<# .SYNOPSIS Script 17 - IIS Certificate Binding Report .DESCRIPTION NO CHANGES WILL BE MADE" -ForegroundColor Green.DESCRIPTION Write-Host "" # --------------------------------------------------- # Load SharePoint Snap-in # --------------------------------------------------- try { if (-not (Get-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue)) { Add-PSSnapin Microsoft.SharePoint.PowerShell } } catch { throw "Run in SharePoint Management Shell. Error: $($_.Exception.Message)" } # --------------------------------------------------- # Output Setup # --------------------------------------------------- $outDir = Split-Path $OutputCsv -Parent if ([string]::IsNullOrWhiteSpace($outDir)) { throw "Provide full OutputCsv path. Example: C:\Temp\IISBindings.csv" } if (-not (Test-Path $outDir)) { New-Item -Path $outDir -ItemType Directory -Force | Out-Null } $timestamp = (Get-Date).ToString("yyyyMMdd_HHmmss") $baseName = [System.IO.Path]::GetFileNameWithoutExtension($OutputCsv) $summaryPath = Join-Path $outDir "$baseName`_$timestamp`_Summary.csv" $logPath = Join-Path $outDir "$baseName`_$timestamp`_RunLog.txt" $errorPath = Join-Path $outDir "$baseName`_$timestamp`_Errors.csv" # --------------------------------------------------- # Logging # --------------------------------------------------- $log = New-Object System.Collections.Generic.List[string] $errors = New-Object System.Collections.Generic.List[object] function Log { param ($msg) $line = "[{0}] {1}" -f (Get-Date -Format "yyyy-MM-dd HH:mm:ss"), $msg $log.Add($line) | Out-Null Write-Host $line } function Add-ErrorRecord { param ($scope, $msg) $errors.Add([pscustomobject]@{ Timestamp = Get-Date Scope = $scope Message = $msg }) | Out-Null } # --------------------------------------------------- # Prompt # --------------------------------------------------- if (-not $NoPrompt) { Write-Host "This script inspects IIS bindings and SSL configuration" -ForegroundColor Yellow if ((Read-Host "Type YES to continue") -ne "YES") { return } } # --------------------------------------------------- # Risk Model # --------------------------------------------------- function Get-RiskLevel { param ($UseSSL, $CertificatePresent) if (-not $UseSSL) { return "High" } if ($UseSSL -and (-not $CertificatePresent)) { return "High" } return "Low" } function Get-Score { param ($risk) switch ($risk) { "High" { return 30 } "Low" { return 90 } default { return 50 } } } function Get-Recommendation { param ($risk) switch ($risk) { "High" { return "SSL not enabled or certificate missing. Fix before migration." } "Low" { return "Binding configuration valid." } } } # --------------------------------------------------- # Main Execution # --------------------------------------------------- $results = New-Object System.Collections.Generic.List[object] try { $webApps = Get-SPWebApplication Log ("Found {0} web application(s)" -f $webApps.Count) } catch { Add-ErrorRecord "WebAppDiscovery" $_.Exception.Message throw } foreach ($app in $webApps) { try { Log ("Processing Web Application: {0}" -f $app.Url) foreach ($zone in [Microsoft.SharePoint.Administration.SPUrlZone]::GetValues([Microsoft.SharePoint.Administration.SPUrlZone])) { try { $iis = $app.IisSettings[$zone] if ($iis -ne $null) { $port = $iis.Port $host = $iis.ServerComment $ssl = $iis.SecureBindings -ne $null $certPresent = $false if ($iis.SecureBindings -ne $null) { $certPresent = $true } $risk = Get-RiskLevel -UseSSL $ssl -CertificatePresent $certPresent $results.Add([pscustomobject]@{ WebAppUrl = $app.Url Zone = $zone Port = $port HostHeader = $host UseSSL = $ssl CertificatePresent = $certPresent RiskLevel = $risk Score = Get-Score $risk Category = "IISBinding" ActionRecommendation = Get-Recommendation $risk }) | Out-Null } } catch { Add-ErrorRecord $app.Url $_.Exception.Message } } } catch { Add-ErrorRecord $app.Url $_.Exception.Message } } # --------------------------------------------------- # Export Reports # --------------------------------------------------- $results | Export-Csv -Path $OutputCsv -NoTypeInformation -Encoding UTF8 $results | Group-Object RiskLevel | ForEach-Object { [pscustomobject]@{ RiskLevel = $_.Name Count = $_.Count } } | Export-Csv -Path $summaryPath -NoTypeInformation -Encoding UTF8 $log | Set-Content $logPath if ($errors.Count -gt 0) { $errors | Export-Csv -Path $errorPath -NoTypeInformation -Encoding UTF8 Write-Host "ERROR REPORT: $errorPath" -ForegroundColor Yellow } Write-Host "DETAIL REPORT: $OutputCsv" -ForegroundColor Green Write-Host "SUMMARY REPORT: $summaryPath" -ForegroundColor Green Write-Host "RUN LOG: $logPath" -ForegroundColor Green Write-Host "Complete." -ForegroundColor Green READ-ONLY script. Collects IIS binding and SSL certificate information for SharePoint web applications. Captures: - Web Application URL - IIS Port - SSL Enabled - Host Header - Certificate presence - Binding configuration Supports: - Migration planning - SSL validation - Security posture assessment .NOTES Run in SharePoint Management Shell #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$OutputCsv, [switch]$NoPrompt ) Set-StrictMode -Version Latest $ErrorActionPreference = "Stop" Write-Host "SCRIPT 17 - IIS CERTIFICATE BINDING REPORT" -ForegroundColor Cyan