When you register an Internet Information Services (IIS) 5.0 server with Resource Manager, Microsoft Provisioning System configures ACEs on the W3SVC and MSFTPSVC IIS metabase objects. When you provision a Web or an FTP site for an organization, Microsoft Provisioning System configures ACEs on the IIS metabase objects for the Web or FTP site. This topic describes the ACEs that Microsoft Provisioning System sets on IIS metabase objects. For more information about the tasks that Microsoft Provisioning System performs while registering resources and provisioning Web services, see Internet Information Services 5.0 hosting configuration.
The following table describes the ACEs on the W3SVC and MSFTPSVC IIS metabase objects that give administrators and CSRs in hosting and reseller organizations the ability to create Web and FTP sites:
| Trustees | Permission | Apply To |
|---|---|---|
| Administrators, admins@hosting, csradmins@hosting, AllResellerAdmins, AllResellerCSRAdmins | Allow | This object only |
| Permission | Allow | |
| Read | MD_ACCESS_READ | |
| Write | MD_ACCESS_WRITE | |
| Allow SSL access | MD_ACCESS_SSL | |
| Allow client SSL certificates | MD_ACCESS_NEGO_CERT | |
| Map SSL certificate to NT account | MD_ACCESS_MAP_CERT | |
| Enable write access to AdminACL for security descriptor creator | MD_ACR_WRITE_DAC |
The following table describes a default ACE:
| Trustees | Permission | Apply To |
|---|---|---|
| Everyone | Allow | This object only |
| Permission | Allow | |
| Allow SSL access | MD_ACCESS_SSL |
The following table describes the ACEs on the IIS metabase objects for Web and FTP sites that give administrators and CSRs in hosting organizations and reseller organizations and administrators in customer organizations the ability to administer the sites:
| Trustees | Permission | Apply To |
|---|---|---|
| For hosting: Administrators, admins@hosting, csradmins@hosting; For resellers: Administrators, admins@hosting, admins@reseller_organization; For customers: Administrators, admins@hosting, csradmins@hosting, admins@reseller_organization, csradmins@reseller_organization, admins@customer_organization | Allow | This object only |
| Permission | Allow | |
| Read | MD_ACCESS_READ | |
| Write | MD_ACCESS_WRITE | |
| Allow SSL access | MD_ACCESS_SSL | |
| Allow client SSL certificates | MD_ACCESS_NEGO_CERT | |
| Map SSL certificate to NT account | MD_ACCESS_MAP_CERT | |
| Enable write access to AdminACL for security descriptor creator | MD_ACR_WRITE_DAC |