Was this page helpful?
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All
Collapse the table of content
Expand the table of content
Expand Minimize

WebSvcExtRestrictionList Metabase Property

Updated: August 22, 2005

Applies To: Windows Server 2003, Windows Server 2003 with SP1

The WebSvcExtRestrictionList property contains a multi-string list of ISAPIs and CGIs used by applications on the Web server, including their location, descriptive information, and a flag for determining whether the Web service extension is enabled or disabled. The WebSvcExtRestrictionList property is used by the Web server to determine whether an ISAPI extension is permitted to run.

Each string element is written as:

  • AllowDenyFlag is "0" if the extension is not allowed or "1" if the extension is allowed.

  • ExtensionPhysicalPath is the full path to the extension. If the last four characters of the physical path are ".dll" (case insensitive), then the extension is an ISAPI, otherwise it is a CGI. In the case of CGI script mappings, the physical path must contain the physical path from the mapping (i.e. "c:\windows\system32\cmd.exe %s %s").

  • UIDeletableFlag is "1" if the UI is allowed to delete the extension from the list or "0" if the UI is not allowed to delete it.

  • GroupID is a non-localizable string used to identify groups of extensions.

  • Description is a localizable description of the extension.


Some examples of elements in this property are shown below. The first two entries, for *.dll and *.exe are special cases, referring to "All Unlisted ISAPIs" and "All Unlisted CGIs," respectively. The Web server core enables or disables all ISAPIs or all CGIs depending on the setting, if these entries are present:

"0,c:\windows\system32\inetsrv\asp.dll,0,ASP,Active Server Pages"
"0,c:\windows\system32\inetsrv\httpodbc.dll,0,HTTPODBC,Internet Data Connector"
"0,c:\windows\system32\inetsrv\ssinc.dll,1,SSINC,Server Side Includes"

Configuring the WebSvcExtRestrictionList property using Admin Base Object (ABO) can be risky because the format of the property must be perfect. The property is represented as a buffer of strings that are delimited by \0 and composed of five fields separated by commas. A safer way to configure this property is by using the extension-related ADSI and WMI methods of the IIsWebService object. For a brief comparison of ADSI and WMI, see Administering IIS Programmatically.


Attribute Name Attribute Value

XML Data Type


WMI Data Type


ADSI Data Type


ABO Data Type


ABO Metabase Identifier




Default Value




User Type




Configurable Locations

You can configure this property at the following locations in the IIS metabase.


Metabase Path IIS Admin Object Type



Code Example

For general code examples, see Code Examples to Configure Metabase Properties.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft