IIS Configuration via PowerShell: Disable Default Document

Question

I’m able to query the default document list in IIS using the following PowerShell code:

Get-WebConfigurationProperty -Filter "//defaultDocument/files/add" -PSPath 'MACHINE/WEBROOT/APPHOST' -Name "value" | select value

…but I want to disable the default document feature altogether to address a vulnerability. I’ve not found much on disabling the feature via PowerShell but MS documentation says the following can be run to remove a value:

remove-webconfigurationproperty /system.webServer/defaultDocument -name files -atElement @{value="foo.html"}

Is this really the only way to disable the feature? I’ve not found anything that suggests it can simply be disabled like you can in the IIS administration console.

score 1 · Accepted Answer · answered Nov 24 '20 at 18:17

To remove features from IIS, you should the Dism cmdlets, in your case:

Disable-WindowsOptionalFeature -Online -FeatureName IIS-DefaultDocument

If you want to disable it inside of IIS for the whole server, you can use:

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST'  -filter "system.webServer/defaultDocument" -name "enabled" -value "False"

score 0 · Answer 2 · answered Apr 08 '22 at 04:59

If you want to disable only for 1 site, use the following code:

Set-WebConfigurationProperty -filter "system.webserver/defaultdocument" -pspath "IIS:\sites\Default Web Site" -name "enabled" -Value "False"

Replace Default Web Site with the name of the site you want to disable

Credit to Peter for the original answer

IIS Configuration via PowerShell: Disable Default Document

2 Answers2