IIS Provider::SetProperties
The SetProperties method sets one or more properties for a
metabase key. This method supports DWord, String, MultiSz (string
list), Boolean, Binary, MimeMapList, IPSecurity, and AdminAcl data
types. The example below shows one property of each type. Binary
types are encoded in base 64 using the Base64Encode() Windows API,
with the ATL_BASE64_FLAG_NOPAD flag.
Note
Due to a bug in IIS 5.0, Binary types are ignored, and gets and
sets of native Binary types (SSLCertHash and AdminACLBin) do
nothing.
The SetProperties method also supports deletion of properties
from a key using the attribute attr='32' as shown in the XML
request example in the MimeMap property. If a property is not
present, an attempt to remove the property will succeed.
SetProperties supports setting of an entire tree of key property
values as shown in the XML request example. The output from
GetProperties may be used as input to SetProperties.
AdminAcl Types
The IIS metabase uses AdminACL types, which are lists of
AccessControlEntry types. However, IIS does not support the full
set of permissions that may be expressed with an
AccessControlEntry. Only Trustee and AccessMask are supported by
IIS. Trustees may be in Lightweight Directory Access Protocol
(LDAP) format or in DOMAIN\samAccountName format. When trustees are
supplied in LDAP format, the IIS Provider must convert them to
DOMAIN/samAccountName format internally. This conversion uses the
preferredDomainController if one is provided.
Any supplied AdminAcl fully replaces the current permissions, so
be sure to include the BUILTIN\Adminstrators group as shown in the
sample. The 262315 (0x400AB) value of accessMask makes the trustee
an administrator that cannot be removed through the IIS admin
UI.
AppIsolated Property Special Handling
The AppIsolated property gets special handling within the IIS
Provider. The provider calls AppCreate2(mode) when this property is
set rather than merely setting the metabase property. This ensures
that the website application is correctly set to match the
AppIsolated input. To delete the IIS application, use the attr="32"
notation to remove the AppIsolated property.
Arguments |
Input argument |
Required |
Description |
<preferredDomainController> |
No |
If this key is provided, it will be used as the domain
controller when translating any LDAP paths that are used as
<trustee> values in AdminACL types. |
<key>
|
Yes |
A required node that specifies the metabase key to set data
for. |
<key path="">
|
Yes |
The path is the IIS path of the metabase key. The path is
required only in the root key node of the request. Child key nodes
do not use path, and require name instead.
It is important to ensure path points to a valid, appropriate
and trusted location. See the security note in IIS
Provisioning Security Considerations for more details.
|
<keys> |
No |
The <keys> node specifies any child keys for which
properties should be set. The <keys/> node may be omitted, or
it may be empty. |
<properties>
|
Yes |
This mandatory tag contains the list of properties to get on
for the metabase key. If there are no child <property> tags,
then all properties defined in the metabase schema for the
specified metabase key will be returned, with filtering controlled
by the key/@filter property. |
<property>
|
Yes |
Specifies all properties to set. The name attribute is
mandatory for each <property> tag. |
<property attr="32"> |
No |
To remove a property value from a metabase key, pass in the
value "32," which is the METADATA_ISINHERITED value. If this
attribute is set to "32," then the value of the property is ignored
and the property is removed from the key. |
<property type="">
|
Yes |
(returned) This returned attribute indicates the data type of
the property itself. Possible values are: bool, binary, long, sz
(indicates string), multiSz (indicates string list), dacl, mimeMap,
and ipSecurity. Refer to the following example for how the various
types are represented. This attribute is ignored as input. |
|
Sample
Code |
Example XML Request
The following is an example of an XML request for the
SetProperties method:
<request>
<procedure>
<execute namespace="IIS Provider" procedure="SetProperties"
impersonate="1">
<executeData>
<preferredDomainController>AD01.fabrikam.com
</preferredDomainController>
<key path="IIS://WEB01/W3SVC/Test2" name="Test2">
<properties>
<property name="AccessFlags">517</property>
<property name="AdminACL">
<dacl>
<ace>
<permission>139</permission>
<trustee>NT AUTHORITY\LOCAL SERVICE</trustee>
</ace>
<ace>
<permission>139</permission>
<trustee>NT AUTHORITY\NETWORK SERVICE</trustee>
</ace>
<ace>
<permission>262315</permission>
<trustee>BUILTIN\Administrators</trustee>
</ace>
</dacl>
</property>
<property name="MimeMap" attr="32">
<mimeMap>
<mimeType type="video/x-ms-asf"
extension=".asx"/>
<mimeType type="text/xml"
extension=".xml"/>
</mimeMap>
</property>
<property name="ServerBindings">
<values>
<value>:8025:</value>
</values>
</property>
<property name="ServerComment">fabrikam
</property>
<property name="IPSecurity">
<ipSecurity ipGrantByDefault="1">
<ipDeny>
<value>2.2.2.2, 255.255.255.255</value>
</ipDeny>
<ipGrant />
<domainDeny />
<domainGrant />
</ipSecurity>
</property>
<property name="AdminACLBin">AQIDBA</property>
</properties>
<keys>
<key path="IIS://WEB01/W3SVC/Test2/TestV"
name="TestV">
<properties>
<property name="AccessFlags">517</property>
</properties>
</key>
</keys>
</key>
</executeData>
<after source="executeData" destination="data" />
</execute>
</procedure>
</request>
Example XML Response
No example XML response.
|
Applies
To |
IIS
Provider API for:
- Hosted Messaging and Collaboration version 4.5
- Hosted Messaging and Collaboration version 4.0
- Hosted Messaging and Collaboration version 3.5
- Hosted Messaging and Collaboration version 3.0
- Windows-based Hosting version 4.5
- Windows-based Hosting version 4.0
- Windows-based Hosting version 3.5
- Windows-based Hosting for Applications version 1.0
|