ACLs v s? d?ng MetaACL cho metabase ACL thay ?i quy?n

D?ch tiu ? D?ch tiu ?
ID c?a bi: 326902 - Xem s?n ph?m m bi ny p d?ng vo.
Quan tr?ng Bi vi?t ny ch?a thng tin v? ch?nh s?a metabase. Tr?c khi b?n ch?nh s?a metabase, ki?m ch?ng r?ng b?n c m?t sao lu m b?n c th? khi ph?c l?i n?u m?t v?n ? x?y ra. Thng tin v? lm th? no ? lm i?u ny, xem cc ch? i?m tr? gip "c?u h?nh sao lu/khi ph?c l?i" trong Microsoft Management Console (MMC).
Bung t?t c? | Thu g?n t?t c?

? Trang ny

TM T?T

Bi vi?t ny m t? cch ti?p c?n ki?m sot li?t k (ACLs) lm vi?c trong Microsoft Internet Information Server (IIS) 4.0 ho?c Microsoft Internet Information Services (IIS) 5.0 metabase. Metabase khng ch? b?o v? h? i?u hnh ACLs vo t?p tin c? th? (Metabase.bin), nhng cc t?p tin c?ng c ACL b?o v? trong th m?c ring c?a m?nh.

Chu y Cc t?p tin Metabase.bin X.500 Lightweight Directory Access Protocol (LDAP) l m?t th m?c tun th? ?y ? v ?c qu?n l? b?i quy?n trong m?t m?i quan h? Parent\Child. V? v?y, ACLs l ? quy ?ng d?ng l?p cc th m?c cho ?n khi g?c ?c ?t t?i.

Bi vi?t ny c?ng m t? vai tr? c?a ACLs trong IIS metabase, lm th? no ? ch?nh s?a ACLs, v ACLs m?c ?nh IIS 4.0 v IIS 5.0.

THNG TIN THM

Danh sch i?u khi?n truy c?p

Gii thiu

Trong metabase, ACLs gi?i h?n truy c?p ti kho?n ng?i dng nh?t ?nh ? m?t s? phm trong th m?c Metabase.bin. Hai lo?i c?p php ?c c?p v?i ACLs:
  • ACCESS_ALLOWED_ACE
  • ACCESS_DENIED_ACE
Microsoft khuy?n co r?ng b?n ch? s? d?ng ACCESS_ALLOWED_ACE b?i v? Microsoft khng r?ng r?i ki?m tra ACCESS_DENIED_ACE.

B?i v? t?t c? ACL thng tin ?c lu tr? trong metabase chnh n trong cc MD_ADMIN_ACL b?t ?ng s?n, b?n c th? xem cc thng tin v?i i?n h?nh metabase xem cng c? nh Adsutil v Mdutil.

C quy?n

Khi b?n s?a ?i metabase ACLs, cc quy?n sau y c s?n:
  • MD_ACR_UNSECURE_PROPS_READ: Cho php m?t ng?i dng ch? ?c truy c?p vo b?t k? ti s?n ton.
  • MD_ACR_READ: Cung c?p cho ng?i dng ?c quy?n ?i v?i b?t k? ti s?n an ton ho?c ton.
  • MD_ACR_ENUM_KEYS: Cung c?p cho ng?i dng quy?n ?c li?t k t?t c? cc tn c?a cc nt con b?t k?.
  • MD_ACR_WRITE_DAC: Cho ng?i dng quy?n vi?t ho?c t?o ra m?t AdminACL b?t ?ng s?n t?i nt tng ?ng.
  • MD_ACR_WRITE: Cho ng?i dng quy?n s?a ?i (bao g?m thm ho?c b?) ?c tnh ngo?i tr? thu?c tnh b? gi?i h?n. ? bi?t thm chi ti?t, xem ph?n v? ?c tnh b? gi?i h?n b?i n?n t?ng.
  • MD_ACR_RESTRICTED_WRITE: Cho ng?i dng quy?n s?a ?i b?t k? ti s?n hi?n ang ?c thi?t l?p ? Ng?i qu?n tr? ch?. Quy?n ny cho php ton quy?n ki?m sot r?ng ch?a kha d?n ?n m?t ng?i s? d?ng.

