Category Archives: Powershell

IIS, Powershell

IIS APPPOOL : Some or all identity references could not be translated…

Leave a comment

System.Security.Principal.SecurityIdentifier.Translate : “Some or all identity references could not be translated”

icalcs : “No mapping between account names and security IDs was done”

So I was trying to add a web application via powershell and got stuck on the first message when trying to grant the web pool folder access, I tried various items, and then tried icalcs from the command line and got the second message. Turns out you need to force IIS to commit the changes to create the web pool! The real issue is it didn’t exist yet.

# add a web application

# reset for clean slate
Reset-IISServerManager -Confirm:$false


Start-IISCommitDelay

$siteName = "Default Web Site"
$appName = "MyBlog"
$appPoolName = "MyBlogAppPool"
$appFolder = "C:\inetpub\wwwroot\MyBlogApp"

# add the app pool
$server = Get-IISServerManager
$appPool = $server.ApplicationPools.Add($appPoolName)
# list props
# $appPool | select-object *
$appPool.ManagedRuntimeVersion = "v4.0"

# IMPORTANT that this is commited, otherwise ACL below will fail 
# none of the error messages will explain the app pool doesn't exist

Stop-IISCommitDelay

# verify it exists

Get-ChildItem -Path IIS:\AppPools

# add the folder

New-Item -ItemType "directory" $appFolder

# set permissions on folder

$server = Get-IISServerManager
$appPoolSid = $server.ApplicationPools["$appPoolName"].Attributes['applicationPoolSid']
$identifier = New-Object System.Security.Principal.SecurityIdentifier $appPoolSid.Value
$user = $identifier.Translate([System.Security.Principal.NTAccount])

$acl = Get-Acl $appFolder
#$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user,"FullControl", "Allow")
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user,"FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.SetAccessRule($rule)
Set-Acl $appFolder $Acl  

# create the web app
Reset-IISServerManager -Confirm:$false
Start-IISCommitDelay

New-WebApplication -Name $appName -Site $siteName -PhysicalPath $appFolder -ApplicationPool $appPoolName

Stop-IISCommitDelay
#
#
#

References:
https://serverfault.com/questions/303097/how-can-i-add-acl-permissions-for-iis-apppool-accounts-via-powershell

Powershell

Powershell & Disk Setup

Leave a comment

So recently I had to setup some drives but wanted to bypass the traditonal compmgmt route (or diskmgmt).  Powershell proved to be much faster than the old way, it only takes a few seconds to setup an SSD (longer if you want to format).


#which drives are partition style raw?

Get-Disk

# so in the above example I noted disk number 4 is RAW, I wanted it to be the N drive
# allocate all space, format as GPT and label it "N-DRIVE"

Get-Disk | Where-object Number -eq 4 | Initialize-Disk -PartitionStyle GPT -PassThru | New-Partition -DriveLetter N -UseMaximumSize | Format-Volume -FileSystem NTFS -NewFileSystemLabel "N-DRIVE" -Confirm:$false

#

 

References:
https://devblogs.microsoft.com/scripting/use-powershell-to-initialize-raw-disks-and-to-partition-and-format-volumes/

Powershell

Powershell & Hyper-V

Leave a comment

One thing I’ve only come to appreciate lately is how quick it can be to do things in powershell vs. toiling with virtmgmt ui, let alone fussing with the firewall. Here is a quick script for adding an existing VHDX


# existing VHDX located at D:\myvm\myvm.vhdx
# 4GB RAM, 1 proc, use switch called GuestVirtualSwitch
# secure boot off (Linux, possible to have On with effort https://www.altaro.com/hyper-v/hyper-v-2016-support-linux-secure-boot/ )

$vmname="MYVM"; $procs=1; $vhdpath="T:\MYVM\MYVM.vhdx"; $mem=4GB; $disksize = 128GB; $secureboot="On"
$iso = "b:\software\linux_os_install.iso" 

New-VHD -Path $vhdpath -SizeBytes $disksize
New-VM -Name $vmname -MemoryStartupBytes $mem -Switch GuestVirtualSwitch -BootDevice VHD -Generation 2 -VHDPath $vhdpath
Set-VMProcessor $vmname -Count $procs
Set-VM -VMName $vmname -CheckpointType Disabled
Set-VMFirmware $vmname -EnableSecureBoot $secureboot
Add-VMDvdDrive -VMName $vmname -Path $iso
$dvd = Get-VmDvdDrive -VMName $VMName
Set-VMFirmware -VMName $vmname -FirstBootDevice $dvd
Start-VM $vmname