Ensure web content is on non-system partition

Best practice for systems running IIS, part of Hardening IIS:

Execute the following command to ensure no virtual directories are mapped to the system
drive:

%systemroot%\system32\inetsrv\appcmd list vdir

Nessus audit file checks

<if>
<condition type:"AND"> 
<custom_item>
 type : AUDIT_POWERSHELL
 description: "IISPS:Check if PS Webadministration is available:IIS8"
 value_type : POLICY_TEXT
 value_data : "Powershell Webadministration is available"
 powershell_args: 'if
                   ($(get-module -listavailable Webadministration -Erroraction SilentlyContinue) -eq $Null)
                   {write-host "Powershell Webadministration is not available" } 
                   else 
                   {write-host "Powershell Webadministration is available" }'
</custom_item>
</condition>
<then>
 
<custom_item>
 type: AUDIT_POWERSHELL
 description: "IIS800003:Ensure Web Content Is on Non-System Partition (Webroot):IIS8"
 value_type: POLICY_TEXT
 value_data: ""
 powershell_args: 'import-module Webadministration -DisableNameChecking; 
                   get-childitem IIS:\Sites | 
                   where {$_.physicalPath -match \\"SystemDrive\\" -or $_.physicalPath -match \\"C:\\"} | 
                   Select Name, Physicalpath, State ' 
 powershell_option: CAN_BE_NULL
</custom_item>
 
<custom_item>
 type: AUDIT_POWERSHELL
 description: "IIS800003:Ensure Web Content Is on Non-System Partition (VDIR):IIS8"
 value_type: POLICY_TEXT
 value_data: ""
 powershell_args: 'import-module Webadministration -DisableNameChecking; 
                   get-webvirtualdirectory | 
                   where {$_.physicalPath -match \\"SystemDrive\\" -or $_.physicalPath -match \\"C:\\"} | 
                   Select Path, Physicalpath' 
 powershell_option: CAN_BE_NULL
</custom_item>
 
</then>
<else>
<custom_item>
 type : AUDIT_IIS_APPCMD
 description: "IIS800003:Ensure Web Content Is on Non-System Partition (APPCMD):IIS8"
 value_type : POLICY_TEXT
 value_data : "physicalPath:(\%SystemDrive\%|C:)"
 appcmd_args: "list vdir"
 check_type : CHECK_NOT_REGEX
</custom_item>
</else>
</if>
 
<custom_item>
 type : FILE_CHECK
 description: "IIS800004:Webroot directory Drive E\Websites must exist:IIS8"
 value_type : POLICY_TEXT
 value_data : "E:\Websites"
 file_option: MUST_EXIST
</custom_item> 
 
<custom_item>
 type : FILE_CHECK
 description: "IIS800005:WWW Webroot directory Drive E\Websites\www must exist:IIS8"
 value_type : POLICY_TEXT
 value_data : "E:\Websites\wwwroot"
 file_option: MUST_EXIST
</custom_item>

References