Integrations

I received a request to disable NTLM on one of our public web servers. It wasn't enabled on the root site and the request didn't name the specific route that it was detected on. There were over fifty subsites beneath the default site, and it wasn't enabled on the root. Instead of clicking through each one, I used the script below to enumerate the subsites to identify which ones had NTLM authentication enabled.

Import-Module WebAdministration
$sitePath = "IIS:\Sites\Default Web Site"

foreach ($app in $apps) {
    $appPath = "IIS:\Sites\Default Web Site\$($app.Name)"

    try{$windowsAuth = Get-WebConfigurationProperty `
        -Filter "system.webServer/security/authentication/windowsAuthentication" `
        -PSPath $appPath `
        -Name enabled
        if ($windowsAuth.Value -ne $false){
            Write-Output "$($app.Name): Windows Authentication = $windowsAuth"
        }
    }
    catch{
        Write-Warning "Failed to query app: $($appPath). Exception: $($_.Exception.Message)"
    }
}