IIS Manager

The IIS web management console is a perfect example. Remote access is not enabled by default in the Windows base images, but you can configure it with a simple PowerShell script. Firstly, the web management feature needs to be installed:

Import-Module servermanager
Add-WindowsFeature web-mgmt-service

Then, you need to enable remote access with a registry setting and start the web management Windows service:

Set-ItemProperty -Path HKLM:SOFTWAREMicrosoftWebManagementServer -Name EnableRemoteManagement -Value 1
Start-Service wmsvc

You also need an EXPOSE instruction in the Dockerfile to allow traffic into the management service on the expected port 8172. This will allow you to connect, but IIS management console requires user credentials for the remote machine. To support this without having to connect the container to Active Directory (AD), you can create a user and password in the setup script:

net user iisadmin "!!Sadmin*" /add
net localgroup "Administrators" "iisadmin" /add

There are security issues here. You need to create an administrative account in the image, expose a port, and run an additional service—all increasing the attack surface of your application. Instead of running the setup script in the Dockerfile, it would be better to attach to a container and run the script interactively if you need remote access.

I've set up a simple web server in an image, packaged with a script to enable remote management in the Dockerfile for dockeronwindows/ch08-iis-with-management:2e. I'll run a container from this image, publishing the HTTP- and IIS-management ports:

docker container run -d -p 80 -p 8172 --name iis dockeronwindows/ch08-iis-with-management:2e

When the container is running, I'll execute the EnableIisRemoteManagement.ps1 script inside the container, which sets up remote access with the IIS management service:

> docker container exec iis powershell EnableIisRemoteManagement.ps1
The command completed successfully.
The command completed successfully.

Success Restart Needed Exit Code      Feature Result
------- -------------- ---------      --------------
True    No             Success        {ASP.NET 4.7, Management Service, Mana...

Windows IP Configuration
Ethernet adapter vEthernet (Ethernet):
   Connection-specific DNS Suffix  . : localdomain
   Link-local IPv6 Address . . . . . : fe80::583a:2cc:41f:f2e4%14
   IPv4 Address. . . . . . . . . . . : 172.27.56.248
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . : 172.27.48.1

The setup script ends by running ipconfig, so I can see the internal IP address of the container (I can also see this from docker container inspect).
Now I can run IIS Manager on my Windows host, choose Start Page | Connect to a Server, and enter the IP address of the container. When IIS challenges me to authenticate, I use the credentials for the iisadmin user I created in the setup script:

Here, I can navigate around the application pools and the website hierarchy as if I were connected to a remote server:

This is a good way of checking the configuration of IIS or an ASP.NET application running on IIS. You can check the virtual directory setup, application pools, and application configuration, but this should be used for investigation only.

If I find that something in the application is not configured correctly, I need to go back to the Dockerfile and fix it and not make a change to the running container. This technique can be very useful when you're migrating an existing app to Docker. If you install an MSI with the web app in the Dockerfile, you can't see what the MSI actually does—but you can connect with IIS Manager and see the results.

Table of Contents for IIS Manager

Create new playlist

Sign In

Sign Up

Table of Contents for
IIS Manager