AdminACL

The AdminACL property contains a Microsoft Windows discretionary access control list (DACL) that can be used to control access to any metabase subtree. This property can be used to grant read access, restricted write access, or unrestricted write access.

Data type	NTACL
Default value	Empty (no DACL)
Inheritance	Inheritable

Access Locations

This property is accessible at the following locations:

Metabase Path	Key Type
/LM/MSFTPSVC	IIsFtpService
/LM/MSFTPSVC/N	IIsFtpServer
/LM/W3SVC	IIsWebService
/LM/W3SVC/N	IIsWebServer
/LM/W3SVC/N/ROOT	IIsWebVirtualDir
/LM/W3SVC/N/ROOT/WebVirtualDir	IIsWebVirtualDir
/LM/W3SVC/N/ROOT/WebVirtualDir/WebDirectory	IIsWebDirectory
/LM/W3SVC/N/ROOT/WebVirtualDir/WebDirectory/WebFile	IIsWebFile

IIS Admin Base Object Information

The following tables list additional information required only for code that uses the IIS Admin Base Object.

Metabase identifier	MD_ADMIN_ACL
Data type	BINARY_METADATA
User type	IIS_MD_UT_FILE

Values

Constant	Value	Description
MD_ACR_READ	0x00000001	Enable read access to all properties.
MD_ACR_WRITE	0x00000002	Enable write access to all properties.
MD_ACR_ENUM_KEYS	0x00000008	Enable key enumeration.
MD_ACR_RESTRICTED_WRITE	0x00000020	See Remarks, following this table.
MD_ACR_UNSECURE_PROPS_READ	0x00000080	Enable read access to properties that do not have the METADATA_SECURE attribute set.
MD_ACR_WRITE_DAC	0x00040000	Enable write access to AdminACL for security descriptor creator.

Remarks

MD_ACR_RESTRICTED_WRITE enables write access to the following properties:

AdminACL	AppIsolated
Path	AccessFlags
AnonymousUserName	AnonymousUserPass
MaxBandWidth	MaxBandWidthBlocked
SecureBindings	ServerBindings