Ch?nh s?a ACLs

C?nh bo N?u b?n ch?nh s?a metabase khng chnh xc, b?n c th? gy ra v?n ? nghim tr?ng m c th? yu c?u b?n ph?i ci ?t l?i b?t k? s?n ph?m c s? d?ng metabase. Microsoft khng th? ?m b?o r?ng nh?ng v?n ? gy ra n?u b?n khng chnh xc ch?nh s?a metabase c th? ?c gi?i quy?t. Ch?nh s?a metabase nguy c c?a ring b?n.

Chu y Lun lun sao lu metabase tr?c khi b?n ch?nh s?a n.

? ch?nh s?a cc ACLs, b?n s? d?ng m?t ti?n ch ?c ?t tn Metaacl.vbs.? bi?t thm thng tin, h?y b?m vao s? bi vi?t sau ? xem bi vi?t trong C s? Ki?n th?c Microsoft:
267904Metaacl.exe s?a ?i metabase quy?n cho cc ?i t?ng Admin IIS
V d? ny s?a ?i cc W3SVC ch?a kha ? t? ch?i truy c?p cho cc qu?n tr? vin.

C?nh bo Lm i?u ny trn m?t h? th?ng s?n xu?t c th? l c?c k? nguy hi?m v gy ra IIS ? khng ho?t ?ng theo thi?t k?. V d? ny ch? b?c qua qu tr?nh ch?nh s?a cho m?c ch cu?c bi?u t?nh.
  1. Sao chp cc t?p tin Metaacl.vbs vo th m?c %systemdrive%\Inetpub\Adminscripts.
  2. Nh?p vo B?t ?u, b?m Ch?y, lo?i CMD, sau b?m Ch?y ? m? m?t d?u nh?c l?nh.
  3. T?i d?u nh?c, h?y ch?y l?nh sau y ? thay ?i vo th m?c Adminscripts:
    c:\cd Inetpub\Adminscripts
    					
  4. ? s?a ?i cc thng s? lc IIS: / / LOCALHOST/W3SVC, h?y ch?y l?nh sau:
    c:\Inetpub\Adminscripts>cscript metaacl.vbs IIS://LOCALHOST/W3SVC mydomain\mydomainaccount RW
    
    					
    B?n nh?n ?c cc ph?n ?ng sau:
    ACE cho mydomain\mydomainaccount thm vo.
B?n c th? s? d?ng Metaacl.vbs ? thm cc quy?n sau y cho ng?i dng b?t k?:
  • R - ?c
  • W - vi?t
  • S - b? gi?i h?n ghi
  • U - unsecure thu?c tnh ?c
  • E - li?t k phm
  • D - vi?t DACL (quy?n)

ACLs b?i n?n t?ng my ch?

IIS 4,0

  • M?c ?nh ACLs Danh sch sau y m t? ACLs m?c ?nh ?c ?t trong th m?c Metabase.bin khi IIS 4.0 ? ?c ci ?t:
    LM -
       W3SVC
          BUILTIN\Administrators
            Access: RWSUED
          Everyone
            Access:     E
       MSFTPSVC
          BUILTIN\Administrators
            Access: RWSUED
          Everyone
            Access:     E
       SMTPSVC  
          BUILTIN\Administrators
            Access: RWSUED
          Everyone
            Access:     E
       NNTPSVC
          BUILTIN\Administrators
            Access: RWSUED
          Everyone
            Access:     E
    					
  • Nh?p b? gi?i h?n ACLs Danh sch sau y m t? cc tnh ch?t quan tr?ng metabase ?c nh d?u l b? gi?i h?n v? ci ?t m?c ?nh c?a IIS 4.0:
    MD_ADMIN_ACL
    MD_APP_ISOLATED
    MD_VR_PATH
    MD_ACCESS_PERM
    MD_ANONYMOUS_USER_NAME
    MD_ANONYMOUS_PWD
    MD_MAX_BANDWIDTH
    MD_MAX_BANDWIDTH_BLOCKED
    MD_ISM_ACCESS_CHECK
    MD_FILTER_LOAD_ORDER
    MD_FILTER_STATE
    MD_FILTER_ENABLED
    MD_FILTER_DESCRIPTION
    MD_FILTER_FLAGS
    MD_FILTER_IMAGE_PATH
    MD_SECURE_BINDINGS
    MD_SERVER_BINDINGS
    					

IIS 5,0

  • M?c ?nh ACLs Danh sch sau y m t? ACLs m?c ?nh ?c ?t trong th m?c Metabase.bin khi IIS 5.0 ?c ci ?t:
    LM - 
       W3SVC
          BUILTIN\Administrators
            Access: RWSUED
          Everyone
            Access:     E 
          {IISMachineName}\VS Developers
            Access: RWSUE 
       MSFTPSVC
          BUILTIN\Administrators
            Access: RWSUED
          Everyone
            Access:     E
       SMTPSVC
          BUILTIN\Administrators
            Access: RWSUED
          Everyone
            Access:     E 
       NNTPSVC
          BUILTIN\Administrators
            Access: RWSUED
          Everyone
            Access:     E 
    					
  • Nh?p b? gi?i h?n ACLs Danh sch sau y m t? cc tnh ch?t quan tr?ng metabase ?c nh d?u l b? gi?i h?n ci ?t m?c ?nh IIS 5.0:
    MD_ADMIN_ACL
    MD_APP_ISOLATED
    MD_VR_PATH
    MD_ACCESS_PERM
    MD_ANONYMOUS_USER_NAME
    MD_ANONYMOUS_PWD
    MD_MAX_BANDWIDTH
    MD_MAX_BANDWIDTH_BLOCKED
    MD_ISM_ACCESS_CHECK
    MD_FILTER_LOAD_ORDER
    MD_FILTER_STATE
    MD_FILTER_ENABLED
    MD_FILTER_DESCRIPTION
    MD_FILTER_FLAGS
    MD_FILTER_IMAGE_PATH
    MD_SECURE_BINDINGS
    MD_SERVER_BINDINGS
    					

IIS 6.0

  • M?c ?nh ACLs Danh sch sau y m t? ACLs m?c ?nh ?c ?t trong th m?c Metabase.xml khi IIS 6.0 ?c ci ?t:
    LM  
         W3SVC 
            NT AUTHORITY\LOCAL SERVICE 
    	  Access: R UE 
    	NT AUTHORITY\NETWORK SERVICE 
    	  Access: R UE 
    	{computername}\IIS_WPG 
               Access: R UE 
            BUILTIN\Administrators 
               Access: RWSUED
            {computername}\ASPNET
               Access: R   E 
         W3SVC/Filters
            NT AUTHORITY\LOCAL SERVICE
               Access: RW UE
            NT AUTHORITY\NETWORK SERVIC
               Access: RW UE
            {computername}\IIS_WPG
               Access: RW UE
            BUILTIN\Administrators
               Access: RWSUED
         W3SVC/1/Filters
            NT AUTHORITY\LOCAL SERVICE
               Access: RW UE
            NT AUTHORITY\NETWORK SERVIC
               Access: RW UE
            {computername}\IIS_WPG
               Access: RW UE
            BUILTIN\Administrators
               Access: RWSUED
         W3SVC/AppPools
            NT AUTHORITY\LOCAL SERVICE
               Access:    U
            NT AUTHORITY\NETWORK SERVICE
               Access:    U
           {computername}\IIS_WPG
               Access:    U
            BUILTIN\Administrators
               Access: RWSUED
         W3SVC/INFO
            BUILTIN\Administrators
               Access: RWSUED
         MSFTPSVC 
            BUILTIN\Administrators 
               Access: RWSUED 
         SMTPSVC 
            BUILTIN\Administrators
               Access: RWSUED
            NT AUTHORITY\LOCAL SERVICE
               Access:    UE
            NT AUTHORITY\NETWORK SERVICE
               Access:    UE
         NNTPSVC
            BUILTIN\Administrators
               Access: RWSUED
            NT AUTHORITY\LOCAL SERVICE
               Access:    UE
            NT AUTHORITY\NETWORK SERVICE
               Access:    UE
         Logging
            BUILTIN\Administrators
               Access: RWSUED 
    						
