writing a batch file to automate this entire migration was the best possible solution and guess what, we found the same from one of the IIS blogs which works like magic:

REM-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

REM PLEASE BE AWARE: SERVICING (I.E. HOTFIXES AND SERVICE PACKS) WILL STILL REPLACE FILES
REM IN THE ORIGINAL DIRECTORIES. THE LIKELIHOOD THAT FILES IN THE INETPUB DIRECTORIES HAVE
REM TO BE REPLACED BY SERVICING IS LOW BUT FOR THIS REASON DELETING THE ORIGINAL DIRECTORIES
REM IS NOT POSSIBLE.

@echo off
IF "%1" == "" goto err
setlocal
set MOVETO=%1:\

REM simple error handling if drive does not exist or argument is wrong
IF NOT EXIST %MOVETO% goto err

REM Backup IIS config before we start changing config to point to the new path
%windir%\system32\inetsrv\appcmd add backup beforeRootMove


REM Stop all IIS services
iisreset /stop

REM Copy all content
REM /O - copy ACLs
REM /E - copy sub directories including empty ones
REM /I - assume destination is a directory
REM /Q - quiet

REM echo on, because user will be prompted if content already exists.
echo on
xcopy %systemdrive%\inetpub %MOVETO%inetpub /O /E /I /Q
@echo off
REM Move AppPool isolation directory
reg add HKLM\System\CurrentControlSet\Services\WAS\Parameters /v ConfigIsolationPath /t REG_SZ /d %MOVETO%inetpub\temp\appPools /f

REM Move logfile directories
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/sites -siteDefaults.traceFailedRequestsLogging.directory:"%MOVETO%inetpub\logs\FailedReqLogFiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/sites -siteDefaults.logfile.directory:"%MOVETO%inetpub\logs\logfiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log -centralBinaryLogFile.directory:"%MOVETO%inetpub\logs\logfiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log -centralW3CLogFile.directory:"%MOVETO%inetpub\logs\logfiles"
(more...)

Read more: My Experiences

Posted via email from jasper22's posterous