by Thomas Deml
In the following walkthrough you will learn how to install the IIS PowerShell Snap-in and how to start the IIS PowerShell Management Console.
The IIS PowerShell Snap-in requires the following prerequisites:
- Windows Server 2008, Windows Server 2008 R2, Windows Vista Service Pack 1, or Windows 7
- Microsoft PowerShell 1.0 or 2.0
To install IIS PowerShell Snap-in:
- The IIS PowerShell Snap-in is available as x86 and x64 version. Download the 32-Bit version or 64-Bit version.
- Run the MSI file to install the IIS PowerShell Snap-in.
To use the IIS PowerShell Snap-in
PowerShell snap-ins like the IIS PowerShell Snap-in have to be registered with PowerShell. There are two ways to do this:
Automatic Registration by using the IIS PowerShell Management Console
The IIS PowerShell Snap-in setup will create a new Program Menu shortcut. By starting this shortcut the IIS PowerShell Snap-in will be registered automatically. Click on the Start Menu - select "All Programs" - "IIS 7.0 Extensions" - "IIS PowerShell Management Console". The prompt of the new PowerShell command window is set to "IIS:\" - the root of the IIS Snap-in namespace.
If you want to use the IIS PowerShell Snap-in in an existing PowerShell command window you have to register the IIS snap-in manually. You can do this by simply executing the IISConsole.PSC1 file located in the "$env:programfiles\IIS\PowerShellProvider" directory:
PS C:\> & "$env:programfiles\IIS\PowerShellSnapin\iisConsole.psc1"
A Word About Security
User Access Control
You need Administrator privileges to manage IIS configuration. This means that you have to run PowerShell command windows elevated. Make sure you always start PowerShell via the "Run as Administrator" menu item.
PowerShell Execution Policies
You might see the following error depending on the PowerShell Execution Permissions.
Windows PowerShell Copyright (C) 2006 Microsoft Corporation. All rights reserved. Do you want to run software from this untrusted publisher? File C:\Program Files\IIS\PowerShellProvider\iisprovider.types.ps1xml is published by CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US and is not trusted on your system. Only run scripts from trusted publishers. [V] Never run [D] Do not run [R] Run once [A] Always run [?] Help (default is "D"):
Although the IIS PowerShell Provider files are all signed, PowerShell only trusts scripts that are signed by a 'Trusted Publisher' when it's execution policy is set to "Restricted". There are two ways you can fix this problem.
Relax the Execution Policy
If you see the error above your execution policy is probably set to "Restricted". To trust other code you can set the execution policy to "RemoteSigned" which allows local scripts to run without requiring a digital signature. Execute the following command in an elevated PowerShell window:
PS C:\> Set-ExecutionPolicy RemoteSigned
Execute the following command if you want to know more about signing and execution policies.
Trust Microsoft Code Signing Certficate to Trusted Publishers List
To trust the IIS Provider scripts and binaries you can hit "A" in the above dialog and it will add the code signing certificate used by the IIS Snap-in to the list of Trusted Publishers. You can get a list of "Trusted Publishers" with the following command:
dir cert:\CurrentUser\TrustedPublisher | fl
In this walkthrough you learned how to automatically or manually install the IIS PowerShell Snap-in.