The IIS metabase is restored from a backup when you rerun the Lockdown Tool to undo changes (832853)


The information in this article applies to:

  • Microsoft Internet Information Server 4.0
  • Microsoft Internet Information Server 5.0
  • Microsoft Internet Information Services version 5.1
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

INTRODUCTION

You can run the Microsoft Internet Information Services (IIS) 5.0 Lockdown Tool after you have installed the tool if you want to undo the changes that the tool made. When you use the Undo feature of the Lockdown Tool, the IIS metabase reverts to the version that was backed up when you first installed the Lockdown Tool. Any changes that were made to the metabase after you first ran the Lockdown Tool are lost.

MORE INFORMATION

The Lockdown Tool creates the following metabase backup file when the tool is installed:

\%SystemRoot%\System32\Inetsrv\Metaback\Oblt-mb.md0

The Lockdown Tool creates this file so that you can undo the metabase changes that the Lockdown Tool makes if you find problems after you run the tool. When you run the Iislockd.exe executable file, the program checks the Metaback directory for the Oblt-mb.md0 file. If the Iislockd.exe file finds the backup file in that location, the Iislockd.exe file assumes that the Lockdown Tool was previously run and that you are running the Iislockd.exe file again to undo the changes that the Lockdown Tool made. The Lockdown Tool, therefore, continues with the Undo sequence. In the Undo sequence, the Oblt-mb.md0 version of the IIS metabase is restored.

The rolling back to the Oblt-mb.md0 version of the metabase is an important feature of the Lockdown Tool. This feature makes sure that a valid version of the metabase exists and can be restored if the installation of the Lockdown Wizard interferes with the typical function of an IIS application.

Sometimes, you may have to reapply the Lockdown Tool settings without reverting to the earlier copy of the metabase. To do this, move the Oblt-mb.md0 file out of the %SystemRoot%\System32\Inetsrv\Metaback directory before you run the Iislockd.exe file.

Note When you run the Lockdown Tool after you move the Oblt-mb.md0 file, you may have to modify some settings. You will have to modify these settings if you made changes after you first applied the Lockdown Tool.

REFERENCES

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

325864 How to install and use the IIS Lockdown Wizard

317052 How to undo changes made by the IIS Lockdown Wizard

311113 The IIS Lockdown Wizard Undo feature does not restore uninstalled services

832852 MBSA detects the IIS Lockdown Tool after you use the IIS Lockdown Tool Undo feature

Modification Type:MinorLast Reviewed:6/23/2005
Keywords:kbprb KB832853 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.