Metaacl.exe modifying metabase permissions for the IIS Admin Objects (267904)
The information in this article applies to:
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Services version 6.0
This article was previously published under Q267904 Important This article contains information about editing the metabase. Before you edit the metabase, verify that you have a backup copy that you can restore if a problem occurs. For information about how to do this, see the "Configuration Backup/Restore" Help topic in Microsoft Management Console (MMC).
SUMMARY
The sample that is provided in this article describes how you can view, set, or delete metabase permissions for the IIS Admin Objects in a Windows Scripting Host file.
MORE INFORMATIONNote If you are using ASP.Net 2.0 and you have to grant metabase permissions to a Windows user account, run the ASP.NET IIS Registration Tool command with the -ga option instead of using the tool that is shown here. For example, the following command line grants the Windows user account <WindowsUserAccount> permissions to the IIS metabase: aspnet_regiis -ga <WindowsUserAccount> The following file is available for download from the Microsoft Download Center:  Download the Metaacl.exe package now.
Release Date: July 16, 2003
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
The Metaacl.exe file contains the following files: |
| Metaacl.vbs | 7,380 KB | | EULA.txt | 1,652 KB |
To see how to use Metaacl.vbs, you can run it at a command prompt with no parameters. For best results, make sure that Cscript.exe is your default script interpreter or run:
Metaacl.vbs is provided as a code sample for you to use as a template to add similar code to your own applications. It has not been thoroughly tested and, for simplicity, it does not perform exhaustive error handling. Warning If you edit the metabase incorrectly, you can cause serious problems that may require you to reinstall any product that uses the metabase. Microsoft cannot guarantee that problems that result if you incorrectly edit the metabase can be solved. Edit the metabase at your own risk. Note Always back up the metabase before you edit it.
In
Internet Information Services (IIS), you can modify who has access to the IIS metabase by manually adding groups and users to the "Operators" in the Microsoft Management Console. When you perform the same task programmatically, you can add groups and individuals so that they have operator access, or you can have even finer control of the specific credentials that you grant to these users and groups.
Access to the IIS Admin Objects is controlled through the AdminACL property on the various metabase keys. This property contains a security descriptor that you can modify just like any other security descriptor. By setting the security descriptor, you can control access to the metabase keys.
This may be helpful if your Web application requires common users to read the value of certain metabase properties. By default, common users are not granted permission to read metabase properties.
| Modification Type: | Minor | Last Reviewed: | 4/18/2006 |
|---|
| Keywords: | kbdownload kbfile kbgraphxlinkcritical kbinfo KB267904 kbAudDeveloper |
|---|
|