In last couple of years, Powershell has changed IT a lot. We are doing most of tasks using Powershell now. It requires little extra effort to automate any task.

For last few weeks we are having issue with our IIS web sites. We are have trouble with website authentication. We are still working on permanent solution.

In IIS there is website property called Authentication. Authentication helps you confirm the identity of clients who request access to your sites and applications. IIS 7 supports Anonymous and Integrated Windows authentication by default.

Below script helps us to check if windows authentication is enabled for website or not, if yes then it further checks if ‘Enable Kernal-mode authentication’ is checked. If it is unchecked then it would send an email.

To query to IIS using Powershell, you need to have role ‘IIS Management Script and Tools’ enabled.

import-module webadminintration

#check for all the websites on server
$n = Get-ChildItem C:\inetpub\wwwroot\ -force| Where-Object {$_.mode -match "d"}

# E-mail report details
$emailFrom = ""
$emailTo = ""
$smtpServer =
$emailSubject = "Kerberos authentication error"

foreach($name in $n){
$name = 'IIS:\Sites\Default Web Site\' + $n
$enabled = Get-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -PSPath $name -name Enabled
$kb= Get-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -PSPath $name -name useKernelMode
if($enabled.value -eq 'True'){
if($kb -eq 'True'){
$mailMessageParameters = @{
From = $emailFrom
To = $emailTo
Subject = $emailSubject
SmtpServer = $smtpServer
Body = "XYZ is having Enable Kenrnal-mode authentication enabled for website" + $n

Send-MailMessage @mailMessageParameters -BodyAsHtml


I hope with this script would be useful for you.

If you have any question please leave in comment.

Leave a Comment

Your email address will not be published. Required fields are marked *