…was way too much like hard work / blindly poking about in the dark, and there’s still a nasty hacky bit in the script where I gave up trying to make the IIS snap-in work, and just used appcmd, but it does actually work:
<#
.Synopsis
Configures HTTP access for SSAS on the local box
.SeeAlso
http://technet.microsoft.com/en-sg/library/gg492140(en-us).aspx
http://learn.iis.net/page.aspx/436/powershell-snap-in-changing-simple-settings-in-configuration-sections/
http://www.iis.net/ConfigReference/system.webServer/security/isapiCgiRestriction
#>
$ErrorActionPreference = 'stop'
$scriptDir = split-path $myInvocation.MyCommand.Path;
$isapiPath = "$scriptDir\msmdpump.dll"
import-module WebAdministration
cd IIS:\
# Register msmdpump as a (globally) acceptable ISAPI handler
$isapiRestrictions = Get-WebConfiguration /system.webServer/security/isapiCgiRestriction
$handler = @($isapiRestrictions.Collection | ? { $_.description -eq 'OLAP' } )
if(-not $handler){
# This way the object always appears locked?
# but should be fine according to http://forums.iis.net/t/1158906.aspx
$null = @"
$restrictions = $isapiRestrictions.GetCollection();
$handler = $restrictions.CreateElement('add');
$handler.SetAttributeValue('path', $isapiPath);
$handler.SetAttributeValue('allowed',$true);
$handler.SetAttributeValue('description','OLAP');
$restrictions.Add($handler);
"@
# instead try
# http://serverfault.com/questions/134361/programmatically-add-an-isapi-extension-dll-in-iis-7-using-adsi
& "$env:windir\system32\inetsrv\appcmd.exe" set config /section:isapiCgiRestriction /+"[path='$isapiPath', description='OLAP',allowed='True']"
}
# Create the app pool
cd IIS:\AppPools
if(-not (Test-Path OLAP)){
$olapAppPool = New-WebAppPool OLAP
}else{
$olapAppPool = Get-Item OLAP
}
$olapAppPool.managedPipelineMode = 'classic'
$olapAppPool | Set-Item
# Create the website
cd IIS:\Sites
$defaultSite = @(dir)[0]
cd $defaultSite.Name
if(-not (Test-Path OLAP)){
$olapApp = New-WebApplication OLAP -physicalPath:$scriptDir
}else{
$olapApp = Get-Item OLAP
}
$olapLocation = '{0}/{1}' -f $defaultSite.Name,$olapApp.Name
cd OLAP
# Setup the web application: first associate the app pool
set-itemproperty $pwd -name applicationPool -value 'OLAP'
# ...then enable anonymous access
$basicAuth = Get-WebConfiguration -Filter /system.webServer/security/authentication/anonymousAuthentication
$basicAuth.Enabled = $true
$basicAuth | Set-WebConfiguration -Filter /system.webServer/security/authentication/anonymousAuthentication -PSPath IIS:\ -Location $olapLocation
# ...and create a mapping for that handler for this web app
$mapping = Get-WebHandler OLAP
if(-not $mapping){
$mapping = New-WebHandler OLAP -ScriptProcessor:$isapiPath -Path:*.dll -Verb:* -Location:$olapLocation -PSPath:IIS:\ -Modules:IsapiModule
}
$mapping
Wow. IIS administration is just as bizarre and arcane as it always was. Did someone say ‘where is the setup wizard’?