On Windows Server 2022, IIS 10.0 serves as the primary web server platform for hosting ASP.NET and other applications. Many administrators still rely on the IIS Manager console for daily tasks. This approach works for single servers but becomes error-prone when scaling to multiple machines or enforcing uniform policies.
The WebAdministration PowerShell module exposes all major IIS objects as a drive provider. Cmdlets such as New-WebAppPool, New-Website, and Set-WebConfiguration allow scripted control over pools, sites, and settings. Scripts can be stored in source control and executed through scheduled tasks or deployment pipelines.
The following sections demonstrate concrete examples for application pool management, HTTPS binding setup, and security hardening. Each example uses only built-in PowerShell features available on Windows Server 2022.
#Benefits of Scripted Configuration
Scripted configuration provides repeatability. When a new server is provisioned, the same script produces identical results. Changes can be reviewed through code reviews rather than screenshots of dialog boxes. Audit logs from PowerShell transcript or logging show exactly which settings were applied and when.
#Application Pool Configuration
Application pools control process isolation and resource limits. Default settings often require adjustment for production workloads. Key properties include the managed runtime version, pipeline mode, and recycling intervals. For ASP.NET Core applications the runtime version should be left blank so the AspNetCoreModule handles process management.
Import-Module WebAdministration
$poolParams = @{
Name = "AspNetCoreApp"
}
New-WebAppPool @poolParams
Set-ItemProperty -Path "IIS:\AppPools\AspNetCoreApp" -Name ManagedRuntimeVersion -Value ""
Set-ItemProperty -Path "IIS:\AppPools\AspNetCoreApp" -Name ManagedPipelineMode -Value "Integrated"
Set-ItemProperty -Path "IIS:\AppPools\AspNetCoreApp" -Name StartMode -Value "AlwaysRunning"
Set-ItemProperty -Path "IIS:\AppPools\AspNetCoreApp" -Name "ProcessModel.IdentityType" -Value "SpecificUser"
Set-ItemProperty -Path "IIS:\AppPools\AspNetCoreApp" -Name "ProcessModel.UserName" -Value "DOMAIN\svcWebApp"#Site and Binding Setup
Sites require bindings for HTTP and HTTPS traffic. Windows Server 2022 supports TLS 1.3 when the appropriate updates are installed. Scripts should verify certificate presence before binding and use Server Name Indication for hosting multiple sites on a single IP address.
New-Website -Name "MySite" -PhysicalPath "C:\inetpub\wwwroot\mysite" -ApplicationPool "AspNetCoreApp"
New-WebBinding -Name "MySite" -Protocol https -Port 443 -HostHeader "example.com"#Security Hardening Steps
- Disable anonymous authentication when Windows or forms authentication is required.
- Set request limits with maxAllowedContentLength and maxQueryString to mitigate denial-of-service risks.
- Enable dynamic IP address restrictions through the ipSecurity configuration section.
- Require TLS 1.2 or higher by editing the SSL cipher suite order in the registry or via group policy.
Review existing configurations with Get-Website and Get-WebAppPool before writing new scripts. Test changes on a development server first. Maintain a library of reusable functions for common tasks to accelerate future deployments and keep every IIS installation in a known, auditable state.
Comments
No comments yet