I have a need to identify IIS sites that allow NTLM authentication across all hosts in my enterprise. PowerShell is already installed on every host, so PowerShell seems like the obvious solution.
I haven't spent a lot of time with PowerShell, but this is the code I've come up with so far. It appears to properly iterate through my site list and I can get the providers element, but I'm not able to check the values of the add element's attributes.
I also tried reviewing other questions and answers, using the "similar questions" feature.
Here's the code
$site_list = Get-IISSite
foreach($site in $site_list)
{
$ConfigSection = Get-IISConfigSection("system.webServer/security/authentication/windowsAuthentication")
foreach ($attribute in $ConfigSection.Attributes)
{
if($attribute.Name -eq "enabled")
{
Write-Host $site.Name : $attribute.Name : $attribute.Value
}
}
foreach($element in $ConfigSection.ChildElements)
{
if ($element.ElementTagName -eq "providers")
{
Write-Host ChildElements.Count : $element.ChildElements.Count
$element.Attributes
$element|fl
Write-Host Attributes Count : $element.Attributes.Count
#$elem_attributes = $element.Attributes
foreach ($elem_attr in $elem_attributes)
{
Write-Host $elem_attr
}
}
}
}
My output of format-list shows a child element with the ElementTagName of add with an attribute of Value. However when I show the Count() of the the Attributes property, it shows 0. I think the OOP terminology and the XML element and properties are confusing, so I might not have some of my terms correct. Any help or guidance anyone can offer would be helpful.
Here's an example output of the format-list for the element.
Attributes : {value}
ChildElements : {}
ElementTagName : add
IsLocallyStored : True
Methods :
RawAttributes : {[value, Negotiate]}
Schema : Microsoft.Web.Administration.ConfigurationElementSchema
Attributes : {value}
ChildElements : {}
ElementTagName : add
IsLocallyStored : True
Methods :
RawAttributes : {[value, NTLM]}
Schema : Microsoft.Web.Administration.ConfigurationElementSchema
I'm still using the older WebAdministration cmdlets:
Get-WebSite | Foreach-Object {
Write-Output $_.Name
Get-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/$($_.Name)" -filter "system.webServer/security/authentication/windowsAuthentication/providers/*" -name "." | Format-Table Value
}
this will also show providers inherited from the server level.