I am using the following command to use a machine key to encrypt part of my web.config (it is actually an app.config for a .net app, renamed to web.config so the aspnet_regiis will work with it):
aspnet_regiis -pef "section-to-encrypt" "C:\inetpub\path-to-web.config\bin\Release" -prov "provider-name"
Before running this, I add the section < configProtectedData>, which seems to be required (to hook "provider-name" to machine crypto, it appears).
Problem: After running the above command, the < configSections> is removed from the .config file, damaging it.
What am I doing wrong?