New features in configuration system and appcmd in IIS 7.5

Following new features have been added to IIS configuration system and appcmd command line tool in IIS 7.5.

Configuration System

1.       Configuration system tracing and logging
In IIS 7.5, IIS native configuration system can generate trace events capturing all IIS configuration activity. Because all IIS administrative tools (WMI, appcmd, MWA, UI, Powershell etc) call into native configuration system, events are generated irrespective of which administrative tool is used to read/write IIS configuration. Tracing is not enabled by default. You can go to “Application and Service Logs->Microsoft->Windows->IIS-Configuration” in event viewer and enable tracing. IIS generates 4 kinds of events. These are administrative, operational, analytic and debug. Right click on areas in event viewer and select “enable log” for categories you want to enable tracing.

2.       Ability to work with multiple .Net versions
IIS configuration system has the ability to work with multiple .net versions. For this configuration system honors metadata defaultManagedRuntimeVersion. If set, IIS will use this information to find which machine.config and root web.config it should work against. Default version assumed is v2.0. If you want to make configuration system go against other .net version, you are required to set defaultManagedRuntimeVersion metadata. If the configuration path identifies an application, configuration system automatically figures out the version by checking managedRuntimeVersion set for the application pool for the application. All administrative tools are updated to allow working with different versions of NetFx.

3.       Shared configuration now can be configured to use polling instead of change notifications to track changes to applicationHost.config file. This can be configured by specifying “enableUncPolling” and “pollingPeriod” properties in configurationRedirection section. Default value of enableUncPolling is false which means the feature is not turned on by default.

4.        “availableReadableMetadata” and “availableWritableMetadata” metadata properties are available in IAppHostAdminManager, IAppHostElement, IAppHostMethod, IAppHostProperty interfaces. These can be used to find what readable and writable metadata is available for each object.


1. Appcmd now has ability to add <clear/> tag in the collections using ‘~’. Command to clear <error> collection entries in httpErrors section will be following.
appcmd set config /section:httpErrors /~

2. Previously appcmd could only add one type of addElement collection type which limited its utility for authorization section as the addElement could be allow or deny. Now appcmd can be used to add element of a paricular type. Command to add deny entry in authorization section will be as following.
appcmd set config /section:authorization /+deny[verbs=’put’]
appcmd set config /section:authorization /-deny[verbs=’get’]

3. /clr switch can be used to specify which version of .net framework you want to work against when dealing with machine.config and web.config. If this switch is not specified, version dotnet version 2.0 will be assumed.appcmd list config /section:profile /clr:4 (or v4 or 4.0).

4. /admin switch can be used to map configuration path MACHINE/WEBROOT to administration.config. This enables appcmd to be used against administration.config. So command to read moduleProviders section from administration.config will be “appcmd list config /section:moduleProviders /admin”

Hope this helps.

6 thoughts on “New features in configuration system and appcmd in IIS 7.5

  1. How do you do the equivalent of /clr:4 using other scripting technologies like WMI?  This post is the closest thing I can find :-)

  2. When using appcmd.exe you can use /commit:apphost to commit values using location tags to applicationhost.config. How do you so the same with the powershell webadministration module?

  3. Below is what I gathered from IIS powershell snapin developer Sergei.

    In powershell it is possible to do using -location parameter in set-* commands (where this parameter available). This way you could write to a location not only in apphost, but in any config file, depending where parameter -pspath is pointing to.

    You don’t need specific path to commit, configuration will be written to the file where pspath points to. Location parameter should be relative to that path. PSPath could take either standard format “MACHINE/WEBROOT/APPHOST” and deeper; or provider path like IIS:\, IIS:\Sites — both will point to apphost, or iis:\sites\siteFoo\appBar, etc — those will point to relevant web.config. So, if

    pspath = iis:\sites
    location = “Default Web Site”

    then we will write to “Default Web Site” location in apphost.

    location – “siteFoo/appBar”

    will write to siteFoo/Appbar location in apphost.


    will write to appBar location in siteFoo web.config, if it is not locked.

    There is one subtle detail. Like InetMgr, our snapin could automatically write to the lowest available configuration file. If you use -force parameter in any set command, then code will take a look, which config above the pspath is writable, and will split original pspath to path, pointing to that file and location — rest of original effective path. After that it will follow the same logic, as above. In this case -location parameter is not required.

  4. Hi Kanwaljeet,
    Thank you for this post on appcmd updates in IIS7.5.
    Can appcmd also add "remove" tags?  I.e. "removeElement"?  As in this web.config Default Document example:
    <remove value="" />
    <add value="" />
    Both lines are needed, in case is already added at server level.  BUT, I haven't found how to add the 1st line (the "remove" line).
    I've also started a discussion at
    The docs state this is the syntax for adding a default document:
    appcmd set config /section:defaultDocument /+files.[value=' string ']
    That works for adding an "add" tag, and I've found that so does this:
    appcmd set config /section:defaultDocument /+files.add[value=' string ']
    But, the following does not work for adding a "remove" tag:
    appcmd set config /section:defaultDocument /+files.remove[value=' string ']
    Any advice here would be greatly appreciated,
    Thank you much, in advance,

  5. Hi Aaron,

    Appcmd doesn’t supporting adding a remove tag explicitly. All you can do is add/remove an element and it will decide if adding or removing a tag will get the final result. For removing an element from collection you can use /-files.[value=’string’] which will add the remove tag.


Leave a Reply

Your email address will not be published. Required fields are marked *