AccessFlags
The AccessFlags property contains flags for configuring file access permissions, which are defined in the Flags section. The last four flags augment the first four flags in that they relate to access granted to remote computers. You can enable local access without remote access, but you cannot enable remote access without local access.
Schema Attributes
Attribute Name |
Value |
|---|---|
DWORD |
|
DWORD_METADATA |
|
AccessRead |
|
AccessRead | AccessScript |
|
0 |
|
Not specified |
|
6016 |
|
MD_ACCESS_PERM |
|
INHERIT |
|
IIS_MD_UT_FILE |
Configurable Locations
You can configure this property at the following locations in the IIS metabase.
Metabase Path |
IIS Admin Object Type |
|---|---|
/LM/W3SVC |
IIsWebService |
/LM/MSFTPSVC |
IIsFtpService |
/LM/W3SVC/n |
IIsWebServer |
/LM/MSFTPSVC/n |
IIsFtpServer |
/LM/W3SVC/n/ROOT/file_name /LM/W3SVC/n/ROOT/virtual_directory_name/file_name |
IIsWebFile |
/LM/W3SVC/n/ROOT/physical_directory_name /LM/W3SVC/n/virtual_directory_name/physical_directory_name |
IIsWebDirectory |
/LM/W3SVC/n/ROOT /LM/W3SVC/n/ROOT/virtual_directory_name |
IIsWebVirtualDir |
/LM/MSFTPSVC/n/ROOT /LM/MSFTPSVC/n/ROOT/virtual_directory_name |
IIsFtpVirtualDir |
/LM/NNTPSVC |
IIsNntpService |
/LM/NNTPSVC/n |
IIsNntpServer |
/LM/NNTPSVC/n/ROOT /LM/NNTPSVC/n/ROOT/virtual_directory_name |
IIsNntpVirtualDir |
/LM/SMTPSVC |
IIsSmtpService |
/LM/SMTPSVC/n |
IIsSmtpServer |
/LM/SMTPSVC/n/ROOT /LM/SMTPSVC/n/ROOT/virtual_directory_name |
IIsSmtpVirtualDir |
Flags
Flag Name |
AccessExecute |
|---|---|
Versions Applicable |
[IIS 5.0][IIS 5.1][IIS 6.0] |
Description |
A value of true indicates that the file or the contents of the folder may be executed, regardless of file type. |
4 (hex 0x00000004) |
|
MD_ACCESS_EXECUTE |
|
6209 |
Flag Name |
AccessNoPhysicalDir |
|---|---|
Versions Applicable |
[IIS 6.0] |
Description |
A value of true indicates that access to the physical path is not allowed. |
32768 (hex 0x00008000) |
|
No friendly named is defined for this identifier in iiscfng.h. Use the ID attribute listed below. |
|
6308 |
Flag Name |
AccessNoRemoteExecute |
|---|---|
Versions Applicable |
[IIS 5.0][IIS 5.1][IIS 6.0] |
Description |
A value of true indicates that remote requests to execute applications are denied; only requests from the same computer as the IIS server succeed if the AccessExecute property is set to true. You cannot set AccessNoRemoteExecute to false to enable remote requests, and set AccessExecute to false to disable local requests. |
8192 (hex 0x00002000) |
|
MD_ACCESS_NO_REMOTE_EXECUTE |
|
6232 |
Flag Name |
AccessNoRemoteRead |
|---|---|
Versions Applicable |
[IIS 5.0][IIS 5.1][IIS 6.0] |
Description |
A value of true indicates that remote requests to view files are denied; only requests from the same computer as the IIS server succeed if the AccessRead property is set to true. You cannot set AccessNoRemoteRead to false to enable remote requests, and set AccessRead to false to disable local requests. |
4096 (hex 0x00001000) |
|
MD_ACCESS_NO_REMOTE_READ |
|
6231 |
Flag Name |
AccessNoRemoteScript |
|---|---|
Versions Applicable |
[IIS 5.0][IIS 5.1][IIS 6.0] |
Description |
A value of true indicates that remote requests to view dynamic content are denied; only requests from the same computer as the IIS server succeed if the AccessScript property is set to true. You cannot set AccessNoRemoteScript to false to enable remote requests, and set AccessScript to false to disable local requests. |
16384 (hex 0x00004000) |
|
MD_ACCESS_NO_REMOTE_SCRIPT |
|
6233 |
Flag Name |
AccessNoRemoteWrite |
|---|---|
Versions Applicable |
[IIS 5.0][IIS 5.1][IIS 6.0] |
Description |
A value of true indicates that remote requests to create or change files are denied; only requests from the same computer as the IIS server succeed if the AccessWrite property is set to true. You cannot set AccessNoRemoteWrite to false to enable remote requests, and set AccessWrite to false to disable local requests. |
