DOCUMENT:Q321142 06-AUG-2002 [iis] TITLE :HOW TO: Hide the Metabase to Increase IIS Security PRODUCT :Internet Information Server PROD/VER::4.0,5.0 OPER/SYS: KEYWORDS:kbHOWTOmaster ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Internet Information Server version 4.0 - Microsoft Internet Information Services version 5.0 - Microsoft Internet Information Services version 5.1 ------------------------------------------------------------------------------- IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: Q256986 Description of the Microsoft Windows Registry IN THIS TASK ------------ - SUMMARY - Locate, Move, and Change the File Name of the Metabase - Add a Registry Entry for MetaDataFile - REFERENCES SUMMARY ======= This step-by-step article explains how to change the location of the metabase for Internet Information Services (IIS) to increase the security of the metabase file. Locate, Move, and Change the File Name of the Metabase ------------------------------------------------------ 1. Locate the Metabase.bin file. By default, the Metabase.bin file is located in the %systemroot%\system32\inetsrv folder. NOTE: You may want to create a backup copy of the metabase before you proceed. 2. Stop the IIS Admin Service. This also stops the dependent Web services. 3. Move the Metabase.bin file to a new folder. 4. Verify that the NTFS permissions are set correctly for the Metabase.bin file and the new folder. 5. Rename the Metabase.bin with a new name, a new file name extension, or both (for example, Filename.ext). Add a Registry Entry for MetaDataFile ------------------------------------- WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. 1. Start Registry Editor (Regedt32.exe). 2. Locate and click the following key in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\INetMgr\Parameters 3. On the Edit menu, click New, click String Value, and then add the following registry value: Value name: MetadataFile Data type: REG_SZ Value data: NOTE: specifies the new complete path of the metabase file, including the drive letter, folder, file name, and file name extension. 4. Quit Registry Editor. REFERENCES ========== For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base: Q300675 HOW TO: Create a Metabase Backup by Using Internet Information Server 4.0 in Windows NT Q300672 HOW TO: Create a Metabase Backup in IIS 5 Q271071 Minimum NTFS Permissions Required for IIS 5.0 to Work Q187506 List of NTFS Permissions Required for IIS Site to Work For more information, see the "Security" topic in the IIS 4.0 online documentation. To locate this topic, click Microsoft Internet Information Services, click Programmers Reference, click IIS Metabase, and then click Security. For more information, see the "Metabase and Reliability" topic in the IIS versions 5.0 and 5.1 online documentation. To locate this topic, click the Index tab, and then search for "Metabase". Additional query words: ====================================================================== Keywords : kbHOWTOmaster Technology : kbiisSearch kbiis500 kbiis400 kbiis510 Version : :4.0,5.0 Issue type : kbhowto ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.