* Add admin owner group on upgrade * detailed logging (#231)

scripts/publish/publish.ps1

@@ -118,8 +118,7 @@ if (-not([string]::IsNullOrEmpty($SignType))) {
 		}
 	}
 	catch {
-		Write-Warning $_.Exception.Message
-		throw "Could not find msbuild"
+		throw "Could not find msbuild: $($_.Exception.Message)"
 	}
 
 	if ([string]::IsNullOrEmpty($SigningIdentity)) {
@@ -135,8 +134,7 @@ try {
 	}
 }
 catch {
-    Write-Warning $_.Exception.Message
-    throw "Could not find dotnet tools"
+    throw "Could not find dotnet tools: $($_.Exception.Message)"
 }
 
 DeletePreExistingFiles $OutputPath
@@ -171,8 +169,7 @@ try{
 	}
 }
 catch {
-    Write-Warning $_.Exception.Message
-    throw "Publish failed"
+    throw "Publish failed: $($_.Exception.Message)"
 }
 
 $outputConfigPath = Join-Path $applicationPath "config"
@@ -218,7 +215,7 @@ try {
 	}
 }
 catch {
-	throw "Could not build plugins for publishing"
+	throw "Could not build plugins for publishing: $($_.Exception.Message)"
 }
 
 # Copy setup

scripts/setup/config.ps1

@@ -115,6 +115,22 @@ function Remove($_path) {
     }
 }
 
+## create "IIS Administration API Owners" group if it does not exist, and and the current user to the group if not already added
+## Note that this method also includes a phase the indiciates the group is created by the installer so it can be removed if the application
+## is uninistalled
+function Ensure-IncludesIisAdminApiOwners($settings) {
+    $groupName = .\globals.ps1 'IIS_ADMIN_API_OWNERS'
+    $groupDescription = .\globals.ps1 'IIS_ADMIN_API_OWNERS_DESCRIPTION'
+    $currentAdUser = .\security.ps1 CurrentAdUser
+    .\security.ps1 EnsureLocalGroupMember -AdPath $currentAdUser -Name $groupName -Description $groupDescription
+    if (!$settings.security.users.administrators.Contains($groupName)) {
+        $settings.security.users.administrators += $groupName
+    }
+    if (!$settings.security.users.owners.Contains($groupName)) {
+        $settings.security.users.owners += $groupName
+    }
+}
+
 # Writes install time information into the appsettings.json file
 # AppSettingsPath: The full path to the appsettings.json file
 function Write-AppSettings($_appSettingsPath, $_port) {
@@ -126,13 +142,7 @@ function Write-AppSettings($_appSettingsPath, $_port) {
     }
 
     $settings = .\json.ps1 Get-JsonContent -Path $_appSettingsPath
-
-    $groupName = .\globals.ps1 'IIS_ADMIN_API_OWNERS'
-    $groupDescription = .\globals.ps1 'IIS_ADMIN_API_OWNERS_DESCRIPTION'
-    $currentAdUser = .\security.ps1 CurrentAdUser
-    .\security.ps1 EnsureLocalGroupMember -AdPath $currentAdUser -Name $groupName -Description $groupDescription
-    $settings.security.users.administrators += $groupName
-    $settings.security.users.owners += $groupName
+    Ensure-IncludesIisAdminApiOwners $settings
 
     if ($IncludeDefaultCors) {
         $settings.cors.rules += @{ "origin" = "https://manage.iis.net"; "allow" = $true }
@@ -161,6 +171,7 @@ function Migrate-AppSettings($_source, $_destination) {
     if ($oldAppSettings.administrators -ne $null) {
         .\json.ps1 Remove-Property -JsonObject $oldAppSettings -Name "administrators"
     }
+    Ensure-IncludesIisAdminApiOwners $oldAppSettings
 
     .\json.ps1 Set-JsonContent -Path $(Join-Path $Destination $userFiles["appsettings.json"]) -JsonObject $oldAppSettings
 }
@@ -238,6 +249,7 @@ function Write-Config($obj, $_path) {
             $port = [int]::parse($sPort)
         }
         catch {
+            Write-Warning $_.Exception.Message
             throw "Misconfigured 'urls' in appsettings: $($appsettings.urls)."
         }
     }

scripts/setup/install.ps1

@@ -144,7 +144,7 @@ function rollback() {
             Stop-Service $rollbackStore.createdService -ErrorAction SilentlyContinue
         }
         catch {
-            Write-Warning "Could not stop newly created service"
+            Write-Warning "Could not stop newly created service: $($_.Exception.Message)"
         }
 
         sc.exe delete "$($rollbackStore.createdService)" | Out-Null
@@ -172,7 +172,7 @@ function rollback() {
             New-Service -BinaryPathName $binaryPath -StartupType $startType -DisplayName $name -Name $name -ErrorAction Stop | Out-Null
         }
         catch {
-            Write-Warning "Could not restore the $($name) service."
+            Write-Warning "Could not restore the $($name) service: $($_.Exception.Message)"
         }
     }
 
@@ -185,7 +185,7 @@ function rollback() {
             .\net.ps1 DeleteSslBinding -Port $rollbackStore.newBoundCertPort
         }
         catch {
-            Write-Warning "Could not roll back SSL binding on port $($rollbackStore.newBoundCertPort)"
+            Write-Warning "Could not roll back SSL binding on port $($rollbackStore.newBoundCertPort): $($_.Exception.Message)"
         }
     }
 
@@ -199,7 +199,7 @@ function rollback() {
             .\net.ps1 BindCert -Hash $($info.CertificateHash) -AppId $($info.AppId) -Port $($info.IpEndpoint.Port)
         }
         catch {
-            Write-Warning "Could not restore previous SSL binding"
+            Write-Warning "Could not restore previous SSL binding: $($_.Exception.Message)"
         }
     }
 
@@ -213,7 +213,7 @@ function rollback() {
             .\config.ps1 Remove -Path $configPath
         }
         catch {
-            Write-Warning "Could not remove setup config"
+            Write-Warning "Could not remove setup config: $($_.Exception.Message)"
         }
     }
 
@@ -230,7 +230,7 @@ function rollback() {
             }
         }
         catch {
-            write-warning "Could not delete certificate that was created during installation."
+            write-warning "Could not delete certificate that was created during installation: $($_.Exception.Message)"
         }
     }
 
@@ -243,7 +243,7 @@ function rollback() {
             Start-Service $rollbackStore.stoppedOldService
         }
         catch {
-            write-warning "Could not restart service $($rollbackStore.stoppedOldService)."
+            write-warning "Could not restart service $($rollbackStore.stoppedOldService): $($_.Exception.Message)"
         } 
     }
 
@@ -257,7 +257,7 @@ function rollback() {
             .\files.ps1 Remove-ItemForced -Path $logsPath
         }
         catch {
-            write-warning "Could not delete logs folder $logsPath."
+            write-warning "Could not delete logs folder ${logsPath}: $($_.Exception.Message)"
         } 
     }
 
@@ -271,7 +271,7 @@ function rollback() {
             .\files.ps1 Remove-ItemForced -Path $adminRoot
         }
         catch {
-            write-warning "Could not delete installation folder $adminRoot."
+            write-warning "Could not delete installation folder ${adminRoot}: $($_.Exception.Message)"
         } 
     }
 
@@ -458,7 +458,7 @@ function Install
 		Start-Service "$ServiceName" -ErrorAction Stop
 	}
     catch {
-        throw "Could not start service"
+        throw "Could not start service: $($_.Exception.Message)"
     }
 
     $svc = Get-Service "$ServiceName" -ErrorAction SilentlyContinue

scripts/setup/migrate.ps1

@@ -24,7 +24,7 @@ function Rollback {
             Stop-Service $migrateRollback.startedNewService -ErrorAction Stop
         }
         catch {
-            Write-Warning "Could not stop newly created service $($migrateRollback.startedNewService)"
+            Write-Warning "Could not stop newly created service $($migrateRollback.startedNewService): $($_.Exception.Message)"
         }
     }
 
@@ -37,7 +37,7 @@ function Rollback {
             sc.exe delete "$($migrateRollback.createdNewService)" | Out-Null
         }
         catch {
-            Write-Warning "Could not remove newly created service '$($migrateRollback.createdNewService)'"
+            Write-Warning "Could not remove newly created service '$($migrateRollback.createdNewService)': $($_.Exception.Message)"
         }
     }
 
