Discovering IIS 7.0 and above ?

 
1
0
-1

It seems that discovery of IIS stopped at v6 (Server 2003) 

WMI namespace root\\MicrosoftIISv2 exist in IIS 7.0 only if "IIS 6 WMI Compatibility" is installed on the server, and even then doing select MajorIIsVersionNumber from IISWebInfo only returns 7.5, when the expected value is 8.5 for Server 2012 or even 10 for Server 2016. So it looks like WMI is supported no more

Any upcoming reviews of audit_windows.vbs to do IIS discovery for 8.5 or 10? Perhaps moving to PowerShell rather than WMI?


    CommentAdd your comment...

    3 answers

    1.  
      1
      0
      -1

      Coming in the next version (smile)

      The audit script has only been tested against 2016, so if you would like to test against others, please let me know.

      1. Mark Unwin

        The new audit script is downloadable at -

        https://raw.githubusercontent.com/Opmantek/open-audit/dev/other/audit_windows.vbs

      2. A M

        Did a quick test of the script on Win2012r2 (IIS 8.5) & 2016 (IIS 10)

        Audit requires IIS WMI provider, which is a add-on IIS component "Management Scripts and Tools" as of IIS 7.  When this feature is not installed:

        1. WMIC errors out retrieving  winmgmts:root\WebAdministration, script fails with 0x8004100E
          • I added "on error resume next" to the previous line and then got the following:
          • wbemErrInvalidNamespace - could not connect. (WebAdministration)
        2. Once script fixed, was able to capture <server> info on both 8.5 and 10, but little to no details on <server_item>

        Would AppCMD be an alternative to WMI? Seems to be available by default as of IIS 7

      3. Mark Unwin

        You're right. I've just been looking at the code, the registry and appcmd. Stay tuned for an improvement that doesn't require the management scripts and tools to be installed.

      4. A M

        Hope it doesn't require to run locally  :S

        Thanks for all you do.  I can't write a line of code, but I can test it.  Got 100+ Windows servers here to play with. 

      5. Mark Unwin

        New version is on github (use above link). It does require it to be run locally. This is because we run the commands from files on the target system. Tasks are another example of this. There are others as well. Check the script for audit_location. Discovery will (next version onward) run the script locally.

      CommentAdd your comment...
    2.  
      1
      0
      -1

      Just found some Microsoft documentation around changes to WMI on IIS7.  

      https://docs.microsoft.com/en-us/iis/wmi-provider/mapping-iis-6-0-wmi-methods-to-iis-7-and-higher-wmi-methods

      It seems that as of Windows 8 and Windows Server 2012, WMI (Windows Mgmt Instrumentation) is no longer.  The new CIM based standard now is called Windows MI (Windows Mgmt Infrastructure)

      https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page

      https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wmi_v2/windows-management-infrastructure


        CommentAdd your comment...
      1.  
        1
        0
        -1

        A M Thanks for the post, I don't have an IIS 7 to check, so I never realized this was broken.

        I'll take a look at this ASAP.

        No plans to rewrite in PowerShell (yet). It's just such a large script and rewriting will take a lot of effort, introduce bugs and provide no real benefit (unless I'm mistaken on the last one).

        I'll update here when I've addressed IIS 7 and later.

          CommentAdd your comment...