IIS7: How to enable webdav for (multiple) a website(s) via script

Article
07/13/2011

Configuring WebDAV requires some steps, e.g.:

enabling webdav for a specific site
add an webdav authoring rule for a specific user
configure WebDAV with Request Filtering (i.e. not to apply rules for webdav traffic)
enable / allow windows authentication for this site
creating windows accounts and give them NTFS permissions on the physical path where the website content is located.
(set dynamic IP restrictions)

If you want to do this for a couple of websites – you probably want to do this automatically.

This can be done by calling a batch file multiple times. Once for each website - doing all of the actions as stated above:

Here is my version:

here is what goes into the batch “webdav.cmd”:

@echo off
rem the first input parameter %1 takes the website name with quotation marks e.g. "Default Web Site"
rem the second input parameter %2 takes a password for the windows user that will associated with the webdav user has the same name as the website e.g."Default Web Site"

rem Create a windows account with the same name as the website
net user %1 %2 /add /EXPIRES:NEVER

rem build command string to get the root directory of a website using appcmd.exe
set name= %windir%\system32\inetsrv\appcmd.exe list vdir "%~1/" /text:physicalPath'

echo website "%~1/"

rem call icacls to set permissions on each directory
for /F %%X in ('call %name%) do (echo add NTFS permissions on root: %%X for user "%~1" && call icacls "%%X" /grant "%~1:(OI)(CI)(M)")

rem IIS per web site settings
rem enable windows authentication on webdav site
rem you might use basic auth in conjunction with SSL and https://support.microsoft.com/default.aspx?scid=kb;EN-US;963047
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/authentication/windowsAuthentication /enabled:"true" /commit:apphost

rem enable webdav on a site basis
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/webdav/authoring /enabled:"True" /requireSsl:"False" /commit:apphost
rem create a webdav allow rule for the user e.g."Default Web Site"
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/webdav/authoringRules /+"[users='%~1',path='*',access='Read, Write, Source']" /commit:apphost
rem disable locks for webdav authoring - you might need locks in a multi-source authoring environment.
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/webdav/authoring /locks.enabled:"False" /locks.requireLockForWriting:"False" /commit:apphost

rem make IIS Request filter behave nice to webdav requests
rem note that these settings get into applicationhost.config - so that the inetmgr UI picks them up
rem see also https://learn.iis.net/page.aspx/354/how-to-configure-webdav-with-request-filtering/
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/requestFiltering /fileExtensions.applyToWebDAV:"False" /commit:apphost
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/requestFiltering /verbs.applyToWebDAV:"False" /commit:apphost
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/requestFiltering /hiddenSegments.applyToWebDAV:"False" /commit:apphost

rem if you have dynamic request filtering installed
%windir%\system32\inetsrv\appcmd.exe set config %1 -section:system.webServer/security/ipSecurity /dynamicRestrictions.denyByRequestsOverTime.enabled:"true" /commit:apphost

Run webdav.cmd with 2 parameters e.g.: webdav.cmd “Default web site” password

and the output should look similar to this: