How to Back Up IIS Configuration in Batch Script

The IIS configuration files control every aspect of your web server: websites, application pools, bindings, authentication settings, SSL certificates, and URL rewrites. A single misconfigured change can take down an entire production server. Backing up the IIS configuration before making changes, deploying updates, or performing maintenance is a fundamental safety practice that enables instant recovery.

In this guide, we will explore how to create IIS configuration backups from a Batch Script using the built-in appcmd backup feature, manual file copies, and comprehensive backup strategies.

Understanding IIS Configuration Files

The IIS 7+ configuration is stored in XML files:

File	Location	Contents
`applicationHost.config`	`%SystemRoot%\System32\inetsrv\config\`	All sites, pools, bindings, and server-level settings
`administration.config`	Same directory	IIS Manager delegation and feature settings
`redirection.config`	Same directory	Configuration file redirection settings
`web.config`	Each site's root directory	Site-specific overrides

The applicationHost.config file is the most critical. It contains the complete server configuration.

Method 1: Using APPCMD ADD BACKUP (The Official Way)

IIS includes a built-in backup mechanism through appcmd.

@echo off
setlocal

set "appcmd=%SystemRoot%\System32\inetsrv\appcmd.exe"

:: Verify Admin
net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Administrator privileges required.
    pause
    exit /b 1
)

:: Verify IIS is installed
if not exist "%appcmd%" (
    echo [ERROR] appcmd.exe not found. Is IIS installed?
    pause
    exit /b 1
)

:: Create a timestamp-based backup name
for /f "tokens=2 delims==" %%T in ('wmic os get LocalDateTime /value') do set "dt=%%T"
set "backup_name=Backup_%dt:~0,8%_%dt:~8,4%"

echo Creating IIS configuration backup: %backup_name%

"%appcmd%" add backup "%backup_name%"

if %errorlevel% equ 0 (
    echo [SUCCESS] Backup created: %backup_name%
    echo.
    echo Backup location:
    echo   %SystemRoot%\System32\inetsrv\backup\%backup_name%\
) else (
    echo [ERROR] Backup failed.
)

pause

Where Are Backups Stored?

appcmd backups are stored in:

%SystemRoot%\System32\inetsrv\backup\<BackupName>\

Each backup folder contains copies of applicationHost.config, administration.config, and related schema files.

Method 2: Pre-Change Backup with Label

For change management purposes, include a descriptive label with each backup:

@echo off
setlocal

set "appcmd=%SystemRoot%\System32\inetsrv\appcmd.exe"

net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Admin required.
    pause
    exit /b 1
)

if not exist "%appcmd%" (
    echo [ERROR] appcmd.exe not found. Is IIS installed?
    pause
    exit /b 1
)

:: Prompt for a description
set /p "label=Enter backup description (e.g., pre-ssl-change): "

if not defined label (
    echo [ERROR] Backup description cannot be empty.
    pause
    exit /b 1
)

:: Sanitize the label (remove spaces)
set "label=%label: =_%"

for /f "tokens=2 delims==" %%T in ('wmic os get LocalDateTime /value') do set "dt=%%T"
set "backup_name=%label%_%dt:~0,8%_%dt:~8,4%"

echo Creating backup: %backup_name%
"%appcmd%" add backup "%backup_name%"

if %errorlevel% equ 0 (
    echo [SUCCESS] Backup "%backup_name%" created.
) else (
    echo [ERROR] Failed to create backup.
)

pause

Method 3: Manual File Copy (Full Control)

For scenarios where you need backups stored in a custom location (network share, versioned folder, etc.):

@echo off
setlocal

net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Admin required.
    pause
    exit /b 1
)

:: Configuration
set "iis_config=%SystemRoot%\System32\inetsrv\config"
set "backup_root=D:\Backups\IIS\%COMPUTERNAME%"

:: Verify source exists
if not exist "%iis_config%\applicationHost.config" (
    echo [ERROR] IIS configuration not found at %iis_config%
    pause
    exit /b 1
)

:: Create timestamped folder
for /f "tokens=2 delims==" %%T in ('wmic os get LocalDateTime /value') do set "dt=%%T"
set "backup_dir=%backup_root%\%dt:~0,4%-%dt:~4,2%-%dt:~6,2%_%dt:~8,2%%dt:~10,2%"

echo Backing up IIS configuration...
echo Source: %iis_config%
echo Target: %backup_dir%
echo.

if not exist "%backup_dir%" mkdir "%backup_dir%"

:: Copy all configuration files
set "errors=0"

copy "%iis_config%\applicationHost.config" "%backup_dir%\" >nul
if errorlevel 1 set /a errors+=1

copy "%iis_config%\administration.config" "%backup_dir%\" >nul
if errorlevel 1 set /a errors+=1

copy "%iis_config%\redirection.config" "%backup_dir%\" >nul
if errorlevel 1 set /a errors+=1

:: Copy schema files
if not exist "%backup_dir%\schema" mkdir "%backup_dir%\schema"
xcopy "%iis_config%\schema\*" "%backup_dir%\schema\" /s /y /q >nul

:: Verify
set "file_count=0"
for %%F in ("%backup_dir%\*.config") do set /a file_count+=1

if %errors% equ 0 (
    echo [SUCCESS] %file_count% config files backed up to:
    echo   %backup_dir%
) else (
    echo [WARNING] Backup completed with %errors% error(s).
    echo   %file_count% config files in %backup_dir%
)

pause

Method 4: Comprehensive Backup (Config + Site Content)

For disaster recovery, back up both the IIS configuration and all website files:

@echo off
setlocal enabledelayedexpansion

set "appcmd=%SystemRoot%\System32\inetsrv\appcmd.exe"

net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Admin required.
    pause
    exit /b 1
)

if not exist "%appcmd%" (
    echo [ERROR] appcmd.exe not found. Is IIS installed?
    pause
    exit /b 1
)

:: Backup destination
for /f "tokens=2 delims==" %%T in ('wmic os get LocalDateTime /value') do set "dt=%%T"
set "backup_root=D:\Backups\IIS_Full\%dt:~0,4%-%dt:~4,2%-%dt:~6,2%"

echo =============================================
echo   FULL IIS BACKUP
echo   %dt:~0,4%-%dt:~4,2%-%dt:~6,2% %dt:~8,2%:%dt:~10,2%
echo =============================================
echo.

:: Step 1: Backup IIS configuration
echo [1/4] Backing up IIS configuration...
set "config_dir=%backup_root%\config"
mkdir "%config_dir%" 2>nul
copy "%SystemRoot%\System32\inetsrv\config\applicationHost.config" "%config_dir%\" >nul
copy "%SystemRoot%\System32\inetsrv\config\administration.config" "%config_dir%\" >nul
copy "%SystemRoot%\System32\inetsrv\config\redirection.config" "%config_dir%\" >nul
echo   Config files saved.

:: Step 2: Also create an appcmd backup
echo.
echo [2/4] Creating appcmd backup...
"%appcmd%" add backup "FullBackup_%dt:~0,8%" >nul 2>&1
echo   appcmd backup created.

:: Step 3: Backup all website content
echo.
echo [3/4] Backing up website content...

set "site_count=0"
for /f "delims=" %%N in ('"%appcmd%" list site /text:name') do (
    set "site_name=%%N"
    set "site_path="

    for /f "delims=" %%P in ('"%appcmd%" list vdir /app.name:"!site_name!/" /text:physicalPath 2^>nul') do (
        set "site_path=%%P"
    )

    if defined site_path (
        if exist "!site_path!" (
            echo   Backing up: !site_name!
            set "site_backup=!backup_root!\sites\!site_name!"
            mkdir "!site_backup!" 2>nul
            xcopy "!site_path!\*" "!site_backup!\" /s /e /y /q >nul 2>&1
            set /a site_count+=1
        )
    )
)
echo   %site_count% site(s) backed up.

:: Step 4: Export site list for reference
echo.
echo [4/4] Exporting site inventory...
set "inventory=%backup_root%\site_inventory.txt"
"%appcmd%" list site > "%inventory%"
"%appcmd%" list apppool >> "%inventory%"
echo   Inventory saved.

echo.
echo =============================================
echo [SUCCESS] Full backup complete.
echo Location: %backup_root%
echo =============================================

pause

Method 5: Listing Existing Backups

To see what backups are available for restoration:

@echo off
setlocal

set "appcmd=%SystemRoot%\System32\inetsrv\appcmd.exe"

net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Admin required.
    pause
    exit /b 1
)

if not exist "%appcmd%" (
    echo [ERROR] appcmd.exe not found. Is IIS installed?
    pause
    exit /b 1
)

echo Available IIS Configuration Backups:
echo ====================================
echo.

"%appcmd%" list backup

echo.
pause

Method 6: Automated Scheduled Backup

Create a scheduled backup that runs daily:

@echo off
setlocal

net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Admin required.
    pause
    exit /b 1
)

set "appcmd=%SystemRoot%\System32\inetsrv\appcmd.exe"

if not exist "%appcmd%" (
    echo [ERROR] appcmd.exe not found. Is IIS installed?
    pause
    exit /b 1
)

:: Create the daily backup script
set "backup_script=%SystemRoot%\System32\inetsrv\iis_daily_backup.bat"

 > "%backup_script%" echo @echo off
>> "%backup_script%" echo setlocal
>> "%backup_script%" echo set "appcmd=%%SystemRoot%%\System32\inetsrv\appcmd.exe"
>> "%backup_script%" echo for /f "tokens=2 delims==" %%%%T in ('wmic os get LocalDateTime /value') do set "dt=%%%%T"
>> "%backup_script%" echo "%%appcmd%%" add backup "DailyBackup_%%dt:~0,8%%_%%dt:~8,4%%"

echo Created backup script: %backup_script%

:: Create the scheduled task
schtasks /create /tn "IIS Daily Backup" /tr "\"%backup_script%\"" /sc daily /st 02:00 /ru SYSTEM /rl highest /f

if %errorlevel% equ 0 (
    echo.
    echo [OK] Scheduled task "IIS Daily Backup" created.
    echo Backups will run daily at 2:00 AM.
) else (
    echo [ERROR] Failed to create scheduled task.
)

pause

info

Over time, automatic backups can accumulate significant disk space. Implement a retention policy that deletes backups older than a certain number of days using appcmd delete backup or a cleanup script.

Common Mistakes

The Wrong Way: Only Backing Up applicationHost.config

:: INCOMPLETE - Missing administration.config and schema files
copy %SystemRoot%\System32\inetsrv\config\applicationHost.config D:\backup\

Output Concern: While applicationHost.config is the most critical file, some IIS features store settings in administration.config, and schema files define how the configuration is validated. A complete backup includes all files in the config directory.

The Wrong Way: Backing Up While Making Changes

:: RISKY - Config may be in a transitional state
"%appcmd%" set site /site.name:"MySite" /bindings:http/*:8080:
"%appcmd%" add backup "mid-change-backup"

Always create backups before making changes, not during. A backup taken mid-change may capture an incomplete or inconsistent configuration.

Best Practices

Back up before every change: Make it a habit to run appcmd add backup before modifying any IIS configuration.
Use descriptive backup names: Include the date, time, and purpose (e.g., pre-ssl-renewal-20240115).
Store copies off-server: In addition to appcmd backups, copy configuration files to a network share for disaster recovery.
Implement retention: Delete old backups regularly to prevent disk space exhaustion.
Verify backups: Periodically test restoration on a staging server to ensure backups are valid.

Conclusion

Backing up IIS configuration from a Batch Script is a critical safety practice that takes seconds but can save hours of recovery time. The built-in appcmd add backup command provides the simplest approach, creating timestamped snapshots in the IIS backup directory. For comprehensive disaster recovery, combining configuration backups with website content copies and site inventory exports creates a complete recovery package. Making this a pre-change habit and automating daily backups ensures your IIS servers can always be restored to a known-good state.

Understanding IIS Configuration Files​

Method 1: Using APPCMD ADD BACKUP (The Official Way)​

Where Are Backups Stored?​

Method 2: Pre-Change Backup with Label​

Method 3: Manual File Copy (Full Control)​

Method 4: Comprehensive Backup (Config + Site Content)​

Method 5: Listing Existing Backups​

Method 6: Automated Scheduled Backup​

Common Mistakes​

The Wrong Way: Only Backing Up applicationHost.config​

The Wrong Way: Backing Up While Making Changes​

Best Practices​

Conclusion​

Table of Contents