The AccessMask property specifies the protection required for the IIS Virtual Root.
| Type: | DWORD |
| Access: | Read/write |
| Status: | Optional |
| Function: | ClusterResourceControl |
| Structure: | CLUSPROP_DWORD |
| Control Code: | CLUSCTL_RESOURCE_GET_PRIVATE_PROPERTIES |
When ClusterResourceControl processes the CLUSCTL_RESOURCE_GET_PRIVATE_PROPERTIES control code, it returns a property list that includes the AccessMask property as one of the entries. The property value portion of the entry contains a CLUSPROP_DWORD structure that is set as follows:
DWORD AccessMaskData = VROOT_MASK_READ;
CLUSPROP_DWORD AccessMaskValue;
AccessMaskValue.Syntax = CLUSPROP_SYNTAX_LIST_VALUE_DWORD;
AccessMaskValue.cbLength = sizeof(DWORD);
AccessMaskValue.dw = AccessMaskData;
The data for the AccessMask property can be set to one of the following values:
VROOT_MASK_READ for read-only access
VROOT_MASK_WRITE for read/write access
VROOT_MASK_EXECUTE for execute access
AccessMask is set differently depending on the type of IIS Virtual Root. Gopher services have no permissions.
For FTP Virtual Roots that accept data from users, AccessMask should be set to VROOT_MASK_WRITE. However, assign VROOT_MASK_WRITE cautiously. It is important to prevent unauthorized users from placing files on, or deleting information from, the cluster node.
For WWW Virtual Roots that contain programs, scripts, and Internet Server API (ISAPI) applications, AccessMask should be set to VROOT_MASK_EXECUTE.
Note Although IIS Virtual Roots that contain content files should typically have an AccessMask of VROOT_MASK_READ, resources with execute access are an exception. Do not set an IIS Virtual Root's AccessMask to VROOT_MASK_EXECUTE and VROOT_MASK_READ. Setting both VROOT_MASK_EXECUTE and VROOT_MASK_READ will prevent users from seeing any executable files with interactive content.
Version: Use Windows NT Server Enterprise Edition 4.0.
Windows CE: Unsupported.
Header: Declared in clusapi.h.