IIS Provider::SetProperties

The SetProperties method sets one or more properties for a metabase key. This method supports DWord, String, MultiSz (string list), Boolean, Binary, MimeMapList, IPSecurity, and AdminAcl data types. The example below shows one property of each type. Binary types are encoded in base 64 using the Base64Encode() Windows API, with the ATL_BASE64_FLAG_NOPAD flag.


Due to a bug in IIS 5.0, Binary types are ignored, and gets and sets of native Binary types (SSLCertHash and AdminACLBin) do nothing.

The SetProperties method also supports deletion of properties from a key using the attribute attr='32' as shown in the XML request example in the MimeMap property. If a property is not present, an attempt to remove the property will succeed.

SetProperties supports setting of an entire tree of key property values as shown in the XML request example. The output from GetProperties may be used as input to SetProperties.

AdminAcl Types

The IIS metabase uses AdminACL types, which are lists of AccessControlEntry types. However, IIS does not support the full set of permissions that may be expressed with an AccessControlEntry. Only Trustee and AccessMask are supported by IIS. Trustees may be in Lightweight Directory Access Protocol (LDAP) format or in DOMAIN\samAccountName format. When trustees are supplied in LDAP format, the IIS Provider must convert them to DOMAIN/samAccountName format internally. This conversion uses the preferredDomainController if one is provided.


sAMAccountName cannot be longer than 20 characters. See SAM-Account-Name Attribute for more information..

Any supplied AdminAcl fully replaces the current permissions, so be sure to include the BUILTIN\Adminstrators group as shown in the sample. The 262315 (0x400AB) value of accessMask makes the trustee an administrator that cannot be removed through the IIS admin UI.

AppIsolated Property Special Handling

The AppIsolated property gets special handling within the IIS Provider. The provider calls AppCreate2(mode) when this property is set rather than merely setting the metabase property. This ensures that the website application is correctly set to match the AppIsolated input. To delete the IIS application, use the attr="32" notation to remove the AppIsolated property.

 Sample Code
 Applies To
 See Also