Share via


AccessFlags

The AccessFlags property contains flags for configuring file access permissions, which are defined in the Flags section. The last four flags augment the first four flags in that they relate to access granted to remote computers. You can enable local access without remote access, but you cannot enable remote access without local access.

Schema Attributes

Attribute Name

Value

ADSI/WMI Data Type

DWORD

ABO Data Type

DWORD_METADATA

Schema Default

AccessRead

Internal Default

AccessRead | AccessScript

Upper Bound

0

Lower Bound

Not specified

Internal ID

6016

Friendly ID

MD_ACCESS_PERM

Property Attributes

INHERIT

User Type

IIS_MD_UT_FILE

Configurable Locations

You can configure this property at the following locations in the IIS metabase.

Metabase Path

IIS Admin Object Type

/LM/W3SVC

IIsWebService

/LM/MSFTPSVC

IIsFtpService

/LM/W3SVC/n

IIsWebServer

/LM/MSFTPSVC/n

IIsFtpServer

/LM/W3SVC/n/ROOT/file_name

/LM/W3SVC/n/ROOT/virtual_directory_name/file_name

IIsWebFile

/LM/W3SVC/n/ROOT/physical_directory_name

/LM/W3SVC/n/virtual_directory_name/physical_directory_name

IIsWebDirectory

/LM/W3SVC/n/ROOT

/LM/W3SVC/n/ROOT/virtual_directory_name

IIsWebVirtualDir

/LM/MSFTPSVC/n/ROOT

/LM/MSFTPSVC/n/ROOT/virtual_directory_name

IIsFtpVirtualDir

/LM/NNTPSVC

IIsNntpService

/LM/NNTPSVC/n

IIsNntpServer

/LM/NNTPSVC/n/ROOT

/LM/NNTPSVC/n/ROOT/virtual_directory_name

IIsNntpVirtualDir

/LM/SMTPSVC

IIsSmtpService

/LM/SMTPSVC/n

IIsSmtpServer

/LM/SMTPSVC/n/ROOT

/LM/SMTPSVC/n/ROOT/virtual_directory_name

IIsSmtpVirtualDir

Flags

Flag Name

AccessExecute

Versions Applicable

[IIS 5.0][IIS 5.1][IIS 6.0]

Description

A value of true indicates that the file or the contents of the folder may be executed, regardless of file type.

Bitmask

4 (hex 0x00000004)

Friendly Bitmask ID

MD_ACCESS_EXECUTE

Internal ID

6209

Flag Name

AccessNoPhysicalDir

Versions Applicable

[IIS 6.0]

Description

A value of true indicates that access to the physical path is not allowed.

Bitmask

32768 (hex 0x00008000)

Friendly Bitmask ID

No friendly named is defined for this identifier in iiscfng.h. Use the ID attribute listed below.

Internal ID

6308

Flag Name

AccessNoRemoteExecute

Versions Applicable

[IIS 5.0][IIS 5.1][IIS 6.0]

Description

A value of true indicates that remote requests to execute applications are denied; only requests from the same computer as the IIS server succeed if the AccessExecute property is set to true. You cannot set AccessNoRemoteExecute to false to enable remote requests, and set AccessExecute to false to disable local requests.

Bitmask

8192 (hex 0x00002000)

Friendly Bitmask ID

MD_ACCESS_NO_REMOTE_EXECUTE

Internal ID

6232

Flag Name

AccessNoRemoteRead

Versions Applicable

[IIS 5.0][IIS 5.1][IIS 6.0]

Description

A value of true indicates that remote requests to view files are denied; only requests from the same computer as the IIS server succeed if the AccessRead property is set to true. You cannot set AccessNoRemoteRead to false to enable remote requests, and set AccessRead to false to disable local requests.

Bitmask

4096 (hex 0x00001000)

Friendly Bitmask ID

MD_ACCESS_NO_REMOTE_READ

Internal ID

6231

Flag Name

AccessNoRemoteScript

Versions Applicable

[IIS 5.0][IIS 5.1][IIS 6.0]

Description

A value of true indicates that remote requests to view dynamic content are denied; only requests from the same computer as the IIS server succeed if the AccessScript property is set to true. You cannot set AccessNoRemoteScript to false to enable remote requests, and set AccessScript to false to disable local requests.

Bitmask

16384 (hex 0x00004000)

Friendly Bitmask ID

MD_ACCESS_NO_REMOTE_SCRIPT

Internal ID

6233

Flag Name

AccessNoRemoteWrite

Versions Applicable

[IIS 5.0][IIS 5.1][IIS 6.0]

Description

A value of true indicates that remote requests to create or change files are denied; only requests from the same computer as the IIS server succeed if the AccessWrite property is set to true. You cannot set AccessNoRemoteWrite to false to enable remote requests, and set AccessWrite to false to disable local requests.