@@ -55,7 +55,7 @@ function Rollback {
             New-Service -BinaryPathName $binaryPath -StartupType $startType -DisplayName $name -Name $name -ErrorAction Stop | Out-Null
         }
         catch {
-            Write-Warning "Could not restore the $($name) service."
+            Write-Warning "Could not restore the $($name) service: $($_.Exception.Message)"
         }
     }  
 
@@ -68,7 +68,7 @@ function Rollback {
             Start-Service $migrateRollback.stoppedSourceService -ErrorAction Stop
         }
         catch {
-            Write-Warning "Could not restart source service"
+            Write-Warning "Could not restart source service: $($_.Exception.Message)"
         }
     }
 }
@@ -116,6 +116,7 @@ function Migrate {
         .\sanitize-logs.ps1 -Source $source
     }
     catch {
+        Write-Warning "Error sanitizing logs: $($_.Exception.Message)"
         # Never fail
     }
 

scripts/setup/msi-setup.ps1

@@ -89,7 +89,7 @@ function Upgrade() {
         $installed = $true
         .\migrate.ps1 -Source $latest -Destination $(Join-Path $adminRoot $Version)
         try {            
-            .\uninstall.ps1 -Path $latest -KeepFiles
+            .\uninstall.ps1 -Path $latest -KeepFiles -KeepGroups
         }
         catch {
             # Uninstall must not throw

scripts/setup/sanitize-logs.ps1

@@ -112,6 +112,7 @@ function Clear-CcsAuditPasswords($IisAdministrationPath) {
                 Clear-CcsAuditPasswordsFromFile -filePath $file.FullName
             }
             catch {
+                Write-Warning "Error clearing ccs audit password from $($file.FullName): $($_.Exception.Message)"
                 #If one file fails, do not block the remaining files
             }
         }

scripts/setup/security.ps1

@@ -93,6 +93,7 @@ function GetLocalGroup($groupName) {
             $group = $localAd.Children.Find($groupName, 'group')
         }
         catch {
+            Write-Warning $_.Exception.Message
             #COM Exception if group doesn't exit
         }
     }
@@ -376,7 +377,7 @@ function _Set-AclForced($_path, $_acl, $_recurse) {
         }
         catch {
             # Fail state: owner will be the Administrators group
-            Write-Warning "Could not restore owner for $($item.fullname)"
+            Write-Warning "Could not restore owner for $($item.fullname): $($_.Exception.Message)"
         }
 
         # Revert any token privileges adjusted

scripts/setup/setup.ps1

@@ -139,7 +139,7 @@ function Upgrade() {
         throw $_
     }
 
-    .\uninstall.ps1 -Path $latest
+    .\uninstall.ps1 -Path $latest -KeepGroups
 }
 
 function Uninstall() {

scripts/setup/uninstall.ps1

@@ -17,7 +17,11 @@ Param(
 
     [parameter()]
     [switch]
-    $KeepFiles
+    $KeepFiles,
+
+    [parameter()]
+    [switch]
+    $KeepGroups
 )
 
 .\require.ps1 Is-Administrator
@@ -83,7 +87,7 @@ function Uninstall($_path)
                 .\security.ps1 Add-FullControl -Path $InstallationDirectory.FullName -Identity $system -Recurse
             }
             catch {
-                Write-Warning "Unable to obtain full control of installation directory"
+                Write-Warning "Unable to obtain full control of installation directory: $($_.Exception.Message)"
             }
         }
 
@@ -117,16 +121,18 @@ function Uninstall($_path)
                 .\files.ps1 Remove-ItemForced -Path $setupConfig -ErrorAction Stop
             }
             catch {
-                Write-Warning "Could not remove installation configuration file"
+                Write-Warning "Could not remove installation configuration file: $($_.Exception.Message)"
             }
         }
     }
 
     $groupName = .\globals.ps1 'IIS_ADMIN_API_OWNERS'
     $group = .\security.ps1 GetLocalGroup -Name $groupName
     $installerFlag = .\globals.ps1 'INSTALLER_FLAG'
-    if ($group -and $group.Description.Contains($installerFlag)) {
-        .\security.ps1 RemoveLocalGroup -Name $groupName
+    if (!$KeepGroups) {
+        if ($group -and $group.Description.Contains($installerFlag)) {
+            .\security.ps1 RemoveLocalGroup -Name $groupName
+        }
     }
 
     exit 0