Export Configuration Files and Encryption Keys (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Export configuration files and encryption keys from your Web server to a central location when you want other Web servers to be able to use those files and keys. The following items are exported:

  • ApplicationHost.config file: The server-level configuration file that contains IIS settings.

  • Administration.config: The server-level configuration file that contains IIS settings for IIS Manager.

  • ConfigEncKey.key file: A password-protected file that contains the encryption keys in a custom format. After you use IIS Manager to configure your computer to use shared configuration and encryption keys, the computer imports the encryption keys and stores them locally.These keys are used to decrypt any encrypted information in the configuration files.

After you export your configuration files and keys, you can also enable and configure your server to use the central location. For more information, see Configure Settings to Use Shared Configuration Files and Encryption Keys (IIS 7). Otherwise, your Web server will continue to use the configuration files and encryption keys from the local computer.


For information about the levels at which you can perform this procedure, and the modules, handlers, and permissions that are required to perform this procedure, see Shared Configuration Feature Requirements (IIS 7).

Exceptions to feature requirements

  • None

To export configuration files and encryption keys

You can perform this procedure by using the user interface (UI).

User Interface

To use the UI

  1. Open IIS Manager and click the server node. For information about opening IIS Manager, see Open IIS Manager (IIS 7).

  2. In Features View, double-click Shared Configuration.

  3. In the Actions pane, click Export Configuration to open the Export Configuration dialog box and specify settings.

  4. In the Physical path box, type the physical path or click the browse button (...) to locate the physical path of the directory to which you want to export the configuration files and encryption keys.

  5. Optionally, click Connect As to open the Set Credentials dialog box and specify a user name and password for an account that is authorized to write to the physical path. Then click OK.

  6. Under Encryption Keys, type a strong password in the Encryption keys password and Confirm password boxes. This password is used to decrypt the encrypted keys.

  7. Click OK.

  8. If you are prompted with a message that configuration files and encryption keys are already in the directory, click Yes to overwrite the existing files and keys or click No to cancel the export process.


The procedure in this topic affects the following configuration elements:

  • None

For more information about IISĀ 7 configuration, see IIS 7.0: IIS Settings Schema on MSDN.

See Also


Configuring Shared Configuration (IIS 7)