1024 (hex 0x00000400) |
|
MD_ACCESS_NO_REMOTE_WRITE |
|
6230 |
Flag Name |
AccessRead |
|---|---|
Versions Applicable |
[IIS 5.0][IIS 5.1][IIS 6.0] |
Description |
A value of true indicates that the file or the contents of the folder may be read through Microsoft Internet Explorer. |
1 (hex 0x00000001) |
|
MD_ACCESS_READ |
|
6207 |
Flag Name |
AccessScript |
|---|---|
Versions Applicable |
[IIS 5.0][IIS 5.1][IIS 6.0] |
Description |
A value of true indicates that the file or the contents of the folder may be executed if they are script files or static content. A value of false only allows static files, such as HTML files, to be served. |
512 (hex 0x00000200) |
|
MD_ACCESS_SCRIPT |
|
6211 |
Flag Name |
AccessSource |
|---|---|
Versions Applicable |
[IIS 5.0][IIS 5.1][IIS 6.0] |
Description |
A value of true indicates that users are allowed to access source code if either Read or Write permissions are set. Source code includes scripts in Microsoft ? Active Server Pages (ASP) applications. |
16 (hex 0x00000010) |
|
MD_ACCESS_SOURCE |
|
6282 |
Flag Name |
AccessWrite |
|---|---|
Versions Applicable |
[IIS 5.0][IIS 5.1][IIS 6.0] |
Description |
A value of true indicates that users are allowed to upload files and their associated properties to the enabled directory on your server or to change content in a Write-enabled file. Write can be implemented only with a browser that supports the PUT feature of the HTTP 1.1 protocol standard. |
2 (hex 0x00000002) |
|
MD_ACCESS_WRITE |
|
6208 |
Example Code
Metabase properties can be configured programmatically using three different technologies in various different languages (see Comparison of IIS Administration Features). For basic code examples, see the sections under Using IIS Programmatic Administration. More complicated, task-based code examples are provided in Using IIS.
The following code example configures the AccessFlags property to allow read and script access to clients browsing the default Web site. This example uses uses ADSI in VBScript. ADSI is special in that it can refer to flags as properties. This code shows how to configure any DWORD (or Long) property.
Dim lAccessFlags
Set IIsWebServerObj = GetObject("IIS://localhost/W3SVC/1")
' Store original value:
lAccessFlags = IIsWebServerObj.AccessFlags
WScript.Echo("Before: AccessFlags = " & IIsWebServerObj.AccessFlags)
' There are multiple ways to set a property:
IIsWebServerObj.AccessRead = True
IIsWebServerObj.Put "AccessScript", True
IIsWebServerObj.SetInfo
IIsWebServerObj.GetInfo
WScript.Echo("After: AccessFlags = " & IIsWebServerObj.AccessFlags)
' Restore to original value:
IIsWebServerObj.Put "AccessFlags", lAccessFlags
IIsWebServerObj.SetInfo
IIsWebServerObj.GetInfo
WScript.Echo("Restored: AccessFlags = " & IIsWebServerObj.AccessFlags)
The following code example configures the AccessFlags property to allow read and script access to clients browsing the default Web site. This example uses WMI in JScript. This code shows how to configure any DWORD (or Long) property.
IIS 5.1 and earlier: WMI cannot be used.
var lAccessFlags;
var providerObj = GetObject("winmgmts://localhost/root/MicrosoftIISv2");
var IIsWebServerObj = providerObj.get("IIsWebServerSetting='W3SVC/1'");
// Store original value:
lAccessFlags = IIsWebServerObj.AccessFlags;
WScript.Echo("Before: AccessFlags = " + IIsWebServerObj.AccessFlags);
IIsWebServerObj.Properties_("AccessFlags").Value = 513;
IIsWebServerObj.Put_();
IIsWebServerObj.get;
WScript.Echo("After: AccessFlags = " + IIsWebServerObj.AccessFlags);
// Restore to original value:
IIsWebServerObj.Properties_("AccessFlags").Value = lAccessFlags;
IIsWebServerObj.Put_();
IIsWebServerObj.get;
WScript.Echo("Restored: AccessFlags = " + IIsWebServerObj.AccessFlags);
Requirements
Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.
Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.
Product: IIS