How to Enable Directory Browsing on an IIS Website in Batch Script

Directory browsing is an IIS feature that displays a listing of files and subdirectories when a visitor navigates to a folder URL that does not contain a default document (like index.html or default.aspx). While disabled by default for security reasons, directory browsing is useful for internal file servers, download repositories, documentation archives, and development environments where you want users to browse and download files directly through the browser.

In this guide, we will explore how to enable and disable directory browsing on IIS websites using Batch Script with the appcmd.exe command-line tool.

Why Directory Browsing is Disabled by Default

When directory browsing is off and no default document exists, IIS returns an HTTP 403.14 - Forbidden error. This is intentional because:

Exposing directory contents can reveal sensitive files (configuration, backup files, source code).
Attackers can enumerate the directory structure to discover exploitable resources.
Public-facing websites should serve content through controlled pages, not raw file listings.

warning

Only enable directory browsing on internal or non-sensitive sites. For public websites, use a proper file listing page instead of exposing the raw directory structure.

Method 1: Enabling Directory Browsing on a Specific Site

@echo off
setlocal

set "appcmd=%SystemRoot%\System32\inetsrv\appcmd.exe"
set "site_name=FileRepository"

:: Verify Admin
net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Administrator privileges required.
    pause
    exit /b 1
)

echo Enabling directory browsing on "%site_name%"...

"%appcmd%" set config "%site_name%" /section:directoryBrowse /enabled:true

if %errorlevel% equ 0 (
    echo [SUCCESS] Directory browsing is now enabled.
    echo Visitors will see file listings in folders without default documents.
) else (
    echo [ERROR] Failed. Verify the site name exists.
)

pause
endlocal

What This Does

The command modifies the web.config (or applicationHost.config at the site level) to include:

<directoryBrowse enabled="true" />

After this change, browsing to http://yoursite.com/subfolder/ will show a list of files instead of returning a 403 error.

Method 2: Disabling Directory Browsing

To disable it again (restoring the secure default):

@echo off
setlocal

set "appcmd=%SystemRoot%\System32\inetsrv\appcmd.exe"
set "site_name=FileRepository"

net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Admin required.
    pause
    exit /b 1
)

echo Disabling directory browsing on "%site_name%"...

"%appcmd%" set config "%site_name%" /section:directoryBrowse /enabled:false

if %errorlevel% equ 0 (
    echo [SUCCESS] Directory browsing disabled.
    echo Folders without default documents will return 403.
) else (
    echo [ERROR] Failed.
)

pause
endlocal

Method 3: Enabling for a Specific Virtual Directory

You can enable directory browsing on a specific subdirectory of a site without affecting other parts:

@echo off
setlocal

set "appcmd=%SystemRoot%\System32\inetsrv\appcmd.exe"
set "site_name=CompanyIntranet"
set "vdir_path=downloads"

net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Admin required.
    pause
    exit /b 1
)

echo Enabling directory browsing on "%site_name%/%vdir_path%"...

"%appcmd%" set config "%site_name%/%vdir_path%" /section:directoryBrowse /enabled:true

if %errorlevel% equ 0 (
    echo [SUCCESS] Directory browsing enabled for /%vdir_path%/ only.
) else (
    echo [ERROR] Failed.
)

pause
endlocal

This creates (or modifies) a web.config file in the downloads folder with the directory browsing setting, leaving the rest of the site unchanged.

Method 4: Enabling Globally for All Websites

For development servers or internal file servers where every site should allow browsing:

@echo off
setlocal

set "appcmd=%SystemRoot%\System32\inetsrv\appcmd.exe"

net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Admin required.
    pause
    exit /b 1
)

echo Enabling directory browsing GLOBALLY...

:: No site name = applies to applicationHost.config (server level)
"%appcmd%" set config /section:directoryBrowse /enabled:true /commit:apphost

if %errorlevel% equ 0 (
    echo [SUCCESS] Directory browsing enabled at the server level.
    echo All websites will show directory listings unless overridden locally.
) else (
    echo [ERROR] Failed.
)

pause
endlocal

The /commit:apphost flag writes the change to applicationHost.config instead of a site-specific web.config, making it the server-wide default.

Method 5: Interactive Toggle with Status Check

@echo off
title Directory Browsing Manager
setlocal enabledelayedexpansion

set "appcmd=%SystemRoot%\System32\inetsrv\appcmd.exe"

net session >nul 2>&1
if !errorlevel! neq 0 (
    echo [ERROR] Run as Administrator.
    pause
    exit /b 1
)

:menu
cls
echo =============================================
echo   DIRECTORY BROWSING MANAGER
echo =============================================
echo.

:: List all sites
echo Sites:
for /f "tokens=*" %%S in ('"%appcmd%" list site') do echo   %%S

echo.
set "site="
set /p "site=Enter site name (or ALL for global, EXIT to quit): "

if not defined site goto menu
if /i "!site!" == "EXIT" (
    endlocal
    exit /b 0
)

:: Check current status
echo.
set "current_status="
if /i "!site!" == "ALL" (
    for /f "tokens=*" %%V in ('"%appcmd%" list config /section:directoryBrowse /text:enabled 2^>nul') do set "current_status=%%V"
) else (
    for /f "tokens=*" %%V in ('"%appcmd%" list config "!site!" /section:directoryBrowse /text:enabled 2^>nul') do set "current_status=%%V"
)

if defined current_status (
    echo Current directory browsing status: !current_status!
) else (
    echo Current directory browsing status: unknown (site may not exist^)
)

echo.
echo [1] Enable directory browsing
echo [2] Disable directory browsing
echo [3] Back
set "opt="
set /p "opt=Select: "

if "!opt!" == "1" (
    if /i "!site!" == "ALL" (
        "%appcmd%" set config /section:directoryBrowse /enabled:true /commit:apphost
    ) else (
        "%appcmd%" set config "!site!" /section:directoryBrowse /enabled:true
    )

    if !errorlevel! equ 0 (
        echo [OK] Enabled.
    ) else (
        echo [ERROR] Failed.
    )
    pause
    goto menu
)
if "!opt!" == "2" (
    if /i "!site!" == "ALL" (
        "%appcmd%" set config /section:directoryBrowse /enabled:false /commit:apphost
    ) else (
        "%appcmd%" set config "!site!" /section:directoryBrowse /enabled:false
    )

    if !errorlevel! equ 0 (
        echo [OK] Disabled.
    ) else (
        echo [ERROR] Failed.
    )
    pause
    goto menu
)
if "!opt!" == "3" goto menu

goto menu

Customizing the Directory Listing Appearance

By default, IIS displays a plain HTML table of filenames, sizes, and modification dates. You can customize the display flags:

@echo off
setlocal

set "appcmd=%SystemRoot%\System32\inetsrv\appcmd.exe"
set "site_name=FileRepository"

net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Admin required.
    pause
    exit /b 1
)

:: Show file size, date, time, extension, and long dates
"%appcmd%" set config "%site_name%" /section:directoryBrowse /enabled:true /showFlags:"Date, Time, Size, Extension, LongDate"

if %errorlevel% equ 0 (
    echo [OK] Directory browsing configured with detailed file info.
) else (
    echo [ERROR] Failed to configure directory browsing flags.
)

pause
endlocal

Available Flags

Flag	Description
`Date`	Show file modification date
`Time`	Show file modification time
`Size`	Show file size
`Extension`	Show file extension
`LongDate`	Use long date format

Common Mistakes

The Wrong Way: Editing applicationHost.config Directly

:: WRONG - Manually editing the XML config is fragile and risky
notepad %SystemRoot%\System32\inetsrv\config\applicationHost.config

Output Concern: Hand-editing applicationHost.config can introduce XML syntax errors that crash the entire IIS server. Always use appcmd set config which validates the configuration before applying it.

The Wrong Way: Enabling on a Production Public Site

:: DANGEROUS - Exposes all files to the internet
"%appcmd%" set config "PublicWebsite" /section:directoryBrowse /enabled:true

Enabling directory browsing on a public website can expose configuration files, backup files, source code, and other sensitive content to anyone on the internet. Only enable this on internal or development sites.

Best Practices

Keep it disabled by default: Only enable directory browsing on explicitly designated file-sharing paths.
Scope it narrowly: Enable on specific subdirectories rather than entire sites when possible.
Combine with authorization: Use IIS URL Authorization to restrict who can access the directory listing (e.g., only authenticated intranet users).
Use appcmd not manual XML editing: The command-line tool validates configuration before applying, preventing syntax errors.

Conclusion

Enabling directory browsing on an IIS website from a Batch Script is a single appcmd set config command targeting the directoryBrowse section. The feature can be scoped to individual sites, specific subdirectories, or applied globally at the server level. While invaluable for internal file servers and development environments, directory browsing should be used cautiously on public-facing sites and always paired with appropriate access controls to prevent unintended exposure of sensitive files.

Why Directory Browsing is Disabled by Default​

Method 1: Enabling Directory Browsing on a Specific Site​

What This Does​

Method 2: Disabling Directory Browsing​

Method 3: Enabling for a Specific Virtual Directory​

Method 4: Enabling Globally for All Websites​

Method 5: Interactive Toggle with Status Check​

Customizing the Directory Listing Appearance​

Available Flags​

Common Mistakes​

The Wrong Way: Editing applicationHost.config Directly​

The Wrong Way: Enabling on a Production Public Site​

Best Practices​

Conclusion​

Table of Contents