Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Setting Metabase Properties for URL Authorization

Updated: August 22, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

To use URL authorization, you must set the required metabase properties on the application, virtual directory, or Web site where you want to authorize user access. You can either edit the metabase directly or run a script to set metabase properties.

You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile/User:MyComputer\Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (include the script's full path and any parameters).


To set metabase properties for URL authorization by editing the metabase directly
  • Edit the metabase directly to set the following metabase properties:

    • AzEnable Metabase Property: Enables URL authorization for the virtual directory, application, or URL that corresponds to the entry in the metabase.

    • AzStoreName Metabase Property: Associates an Authorization Manager store with the virtual directory, application, or URL.

    • AzScopeName Metabase Property: Associates the virtual directory, application, or URL with a scope. This scope will be the name of a scope in the IIS 6.0 URL authorization application in the Authorization Manager policy store referred to in the AzStoreName attribute. If no scope or an empty string is specified, the default scope of the IIS 6.0 URL authorization will be used.

    • AzImpersonationLevel Metabase Property: Determines the impersonation behavior for the application. This allows you to configure the Web application to impersonate the client user, the IIS worker process, or the IUSR_computername account for the worker process. Each setting significantly changes the environment and implied design of the Web application.

The sample script, written in Microsoft Visual Basic® Scripting Edition (VBScript), marks the root of the first site as a URL in MyAZScope, which is defined in the MyAZStore.xml file. Users with URLAccess rights in this scope will be able to access the site.

To set metabase properties for URL authorization by using a script
  • Use the following sample script as a guide to setting the required metabase properties:

    var objVDir = GetObject("IIS://localhost/w3svc/1/root")

    objVDir.AzEnable = true

    objVDir.AZStoreName = "MSXML://d:\MyAZStore.xml"

    objVDir.AzScopeName = "MyAZScope"

    objVDir.AZImpersonationLevel = 0


Related Information

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft