Guidance for relocation of IIS 7.0 and IIS 7.5 content directories

Article ID: 2752331 - View products that this article applies to.
Expand all | Collapse all

Summary

Internet Information Services (IIS) is a core Microsoft Windows component and by design is installed on the system drive. Because IIS is an operating system component, there is no option to install IIS 7.0 or 7.5 on a non-system drive.

Starting in IIS 7.0 there were a number of architecture changes that resulted in some of the data directories that are used by IIS being relocated to the %systemdrive%\Inetpub directory, as opposed to being located in %windir%, %windir%\system32\LogFiles or %windir%\system32\inetsrv\ as in previous versions of IIS. Listed below are the important directory locations for IIS 7.0 & IIS 7.5.


Collapse this tableExpand this table
Contents of INETSRV Directory
Installation Files%windir%\system32\inetsrv
IIS Configuration & Schema%windir%\system32\inetsrv\config
History (IIS 6 config Files)%windir%\system32\inetsrv\History

Collapse this tableExpand this table
Contents of INETPUB Directory
History
(IIS 7 config Files)
%systemdrive%\inetpub\history
IIS Error Pages%systemdrive%\inetpub\custerr
IIS Logs (W3SVC, FTP & FREB Logs)%systemdrive%\inetpub\logs

· %systemdrive%\inetpub\logs\Logfiles

· %systemdrive%\inetpub\logs\FailedReqLogfiles
ASP Compiled Templates%systemdrive%\inetpub\temp\ASP Compiled Templates
Temporary IIS & Application Pool Configuration%systemdrive%\inetpub\temp\appPools
Default FTP Site%systemdrive%\inetpub\ftproot
Default Website%systemdrive%\inetpub\wwwroot
Scripts%systemdrive%\inetpub\AdminScripts\0409
Temporary IIS Compressed Files%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files


During installation, most of the core IIS components and configuration files are placed inside the %windir%\system32\inetsrv folder. The Inetsrv directory is considered the main installation directory for IIS. It has been reported that some non-Microsoft security scanning tools suggest that IIS should be installed on a non-system drive for security purposes. This is not a correct assessment. IIS is a core Windows component and cannot be installed on a non-system drive.

There have also been reports of suggestions to move the Inetpub directory to a non-system drive for security purposes. The Inetpub directory is the default web content directory and also acts as a placeholder for logs and temporary files. Most of the Inetpub subfolder locations can be reconfigured based on your needs and business requirements, however the initial Inetpub folder and subfolders should never be renamed nor deleted. This is because Windows Servicing may at some point need to update one or more of the core IIS files that are stored in %systemdrive%\inetpub\. Moving the Inetpub folder structure completely off of the system drive is not supported. Further, there are no real security benefits from moving the entire Inetpub directory structure to a non-system drive.



NOTE
: IN THE EVENT OF WINDOWS SERVICING, ONLY THE ORIGINAL DIRECTORIES AND THEIR CONTENTS WILL BE UPDATED. MICROSOFT DOES NOT RECOMMEND ANY MANIPULATION TO THE IIS DIRECTORY STRUCTURE. DOING SO WILL RENDER IIS IN AN UNSUPPORTED STATE.




Storing your web site content on a non-system drive (instead of the default %systemdrive%\inetpub folder) is fully supported and is a valid option to consider. However, hosting the website content on a non-system drive is just one possible option out of many for increasing the security levels of your web server. For more information on IIS security, please see:

Configuring Web Server Security



More information

Moving your website content: Setting a web application's physical path
It is important to remember that the website administrator can choose to host the application content in any directory they wish. The Inetpub directory is simply just the default directory for website content that gets created during installation for your convenience. When creating a new website or application using the IIS Manager, you will be prompted to enter the location (either a local physical directory or a network location) where the content resides. You can also manually change the content path in the IIS Manager after the site or application is created. For more information, please reference the following:

Create a new Web Site in IIS

Create a new Web Application in IIS

Change the Physical Path of Application Content



Moving your website content: Moving the Inetpub contents
The following script can be used to automate the relocating of the Inetpub contents, and will leave the existing directory structure untouched. To run the script, copy the contents into a .bat file and run it from an Administrative command prompt. This script is provided for sample purposes only and is not supported by Microsoft.

