How to Configure Access to the IIS Metabase

  • Article

Commerce Server 2009 Staging (CSS) services and CSS users must have access control permissions to the Internet Information Services (IIS) metabase to perform specific replication operations. You must grant the following access control permissions to perform these staging tasks:

Account

Permissions

CSS_SG security group

  • Full permissions to read and update the IIS metabase.

    You must configure access permission on the source staging server and all endpoint CSS servers for staging IIS metabase projects.

  • Full permissions to create virtual directories.

    You must configure access permission on the source staging server and all endpoint CSS servers when staging Web content projects that also create virtual directories.

CSS administrators, operators, or project-level users

  • Read and enumerate keys permissions to the IIS metabase.

    You must configure access permission on the source staging server and all endpoint CSS servers when staging IIS metabase projects. This is required to enable users to view the Web sites that are enclosed in the project properties dialog box accessed from the CSS Microsoft Management Console (MMC).

If you are using IIS 6.0, you can use the metaacl.vbs tool to add the following rights for any user:

  • R - Read

  • W - Write

  • S - Restricted Write

  • U - Unsecure Properties Read

  • E - Enumerate Keys

  • D - Write DACL (permissions)

Note

The metaacl.vbs tool only works with IIS 6.0.

You can download the metaacl.vbs tool from https://go.microsoft.com/fwlink/?LinkId=67350. Complete instructions are available when you download the tool.

Optionally, you can download the Internet Information Services (IIS) 6.0 Resource Kit Tools at https://go.microsoft.com/fwlink/?LinkId=67351. This resource kit includes a Metabase Explorer that works with IIS 6.0 or IIS 7.0 with IIS 6 Management Compatibility role services installed. On IIS 7.0, the IIS Admin Service must be running for the Metabase Explorer tool to work correctly.

In IIS 7.0, you can give the CSS_SG security group full control of the file applicationHost.config through the file ACLs. To do this, move to %windir%\System32\inetsrv\config\applicationHost.config, right-click applicationHost.config, on the Security tab, and then click Edit to add the CSS_SG security group to the list and to give it full control.

Use the following procedures to run the metaacl.vbs tool on IIS 6.0.

To grant the required permissions to CSS_SG group

  1. Click Start, click Run, type cmd, and then press Enter.

  2. In the Command Prompt window, move to the folder where you installed the metaacl.vbs tool.

  3. At the command line, type the following:

    metaacl.vbsIIS://Localhost/W3SVC<computer name>\CSS_SGRWSUED

To grant the required permissions to CSS users

  • In the Command Prompt window, type the following:

    metaacl.vbsIIS://Localhost/W3SVC<domain>\<username>RE

See Also

Other Resources

How to Create a Project for Staging the IIS Metabase

Configuring Security for Commerce Server Staging

Working with Internet Information Services (IIS)