How to Configure Access to the IIS Metabase

Article
11/17/2011

Commerce Server 2009 R2 Staging (CSS) services and CSS users must have access control permissions to the Internet Information Services (IIS) metabase to perform specific replication operations. You must grant the following access control permissions to perform these staging tasks:

Account	Permissions
CSS_SG security group	Full permissions to read and update the IIS metabase. You must configure access permission on the source staging server and all endpoint CSS servers for staging IIS metabase projects. Full permissions to create virtual directories. You must configure access permission on the source staging server and all endpoint CSS servers when staging Web content projects that also create virtual directories.
CSS administrators, operators, or project-level users	Read and enumerate keys permissions to the IIS metabase. You must configure access permission on the source staging server and all endpoint CSS servers when staging IIS metabase projects. This is required to enable users to view the Web sites that are enclosed in the project properties dialog box accessed from the CSS Microsoft Management Console (MMC).

CSS_SG security group

Full permissions to read and update the IIS metabase.

You must configure access permission on the source staging server and all endpoint CSS servers for staging IIS metabase projects.
Full permissions to create virtual directories.

You must configure access permission on the source staging server and all endpoint CSS servers when staging Web content projects that also create virtual directories.

CSS administrators, operators, or project-level users

Read and enumerate keys permissions to the IIS metabase.

You must configure access permission on the source staging server and all endpoint CSS servers when staging IIS metabase projects. This is required to enable users to view the Web sites that are enclosed in the project properties dialog box accessed from the CSS Microsoft Management Console (MMC).

Add the following rights for any user:

R - Read
W - Write
S - Restricted Write
U - Unsecure Properties Read
E - Enumerate Keys
D - Write DACL (permissions)

To use CSS with IIS 7.0, you must use Metabase compatility. Download the Internet Information Services (IIS) 6.0 Resource Kit Tools at https://go.microsoft.com/fwlink/?LinkId=67351. This resource kit includes a Metabase Explorer that works with IIS 6.0 or IIS 7.0 with IIS 6 Management Compatibility role services installed. On IIS 7.0, the IIS Admin Service must be running for the Metabase Explorer tool to work correctly.

In IIS 7.0, you can give the CSS_SG security group full control of the file applicationHost.config through the file ACLs.

To give the CSS_SG security group full control of the file applicationHost.config through the file ACLs

Move to %windir%\System32\inetsrv\config\applicationHost.config.
Right-click applicationHost.config, on the Security tab, and then click Edit to add the CSS_SG security group to the list and to give it full control.

How to Configure Access to the IIS Metabase

To give the CSS_SG security group full control of the file applicationHost.config through the file ACLs

See Also

Other Resources

Additional resources