Handy for a batch maintenance operation a customer had to run on a few hundreds servers: they basically needed to do what’s described in this article but in a script rather than from the IIS GUI. From Shared Configuration (Appendix 3): By default, IIS includes two main providers for securing properties. These providers are located in the applicationHost.config file’s <configProtectedData> configuration section and are defined in the <providers> element. The AesProvider is specific to dealing with encryption and decryption for properties that are in the system.webServer section. The IISWASOnlyRsaProvider is specific to dealing with encryption and decryption for properties that are in the system.applicationHost section. These keys are in the iisConfigurationKey and iisWasKey key containers and are machine-specific. In a Web farm scenario, if encryption is required, then a key from one machine – usually the one that created the applicationHost.config file – is exported and brought into the other machines so that secure properties can be decrypted and used by the Web server So just copy the .config files from “C:\Windows\System32\Inetsrv\config” and use aspnet_regiis –px to export the Keys: aspnet_regiis -px “iisConfigurationKey” “D:\iisConfigurationKey.xml” -pri To import the Keys on another machine run the following: aspnet_regiis -pi “iisConfigurationKey” “D:\iisConfigurationKey.xml” The…
Automate Everything