Web Deploy is typically not directly invoked at the command line, and is instead called by Visual Studio as a part of deployment using a GUI. It is poorly documented and not made to be user friendly on the command line. Better tools (e.g. Chef) exist for this type of work, and should be used instead of MSDeploy if at all possible. However, if you find yourself in a position with no alternatives, here are a few handy tips for understanding Web Deploy in a CI/CD context.


Web Deploy is an extensible client-server tool for syncing content and configuration to IIS (Internet Information Services). Developers use it to sync (aka ‘publish’) compiled web applications (ASP .Net, PHP etc.) from developer tools (Visual Studio, WebMatrix, etc.) to IIS. Web Deploy consists of a framework which manages connection state and orchestrates the sync between source & destination.

The generalized format of a command using msdeploy.exe follows the form:

msdeploy.exe -verb:<verbName> -source:<provider>[=<pathToProviderObject> [,<providerSetting>=<providerSettingValue>]] [-dest:<provider>[=<pathToProviderObject> [,<providerSetting>=<providerSettingValue>]] [-<MSDeployOperationSetting> ...]]

For the purposes of this document, the verb argument will always be sync.

Selected Arguments


The sync (synchronize) operation makes one source and one destination object identical. Both a source (-source) and a destination (-dest) argument must be specified. The source and destination can be a Web site, Web server, or any data source supplied by a Web Deploy provider.

During a sync operation, Web Deploy automatically detects if encrypted objects are present in server-level configuration files (for example, the Applicationhost.config and Machine.config files), and will expect a password to have been specified for the destination by the encryptPassword provider setting. If you do not specify a valid value when a password is required, the sync operation will fail.

In order for the sync operation to function correctly, the Msdeploy.exe.configsettings file must be the same on the source and destination computers.




Specifies values during a sync operation for the parameters that you specify. The parameters may have been declared for a package or archive by using -declareParam. You can use -setParam with any provider.


Disables one or more specified link extensions during a synchronization operation. The link extensions are specified after -disableLink in a comma-delimited list. You can specify the link extension names directly, or use regular expressions that resolve to valid Web Deploy link extension names.

The Web Deploy link extensions are AppPoolExtension, CertificateExtension, ContentExtension, FrameworkConfigExtension, and HttpCertConfigExtension.


When specified, untrusted SSL connections are allowed; otherwise, untrusted SSL Connections are not allowed.

For a complete list of arguments, see here. Sources: and-2008/dd569089%28v%3dws.10%29

Leave a comment

Your email address will not be published. Required fields are marked *