Skip to content

Instantly share code, notes, and snippets.

@ahpooch

ahpooch/Create-WPAD_IIS_Site.ps1

Created April 22, 2025 19:34
Show Gist options
  • Save ahpooch/57a5a1d8c1975ed27d4d557586e3e5aa to your computer and use it in GitHub Desktop.
Save ahpooch/57a5a1d8c1975ed27d4d557586e3e5aa to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Create-WPAD_IIS_Site.ps1
############################################################################################
# Script to create wpad Site for Proxy #
### This script is written with idempotency in mind, so it can be run every time we want ###
# #
############################################################################################
# What the script does: #
# Creates directory for wpad site, sets basic NTFS Permissions, creates application pool, #
# creates site itself in IIS, configures mime types, disables caching, sets HostHeader and #
# log files path then starts web site. #
############################################################################################
$siteName = "wpad"
$appPoolName = "wpad"
$hostHeader = "wpad.example.com"
$logFilesPath = "%SystemDrive%\inetpub\logs\WpadLogs"
$siteFolderPath = "C:\wpad"
$siteFolderOwner = "EXAMPLE\DomainGroup"
# Create new folder for .dat/.pac files
New-Item -Path $siteFolderPath -Type Directory -Force
# Installing NTFSSecurity module for setting ACL on $siteFolderPath
Write-Output "Trying to import or install Powershell module NTFSSecurity"
Import-Module NTFSSecurity -PassThru -ErrorAction SilentlyContinue | Tee-Object -Variable NTFSSecurityIsImported
if(!($NTFSSecurityIsImported)){
Install-Module NTFSSecurity -ErrorAction Stop
}
# Setting basic NTFS permissions on $siteFolderPath
Disable-NTFSAccessInheritance -Path $siteFolderPath -RemoveInheritedAccessRules
Set-NTFSOwner -Path $siteFolderPath -Account $siteFolderOwner
Add-NTFSAccess -Path $siteFolderPath -Account $siteFolderOwner -AccessRights FullControl
Add-NTFSAccess -Path $siteFolderPath -Account SYSTEM -AccessRights FullControl
# Add access to non-domain users
Add-NTFSAccess -Path $siteFolderPath -Account "IIS AppPool\$appPoolName" -AccessRights ReadAndExecute
Add-NTFSAccess -Path $siteFolderPath -Account "IUSR" -AccessRights ReadAndExecute
# Removing web.config if it exists
$ConfigFileFullPath = Join-Path -Path $siteFolderPath -ChildPath "web.config"
if(Test-Path -Path $ConfigFileFullPath){
Remove-Item $ConfigFileFullPath -Confirm:$false
}
###(Resetting IIS Server Manager to ease debugging: https://stackoverflow.com/questions/54659575)
Reset-IISServerManager -Confirm:$false
# Create new Application Pool
if($null -eq (Get-IISAppPool wpad)){
New-WebAppPool -Name $appPoolName
}
# Create Site and associate it with site
New-WebSite -Name $siteName -PhysicalPath $siteFolderPath -ApplicationPool $appPoolName -Force
Start-Sleep -Seconds 10
# Add or edit .pac mime types to wpad Site
$pacMimeSet = Get-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/staticContent" -Name collection | Where-Object{$_.fileExtension -eq ".pac"}
if($pacMimeSet){
if($pacMimeSet.mimeType -ne "application/x-ns-proxy-autoconfig"){
Set-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/StaticContent/mimeMap[@fileExtension='.pac']" -Name mimeType -Value 'application/x-ns-proxy-autoconfig'
}
} else {
Add-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/StaticContent" -Name collection -Value @{fileExtension='.pac'; mimeType='application/x-ns-proxy-autoconfig'}
}
# Add or edit .dat mime types to wpad Site
$datMimeSet = Get-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/staticContent" -Name collection | Where-Object{$_.fileExtension -eq ".dat"}
if($datMimeSet){
if($datMimeSet.mimeType -ne "application/x-ns-proxy-autoconfig"){
Set-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/StaticContent/mimeMap[@fileExtension='.dat']" -Name mimeType -Value 'application/x-ns-proxy-autoconfig'
}
} else {
Add-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/staticContent" -Name collection -Value @{fileExtension='.dat'; mimeType='application/x-ns-proxy-autoconfig'}
}
# Set Cache-Control customHeaders to no-cache
$CacheControlSet = Get-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/httpProtocol/customHeaders" -Name collection | ?{$_.name -eq "Cache-Control"}
if($CacheControlSet){
if($CacheControlSet.value -ne "no-cache"){
Set-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/httpProtocol/customHeaders/add[@name='Cache-Control']" -Name 'value' -Value 'no-cache'
}
} else {
Add-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/httpProtocol/customHeaders" -Name collection -AtElement @{name = "Cache-Control" ; value = 'no-cache'}
}
# Disabling Caching
$CachingEnabled = (Get-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/caching" -Name enabled).Value
if($CachingEnabled){
Set-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/caching" -Name enabled -Value 'false'
}
# Disabling KernelCache
$KernelCacheEnabled = (Get-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/caching" -Name enableKernelCache).Value
if($KernelCacheEnabled){
Set-WebConfigurationProperty -PSPath "IIS:/Sites/$siteName" -Filter "system.webServer/caching" -Name enableKernelCache -Value 'false'
}
# Set HostHeader in wpad Site Binding
## After that you can only access files using Host Header url: http://<Host Header>/<filename>
Set-WebBinding -Name $siteName -PropertyName HostHeader -Value $hostHeader
# Set LogFiles folder
Set-ItemProperty "IIS:\Sites\$siteName" -Name logFile -Value @{directory=$logFilesPath}
# Starting website
Start-WebSite -Name $siteName
# Now you can copy your files to $siteFolderPath folder anyway you like
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment