Setting Up IPsecurity with ADSI ( Script )

There are different ways to restrict clients from viewing resources on an IIS server. Resources can be configured to authorize access only to clients who use certificates, or to specific authenticated client user names, or to specific IP addresses or DNS host names.

This topic provides examples to configure IIS to restrict client access based on IP addresses or DNS host names. Each example modifies the IPSecurity metabase property, which can be configured for a service, a site, a virtual directory, or a Web file.
Using ADSI in VBScriptUsing ADSI in VBScript

The following example shows you how to use the VBScript scripting language to set an IP restriction on the default Web site and display the restrictions contained in the IPSecurity metabase property.

This example uses ADSI. For an example that uses System.DirectoryServices, see Setting IP Security Using System.DirectoryServices.






Visual Basic Script

' Set up variables.
Set IIsWebVirtualDirObj = GetObject("IIS://localhost/W3SVC/1/Root")
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity

Dim IPList
IPList = Array()

' If GrantByDefault is True, you can only use IPDeny and DomainDeny.
If True = IIsIPSecurityObj.GrantByDefault Then

' Insert a new restriction.
IPList = IIsIPSecurityObj.IPDeny
If (-1 = Ubound(IPList)) Then WScript.Echo("Currently no IP Addresses are denied")
Redim IPList (Ubound(IPList)+1)
IPList (Ubound(IPList)) = "123.0.0.1,255.255.255.0"

' Set the new lists back in the metabase in two stages, and then save
' the metabase.
IIsIPSecurityObj.IPDeny = IPList
IIsWebVirtualDirObj.IPSecurity = IIsIPSecurityObj
IIsWebVirtualDirObj.Setinfo
WScript.Echo("The IPRestriction has been set")

' Display the IP restrictions.
IIsWebVirtualDirObj.Getinfo
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
IPList = IIsIPSecurityObj.IPDeny
WScript.Echo("These IP addresses are denied:")
For Each IP In IIsIPSecurityObj.IPDeny
WScript.Echo(IP)
Next

End if