Configuring IIS Remote Management with DSC

Do you have web servers located throughout your network environment? Do you have admin/devs that need to manage websites and such using the graphical IIS Manager? One of the mistakes made when configuring IIS is failing to install the remote management service and providing a configuration so that admin and devs can use the IIS Manager to remote manage websites. How this problem was solved years ago was simple – walk up to the web server (or RDP), Install the missing component then launch the IIS Manager and configure the management service.  You had to do this AT the web server. Since I only use Server Core – and my servers are remote – this doesn’t work anymore.

Well, PowerShell made this much easier – I could use PowerShell remoting to connect to the web server (no RDP) and install, enable and configure the remote management service. This still works of course, but today, I use DSC to configure pretty much everything – the idea of Infrastructure from Code. So, many people ask me how I would do this using a DSC configuration.

The process to remotely manage IIS with the IIS Manager is the following:

  1. The Management service must be installed
  2. The Management service must be enabled and configured
  3. The WMSVC service must be set to startup type Automatic and Running.

Pretty simple, but if you don’t know how to configure this without the GUI management tool, it can be tricky at first. For sample code, I wrote a simple DSC configuration that installs a default web server (line 3).

Starting with line 10, I add the windows feature Web-Mgmt-Service. When the configuration is run, this will install the required components I need.

Line 17 is where I begin to configure the Management service. First you should know that this service has many configuration options, such things like the port and authentication.  (View the graphical version for more details) Each of these things can be configured at the registry location I describe in the code. But don’t go looking for that registry key until you install the Management service, as it doesn’t exist until after the installation.  You need to perform two tasks. One, enable remote management (as I did) and Two, change the default configuration to whatever you want by adding additional registry keys. In my case I took the defaults, as those work pretty well in most environments.

Line 25 is “Gotcha!” for many folks. You won’t be able to connect to the IIS server using IIS Manager until you start the WMSVC service. Now here is the catch – this service is set to a startup type of ‘Manual’. Which means after the next reboot, your remote management won’t be working. So, it’s important to both start the service and set it a startup type of Automatic.

And there you have it — your can easily use DSC to configure web servers, and the remote management of those servers.