At my job, I am taking on the role of doing .NET build & deploys. I did that at a previous job where the servers were Win2003 and my new boxes are Win2008R2SP1 but the new corporate standard has IIS locked down with server hardening. I have seen a document of the items they are trying to remediate with the server hardening but not a document that explains every setting that was applied. I am using Rational Build Forge 7.1.3 to automate the process. Actually, I am told my team is the first team to try this. I am still learning both BF & IIS7.5, I think I have an intermediate-advanced knowledge but I wouldn't describe myself as an expert in either.
As I create my steps, I am manually testing them on my test server. So I started wanting to create my Web App with APPCMD but I got an error. Then I realized all of the APPCMD commands did not work. I escalated to the corporate web team and they suggested to just start a command prompt as an administrator but I don't think I can do that with Build Forge in the command line and when I try the RUNAS command, it can not handle the password prompt. My admin account has local admin rights on the server. As I was looking at why APPCMD didn't work, I noticed a strange error when I tried to navigate to C:\Windows\System32\inetsrv\config, it said, "You don't currently have permissions to access this folder." "Click Continue to permanently get access to the folder." After that, all of the APPCMD steps I wanted to try worked, so I thought I was good until I tried to start or stop an app pool, the last command I want to use in my depoy script. If I try to stop the DefaultAppPool, I get the error in this example below.
%systemroot%\system32\inetsrv\appcmd stop apppool /apppool.name:DefaultAppPool
ERROR ( message:The WAS service is not available - try starting the service first. )
I have Googled the error and a number of replies saying I need to run as elevated, right click the command prompt but I can't do that with BF and I don't want to automate 98% of the process just to manually do a start & stop.
My quesiton is, in the server hardening, does anyone know the setting that would cause that error? I would like to pass that solution to the corporate team to see if they will fix it on our IIS servers. Also if anyone has a workaround that can be automated that would be interesting but it can not be a 3rd party solution.
Thank you
Chris