REM PLEASE BE AWARE: SERVICING (I.E. HOTFIXES AND SERVICE PACKS) WILL STILL REPLACE FILES 
REM IN THE ORIGINAL DIRECTORIES. THE LIKELIHOOD THAT FILES IN THE INETPUB DIRECTORIES HAVE 
REM TO BE REPLACED BY SERVICING IS LOW BUT FOR THIS REASON DELETING THE ORIGINAL DIRECTORIES
REM IS NOT POSSIBLE. 
@echo off
IF "%1" == "" goto err
setlocal
set MOVETO=%1:\
REM simple error handling if drive does not exist or argument is wrong 
IF NOT EXIST %MOVETO% goto err
REM Backup IIS config before we start changing config to point to the new path
%windir%\system32\inetsrv\appcmd add backup beforeRootMove

REM Stop all IIS services
iisreset /stop
REM Copy all content 
REM /O - copy ACLs
REM /E - copy sub directories including empty ones
REM /I - assume destination is a directory
REM /Q - quiet
REM echo on, because user will be prompted if content already exists.
echo on
xcopy %systemdrive%\inetpub %MOVETO%inetpub /O /E /I /Q
@echo off
REM Move AppPool isolation directory 
reg add HKLM\System\CurrentControlSet\Services\WAS\Parameters /v ConfigIsolationPath /t REG_SZ /d %MOVETO%inetpub\temp\appPools /f
REM Move logfile directories
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/sites -siteDefaults.traceFailedRequestsLogging.directory:"%MOVETO%inetpub\logs
\FailedReqLogFiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/sites -siteDefaults.logfile.directory:"%MOVETO%inetpub\logs\logfiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log -centralBinaryLogFile.directory:"%MOVETO%inetpub\logs\logfiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log -centralW3CLogFile.directory:"%MOVETO%inetpub\logs\logfiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/sites -siteDefaults.ftpServer.logFile.directory:"%MOVETO%inetpub\logs\logfiles"
%windir%\system32\inetsrv\appcmd set config -section:system.ftpServer/log -centralLogFile.directory:"%MOVETO%inetpub\logs\logfiles"
REM Move config history location, temporary files, the path for the Default Web Site and the custom error locations
%windir%\system32\inetsrv\appcmd set config -section:system.applicationhost/configHistory -path:%MOVETO%inetpub\history
%windir%\system32\inetsrv\appcmd set config -section:system.webServer/asp -cache.disktemplateCacheDirectory:"%MOVETO%inetpub\temp\ASP Compiled Templates"
%windir%\system32\inetsrv\appcmd set config -section:system.webServer/httpCompression -directory:"%MOVETO%inetpub\temp\IIS Temporary Compressed Files"
%windir%\system32\inetsrv\appcmd set vdir "Default Web Site/" -physicalPath:%MOVETO%inetpub\wwwroot
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='401'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='403'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='404'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='405'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='406'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='412'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='500'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='501'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='502'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
REM Make sure Service Pack and Hotfix Installers know where the IIS root directories are
reg add HKLM\Software\Microsoft\inetstp /v PathWWWRoot /t REG_SZ /d %MOVETO%inetpub\wwwroot /f 
reg add HKLM\Software\Microsoft\inetstp /v PathFTPRoot /t REG_SZ /d %MOVETO%inetpub\ftproot /f
REM Do the same for x64 directories
if not "%ProgramFiles(x86)%" == "" reg add HKLM\Software\Wow6432Node\Microsoft\inetstp /v PathWWWRoot /t REG_EXPAND_SZ /d %MOVETO%inetpub\wwwroot /f 
if not "%ProgramFiles(x86)%" == "" reg add HKLM\Software\Wow6432Node\Microsoft\inetstp /v PathFTPRoot /t REG_EXPAND_SZ /d %MOVETO%inetpub\ftproot /f
REM Restart all IIS services
iisreset /start
echo.
echo.
echo ===============================================================================
echo Moved IIS7 root directory from %systemdrive%\ to %MOVETO%.
echo.
echo Please verify if the move worked.
echo If something went wrong you can restore the old settings via 
echo     "APPCMD restore backup beforeRootMove" 
echo and 
echo     "REG delete HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationPath"
echo You also have to reset the PathWWWRoot and PathFTPRoot registry values
echo in HKEY_LOCAL_MACHINE\Software\Microsoft\InetStp.
echo ===============================================================================
echo.
echo.
endlocal
goto success
REM error message if no argument or drive does not exist
:err
echo. 
echo New root drive letter required. 
echo Here an example how to move the IIS root to the F:\ drive:
echo. 
echo MOVEIISROOT.BAT F
echo.
echo. 
:success


WARNING: DELETING OR RENAMING THE ORIGINAL IIS DIRECTORIES WILL PUT IIS IN AN UNSUPPORTED STATE.


Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2752331 - Last Review: September 24, 2012 - Revision: 14.0
Applies to
  • Microsoft Internet Information Services 7.5
  • Microsoft Internet Information Services 7.0
Keywords: 
KB2752331

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com