Bitmask

1024 (hex 0x00000400)

Friendly Bitmask ID

MD_ACCESS_NO_REMOTE_WRITE

Internal ID

6230

Flag Name

AccessRead

Versions Applicable

[IIS 5.0][IIS 5.1][IIS 6.0]

Description

A value of true indicates that the file or the contents of the folder may be read through Microsoft Internet Explorer.

Bitmask

1 (hex 0x00000001)

Friendly Bitmask ID

MD_ACCESS_READ

Internal ID

6207

Flag Name

AccessScript

Versions Applicable

[IIS 5.0][IIS 5.1][IIS 6.0]

Description

A value of true indicates that the file or the contents of the folder may be executed if they are script files or static content. A value of false only allows static files, such as HTML files, to be served.

Bitmask

512 (hex 0x00000200)

Friendly Bitmask ID

MD_ACCESS_SCRIPT

Internal ID

6211

Flag Name

AccessSource

Versions Applicable

[IIS 5.0][IIS 5.1][IIS 6.0]

Description

A value of true indicates that users are allowed to access source code if either Read or Write permissions are set. Source code includes scripts in Microsoft ? Active Server Pages (ASP) applications.

Bitmask

16 (hex 0x00000010)

Friendly Bitmask ID

MD_ACCESS_SOURCE

Internal ID

6282

Flag Name

AccessWrite

Versions Applicable

[IIS 5.0][IIS 5.1][IIS 6.0]

Description

A value of true indicates that users are allowed to upload files and their associated properties to the enabled directory on your server or to change content in a Write-enabled file. Write can be implemented only with a browser that supports the PUT feature of the HTTP 1.1 protocol standard.

Bitmask

2 (hex 0x00000002)

Friendly Bitmask ID

MD_ACCESS_WRITE

Internal ID

6208

Example Code

Metabase properties can be configured programmatically using three different technologies in various different languages (see Comparison of IIS Administration Features). For basic code examples, see the sections under Using IIS Programmatic Administration. More complicated, task-based code examples are provided in Using IIS.

The following code example configures the AccessFlags property to allow read and script access to clients browsing the default Web site. This example uses uses ADSI in VBScript. ADSI is special in that it can refer to flags as properties. This code shows how to configure any DWORD (or Long) property.

Dim lAccessFlags 
Set IIsWebServerObj = GetObject("IIS://localhost/W3SVC/1") 

' Store original value: 
lAccessFlags = IIsWebServerObj.AccessFlags 

WScript.Echo("Before: AccessFlags = " & IIsWebServerObj.AccessFlags) 

' There are multiple ways to set a property: 
IIsWebServerObj.AccessRead = True 
IIsWebServerObj.Put "AccessScript", True 
IIsWebServerObj.SetInfo 

IIsWebServerObj.GetInfo 
WScript.Echo("After: AccessFlags = " & IIsWebServerObj.AccessFlags) 

' Restore to original value: 
IIsWebServerObj.Put "AccessFlags", lAccessFlags 
IIsWebServerObj.SetInfo 

IIsWebServerObj.GetInfo 
WScript.Echo("Restored: AccessFlags = " & IIsWebServerObj.AccessFlags) 

The following code example configures the AccessFlags property to allow read and script access to clients browsing the default Web site. This example uses WMI in JScript. This code shows how to configure any DWORD (or Long) property.

IIS 5.1 and earlier: WMI cannot be used.

var lAccessFlags; 
var providerObj = GetObject("winmgmts://localhost/root/MicrosoftIISv2"); 
var IIsWebServerObj = providerObj.get("IIsWebServerSetting='W3SVC/1'"); 

// Store original value: 
lAccessFlags = IIsWebServerObj.AccessFlags; 

WScript.Echo("Before: AccessFlags = " + IIsWebServerObj.AccessFlags); 

IIsWebServerObj.Properties_("AccessFlags").Value = 513; 
IIsWebServerObj.Put_(); 

IIsWebServerObj.get; 
WScript.Echo("After: AccessFlags = " + IIsWebServerObj.AccessFlags); 

// Restore to original value: 
IIsWebServerObj.Properties_("AccessFlags").Value = lAccessFlags; 
IIsWebServerObj.Put_(); 

IIsWebServerObj.get; 
WScript.Echo("Restored: AccessFlags = " + IIsWebServerObj.AccessFlags); 

Requirements

Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.

Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.

Product: IIS

See Also