  • Nh?p b? gi?i h?n ACLs Danh sch sau y m t? cc tnh ch?t quan tr?ng metabase ?c nh d?u l b? gi?i h?n v? ci ?t m?c ?nh c?a IIS 6.0:
    MD_ADMIN_ACL
    MD_VPROP_ADMIN_ACL_RAW_BINARY
    MD_APPPOOL_ORPHAN_ACTION_EXE
    MD_APPPOOL_ORPHAN_ACTION_PARAMS
    MD_APPPOOL_AUTO_SHUTDOWN_EXE
    MD_APPPOOL_AUTO_SHUTDOWN_PARAMS
    MD_APPPOOL_IDENTITY_TYPE
    MD_APP_APPPOOL_ID
    MD_APP_ISOLATED
    MD_VR_PATH
    MD_ACCESS_PERM
    MD_VR_USERNAME
    MD_VR_PASSWORD
    MD_ANONYMOUS_USER_NAME
    MD_ANONYMOUS_PWD
    MD_LOGSQL_USER_NAME
    MD_LOGSQL_PASSWORD
    MD_WAM_USER_NAME
    MD_WAM_PWD
    MD_AD_CONNECTIONS_USERNAME
    MD_AD_CONNECTIONS_PASSWORD
    MD_MAX_BANDWIDTH
    MD_MAX_BANDWIDTH_BLOCKED
    MD_ISM_ACCESS_CHECK
    MD_FILTER_LOAD_ORDER
    MD_FILTER_ENABLED
    MD_FILTER_IMAGE_PATH
    MD_SECURE_BINDINGS
    MD_SERVER_BINDINGS
    MD_ASP_ENABLECLIENTDEBUG
    MD_ASP_ENABLESERVERDEBUG
    MD_ASP_ENABLEPARENTPATHS
    MD_ASP_ERRORSTONTLOG
    MD_ASP_KEEPSESSIONIDSECURE
    MD_ASP_LOGERRORREQUESTS
    MD_ASP_DISKTEMPLATECACHEDIRECTORY
    36948 RouteUserName
    36949 RoutePassword
    36958 SmtpDsPassword
    41191 Pop3DsPassword
    45461 FeedAccountName
    45462 FeedPassword
    49384 ImapDsPassword
    						

THAM KH?O

? bi?t thm chi ti?t v? ACLs v metabase II, gh thm Web site sau c?a Microsoft:
AdminACL
http://www.Microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/791d575e-5364-45a9-90ef-4dfd23f38d67.mspx

Gi?i thi?u v? IIS Metabase
http://www.Microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/43a51d34-7c81-413b-9727-ec9a19d0b428.mspx

T?ng quan v? cc ?i t?ng IIS Admin
http://www.Microsoft.com/technet/prodtechnol/windows2000serv/reskit/iisbook/c01_iis_administration_objects.mspx

Thu?c tnh

ID c?a bi: 326902 - L?n xem xt sau cng: 28 Thang Tam 2011 - Xem xt l?i: 2.0
p d?ng
  • Microsoft Internet Information Services 6.0
  • Microsoft Internet Information Services 5.0
T? kha:
kbhowtomaster kbinfo kbmt KB326902 KbMtvi
My d?ch
QUAN TRONG: Bi vi?t ny ?c d?ch b?ng ph?n m?m d?ch my c?a Microsoft ch? khng ph?i do con ng?i d?ch. Microsoft cung c?p cc bi vi?t do con ng?i d?ch v c? cc bi vi?t do my d?ch ? b?n c th? truy c?p vo t?t c? cc bi vi?t trong C s? Ki?n th?c c?a chng ti b?ng ngn ng? c?a b?n. Tuy nhin, bi vi?t do my d?ch khng ph?i lc no c?ng hon h?o. Lo?i bi vi?t ny c th? ch?a cc sai st v? t? v?ng, c php ho?c ng? php, gi?ng nh m?t ng?i n?c ngoi c th? m?c sai st khi ni ngn ng? c?a b?n. Microsoft khng ch?u trch nhi?m v? b?t k? s? thi?u chnh xc, sai st ho?c thi?t h?i no do vi?c d?ch sai n?i dung ho?c do ho?t ?ng s? d?ng c?a khch hng gy ra. Microsoft c?ng th?ng xuyn c?p nh?t ph?n m?m d?ch my ny.
Nh?p chu?t vo y ? xem b?n ti?ng Anh c?a bi vi?t ny:326902

Cung cp Phan hi

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com