AdminACL Metabase Property

Applies To: Windows Server 2003, Windows Server 2003 with SP1

The AdminACL property contains a Windows discretionary access control list (DACL) that controls access to any metabase key. This property grants read access, restricted write access, or unrestricted write access. For information about the possible values that can be set for this property, see the Bitmask Values table.

Attribute Name Attribute Value

XML Data Type

NTACL

WMI Data Type

NTACL

ADSI Data Type

NTACL

ABO Data Type

NTACL

ABO Metabase Identifier

MD_ADMIN_ACL

Attributes

INHERIT | SECURE | REFERENCE

Default Value

null

MetaFlagsEx

CACHE_PROPERTY_MODIFIED

User Type

IIS_MD_UT_SERVER

ID

6027

Configurable Locations

You can configure this property at the following locations in the IIS metabase.

Metabase Path IIS Admin Object Type

/LM/W3SVC/n/ROOT /LM/W3SVC/n/ROOT/virtual_directory_name

IIsWebVirtualDir

/LM/W3SVC/n

IIsWebServer

/LM/MSFTPSVC/n

IIsFtpServer

/LM/W3SVC

IIsWebService

/LM/MSFTPSVC

IIsFtpService

/LM/W3SVC/n/ROOT/file_name /LM/W3SVC/n/ROOT/virtual_directory_name/file_name

IIsWebFile

/LM/W3SVC/n/ROOT/physical_directory_name /LM/W3SVC/n/virtual_directory_name/physical_directory_name

IIsWebDirectory

/LM/MSFTPSVC/n/ROOT /LM/MSFTPSVC/n/ROOT/virtual_directory_name

IIsFtpVirtualDir

/LM/logging

IIsLogModules

/LM/W3SVC/Info

IIsWebInfo

/LM/MSFTPSVC/Info

IIsFtpInfo

/LM/NNTPSVC

IIsNntpService

/LM/NNTPSVC/n

IIsNntpServer

/LM/SMTPSVC

IIsSmtpService

/LM/SMTPSVC/n

IIsSmtpServer

/

IIS_ROOT

/LM/W3SVC/AppPools/DefaultAppPool /LM/W3SVC/AppPools/DefaultAppPool/application_pool_name

IIsApplicationPool

/LM/W3SVC/AppPools

IIsApplicationPools

Values

Constant Value Description

MD_ACR_READ

0x00000001

Enables read access to all properties.

MD_ACR_WRITE

0x00000002

Enables write access to all properties.

MD_ACR_ENUM_KEYS

0x00000008

Enables key enumeration.

MD_ACR_RESTRICTED_WRITE

0x00000020

See the Remarks section following this table.

MD_ACR_UNSECURE_PROPS_READ

0x00000080

Enables read access to properties that do not have the METADATA_SECURE attribute set.

MD_ACR_WRITE_DAC

0x00040000

Enables write access to AdminACL for security descriptor creator.

Remarks

MD_ACR_RESTRICTED_WRITE enables restricted write access to the following properties.

AdminACL Metabase Property

AppIsolated Metabase Property

Path Metabase Property

AccessFlags Metabase Property

AnonymousUserName Metabase Property

AnonymousUserPass Metabase Property

MaxBandwidth Metabase Property

MaxBandwidthBlocked Metabase Property

SecureBindings Metabase Property

ServerBindings Metabase Property

Code Example

For general code examples, see Code Examples to Configure Metabase Properties.