Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 936696 - Last Review: September 21, 2009 - Revision: 2.0
How to enable the metabase auditing feature in IIS 6.0 on a computer that is running Windows Server 2003 Service Pack 1
The new metabase auditing feature in Internet Information Services (IIS) 6.0 lets you audit changes that are made to the IIS metabase. The metabase auditing feature is available in IIS 6.0 on a computer that is running Microsoft Windows Server 2003 Service Pack 1 (SP1).
Note To enable the metabase auditing feature, you must have Windows Server 2003 SP1 or a later version of Windows Server 2003 installed on the computer. The metabase auditing feature is not available on a computer that is running a version of Windows Server 2003 that is earlier than Windows Server 2003 SP1.
This article describes how to enable the metabase auditing feature in IIS 6.0.
To enable the metabase auditing feature in IIS 6.0, follow these steps.
Step 1: Enable Group Policy auditing in Windows Server 2003 SP1
- Click Start, click Run, type Gpedit.msc, and then click OK.
- Under Local Computer Policy, expand Computer Configuration, and then expand Windows Settings.
- Expand Security Settings, expand Local Policies, and then click Audit Policy.
- In the details pane, double-click Audit object access.
- Click to select the Success check box, and then click to select the Failure check box.
- Click OK.
Step 2: Enable auditing in the IIS metabase
- Click Start, click Run, type cmd, and then click OK.
- Use the CD command to change to the System32 folder.
- Type the following command, and then press ENTER:
Iiscnfg.vbs /EnableAudit /metabase path
Note In this command, metabase path is the metabase path that you want to audit.
For example, to enable auditing for all the IIS metabase, type the following command, and then press ENTER:Iiscnfg.vbs /EnableAudit / /r
To enable auditing only on the root of a Web site that has a site ID of 1, type the following command, and then press ENTER:Iiscnfg.vbs /EnableAudit /w3svc/1/root
Note For more information about how to use the Iiscnfg.vbs command to enable the metabase auditing feature, type Iiscnfg.vbs /enableaudit /? at the command prompt, and the press ENTER.
To disable metabase auditing, follow these steps:
- From the Start menu, open the command-line window.
- Type the following command to run the Iiscnfg.vbs script. Provide the path of the metabase location:
cscript iiscnfg.vbs /disableAudit <path>
For example, to disable metabase auditing at root level, type the following command:
Iiscnfg.vbs /DisableAudit / /r
- Press ENTER.
For more information about metabase auditing, visit one of the following Microsoft Web sites:
APPLIES TO
- Microsoft Internet Information Services 6.0, when used with:
- Microsoft Windows Server 2003 Service Pack 1
| kbaudit kbinfo kbhowto KB936696 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate