How to enable the metabase auditing feature in IIS 6.0 on a computer that is running Windows Server 2003 Service Pack 1

Article translations Article translations
Article ID: 936696 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

The new metabase auditing feature in Internet Information Services (IIS) 6.0 lets you audit changes that are made to the IIS metabase. The metabase auditing feature is available in IIS 6.0 on a computer that is running Microsoft Windows Server 2003 Service Pack 1 (SP1). When metabase auditing is enabled, the Security log on the server show events that apply to the IIS configuration changes that are made.

Note To enable the metabase auditing feature, you must have Windows Server 2003 SP1 or a later version of Windows Server 2003 installed on the computer. The metabase auditing feature is not available on a computer that is running a version of the program that is earlier than Windows Server 2003 SP1.

This article describes how to enable the metabase auditing feature in IIS 6.0.

More information

To enable the metabase auditing feature in IIS 6.0, follow these steps.

Step 1: Enable Group Policy auditing in Windows Server 2003 SP1

  1. Click Start, click Run, type Gpedit.msc, and then click OK.
  2. Under Local Computer Policy, expand Computer Configuration, and then expand Windows Settings.
  3. Expand Security Settings, expand Local Policies, and then click Audit Policy.
  4. In the details pane, double-click Audit object access.
  5. Click to select the Success check box, and then click to select the Failure check box.
  6. Click OK.

Step 2: Enable auditing in the IIS metabase

  1. Click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type CD System 32.
  3. Type the following command, and then press Enter:
    Iiscnfg.vbs /EnableAudit /<metabase path>
    Note In this command, <metabase path> represents the metabase path that you want to audit. 

    For example, to enable auditing for all the IIS metabase, type the following command, and then press Enter:
    Iiscnfg.vbs /EnableAudit / /r
     To enable auditing only on the root of a website that has a site ID of 1, type the following command, and then press Enter:
    Iiscnfg.vbs /EnableAudit /w3svc/1/root
    Note For more information about how to use the Iiscnfg.vbs command to enable the metabase auditing feature, type Iiscnfg.vbs /enableaudit /? at the command prompt, and then press Enter.
To disable metabase auditing, follow these steps:
  1. Click Start, click Run, type cmd, and then click OK
  2. At the command prompt, type the following command to run the Iiscnfg.vbs script: 
    cscript iiscnfg.vbs /disableAudit <path>
    Note In this command, <path> represents the path of the metabase location. For example, to disable metabase auditing at root level, type the following command:
    Iiscnfg.vbs /DisableAudit //r
  3. Press Enter.

References

For more information about metabase auditing, visit one of the following Microsoft Web sites:
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/b5ac0be1-24b5-4e13-9d61-485e28657f83.mspx?mfr=true

http://technet.microsoft.com/en-us/library/cc778743(WS.10).aspx

Properties

Article ID: 936696 - Last Review: December 21, 2012 - Revision: 3.0
Applies to
  • Microsoft Internet Information Services 6.0, when used with:
    • Microsoft Windows Server 2003 Service Pack 1
Keywords: 
kbaudit kbinfo kbhowto KB936696

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com