IIS7: Moving the INETPUB directory to a different drive

Having your content on a different partition than your Operating System is a good security practice. In previous IIS versions is was possible to do this during setup time in an unattend file. Due to changes in Vista and Windows Server 2008 setup it became impossible to do that however. After setup the IIS7 INETPUB directory will be on the same partition as Windows. Moving the INETPUB directory to a different drive has to be done after setup completes. Here is a table of configuration entries that use the INETPUB directory on a default install. An example in the right column shows how to move the setting to a different drive using the APPCMD command-line tool. Once all the settings are moved the only step left is to copy the INETPUB directory via XCOPY. The batch file attached to this blog (packaged up in a ZIP file) moves the INETPUB directory to a drive of your choice.
Directory Config setting location Example how to move setting to a different drive (this example uses the F:\ drive)
LOGS\FREBLOGS Failed Request Event Buffering (FREB) is a new IIS7 feature that logs failed requests. The default path for FREB logs is %systemdrive%\inetpub\logs\FailedReqLogfiles. %windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/sites -siteDefaults.traceFailedRequestsLogging.directory:"F:\inetpub\logs\FailedReqLogFiles"
LOGS\LOGFILES The default path for IIS7 log files is %systemdrive%\inetpub\logs\logfiles. %windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/sites -siteDefaults.logfile.directory:"F:\inetpub\logs\logfiles"%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log -centralBinaryLogFile.directory:"F:\inetpub\logs\logfiles"%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log -centralW3CLogFile.directory:"F:\inetpub\logs\logfiles"
TEMP\APPPOOLS AppPool isolation is a new feature in IIS7. A dedicated AppPool configuration file gets automatically created before a new Application Pool is started. The default location of these files is %systemdrive%\inetpub\temp\appPools  reg add HKLM\System\CurrentControlSet\Services\WAS\Parameters /v ConfigIsolationPath /t REG_SZ /d f:\inetpub\temp\appPools 
HISTORY Configuration history ensures that changes can be rolled back. The default location for configuration history is %systemdrive%\inetpub\history %windir%\system32\inetsrv\appcmd set config -section:system.applicationhost/configHistory -path:f:\inetpub\history
TEMP\ASP COMPILED TEMPLATES Classic ASP stores compiled ASP code on disk if more than 250 compiled templates are in memory. The default disk cache location is "%systemdrive%\inetpub\temp\ASP Compiled Templates" %windir%\system32\inetsrv\appcmd set config -section:system.webServer/asp -cache.disktemplateCacheDirectory:"f:\inetpub\temp\ASP Compiled Templates"
TEMP\IIS TEMPORARY COMPRESSED FILES IIS7 will cache compressed responses on disk if necessary. The default location for the compression cache is "%systemdrive%\inetpub\temp\IIS Temporary Compressed Files" %windir%\system32\inetsrv\appcmd set config -section:system.webServer/httpCompression -directory:"f:\inetpub\temp\IIS Temporary Compressed Files"
WWWROOT IIS7 comes with a Default Web Site which points to %systemdrive%\inetpub\wwwroot. %windir%\system32\inetsrv\appcmd set vdir "Default Web Site/" -physicalPath:f:\inetpub\wwwroot
CUSTERR IIS7 stores Custom Error Pages in %systemdrive%\inetpub\custerr %windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='401'].prefixLanguageFilePath:f:\inetpub\custerr%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='403'].prefixLanguageFilePath:f:\inetpub\custerr%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='404'].prefixLanguageFilePath:f:\inetpub\custerr%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='405'].prefixLanguageFilePath:f:\inetpub\custerr%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='406'].prefixLanguageFilePath:f:\inetpub\custerr%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='412'].prefixLanguageFilePath:f:\inetpub\custerr%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='500'].prefixLanguageFilePath:f:\inetpub\custerr%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='501'].prefixLanguageFilePath:f:\inetpub\custerr%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='502'].prefixLanguageFilePath:f:\inetpub\custerr
WWWROOT and FTPROOT Locations Service Packs and other installers need to know where your WWWROOT and FTPROOT directory is. That's why the location is also specified in the registry.

reg add HKLM\Software\Microsoft\inetstp /v PathWWWRoot /t REG_SZ /d f:\inetpub\wwwroot
reg add HKLM\Software\Microsoft\inetstp /v PathFTPRoot /t REG_SZ /d f:\inetpub\ftproot

 

MOVING THE CONTENT:

Once the configuration is changed you have to copy all content from your root drive to your new drive including ACLs and empty directories:

Example:

                    xcopy c:\inetpub f:\inetpub /E /O /I

 

/E copies all directories even if they are empty
/O copies all security settings, i.e. Access Control Lists on files and directories
/I assumes the destination is a directory

PLEASE BE AWARE OF THE FOLLOWING:
WINDOWS SERVICING EVENTS (I.E. HOTFIXES AND SERVICE PACKS) WOULD STILL REPLACE FILES IN THE ORIGINAL DIRECTORIES. THE LIKELIHOOD THAT FILES IN THE INETPUB DIRECTORIES HAVE
TO BE REPLACED BY SERVICING IS LOW BUT FOR THIS REASON DELETING THE ORIGINAL DIRECTORIES IS NOT POSSIBLE.

No Comments