AdminACL
The AdminACL property contains a Microsoft Windows discretionary access control list (DACL) thatcontrols access to any metabase key. This property grants read access, restricted write access, or unrestricted write access. For information about the possible values that can be set for this property, see the Bitmask Values table.
| Attribute Name | Attribute Value |
|---|---|
| XML Data Type | NTACL |
| WMI Data Type |
Same as WMI data type
|
| ADSI Data Type | NTACL |
| ABO Data Type | NTACL |
| ABO Metabase identifier |
MD_ADMIN_ACL
|
| Attributes | inherit | secure | reference |
| Default Value | null |
| MetaFlagsEx | CACHE_PROPERTY_MODIFIED |
| User Type | IIS_MD_UT_SERVER |
| StartingNumber | Not applicable |
| EndingNumber | Not applicable |
| ID | 6027 |
Configurable Locations
You can configure this property at the following locations in the IIS metabase.
| Metabase Path | IIS Admin Object Type |
|---|---|
| /LM/W3SVC/n/ROOT /LM/W3SVC/n/ROOT/virtual_directory_name |
IIsWebVirtualDir |
| /LM/W3SVC/n | IIsWebServer |
| /LM/MSFTPSVC/n | IIsFtpServer |
| /LM/W3SVC | IIsWebService |
| /LM/MSFTPSVC | IIsFtpService |
| /LM/W3SVC/n/ROOT/file_name /LM/W3SVC/n/ROOT/virtual_directory_name/file_name |
IIsWebFile |
| /LM/W3SVC/n/ROOT/physical_directory_name /LM/W3SVC/n/virtual_directory_name/physical_directory_name |
IIsWebDirectory |
| /LM/MSFTPSVC/n/ROOT /LM/MSFTPSVC/n/ROOT/virtual_directory_name |
IIsFtpVirtualDir |
| /LM/logging | IIsLogModules |
| /LM/W3SVC/Info | IIsWebInfo |
| /LM/MSFTPSVC/Info | IIsFtpInfo |
| /LM/NNTPSVC | IIsNntpService |
| /LM/NNTPSVC/n | IIsNntpServer |
| /LM/SMTPSVC | IIsSmtpService |
| /LM/SMTPSVC/n | IIsSmtpServer |
| / | IIS_ROOT |
| /LM/W3SVC/AppPools/DefaultAppPool /LM/W3SVC/AppPools/DefaultAppPool/application_pool_name |
IIsApplicationPool |
| /LM/W3SVC/AppPools | IIsApplicationPools |
Values
| Constant | Value | Description |
|---|---|---|
| MD_ACR_READ | 0x00000001 | Enables read access to all properties. |
| MD_ACR_WRITE | 0x00000002 | Enables write access to all properties. |
| MD_ACR_ENUM_KEYS | 0x00000008 | Enables key enumeration. |
| MD_ACR_RESTRICTED_WRITE | 0x00000020 | See the Remarks section following this table. |
| MD_ACR_UNSECURE_PROPS_READ | 0x00000080 | Enables read access to properties that do not have the METADATA_SECURE attribute set. |
| MD_ACR_WRITE_DAC | 0x00040000 | Enables write access to AdminACL for security descriptor creator. |
Remarks
MD_ACR_RESTRICTED_WRITE enables restricted write access to the following properties:
| AdminACL | AppIsolated |
| Path | AccessFlags |
| AnonymousUserName | AnonymousUserPass |
| MaxBandwidth | MaxBandwidthBlocked |
| SecureBindings | ServerBindings |
Code Example
For general code examples, please see Code Examples to Configure Metabase Properties