How to enable the metabase auditing feature in IIS 6.0 on a computer that is running Windows Server 2003 Service Pack 1

INTRODUCTION
The new metabase auditing feature in Internet Information Services (IIS) 6.0 lets you audit changes that are made to the IIS metabase. The metabase auditing feature is available in IIS 6.0 on a computer that is running Microsoft Windows Server 2003 Service Pack 1 (SP1). When metabase auditing is enabled, the Security log on the server show events that apply to the IIS configuration changes that are made.

Note To enable the metabase auditing feature, you must have Windows Server 2003 SP1 or a later version of Windows Server 2003 installed on the computer. The metabase auditing feature is not available on a computer that is running a version of the program that is earlier than Windows Server 2003 SP1.

This article describes how to enable the metabase auditing feature in IIS 6.0.
More information
To enable the metabase auditing feature in IIS 6.0, follow these steps.

Step 1: Enable Group Policy auditing in Windows Server 2003 SP1

  1. Click Start, click Run, type Gpedit.msc, and then click OK.
  2. Under Local Computer Policy, expand Computer Configuration, and then expand Windows Settings.
  3. Expand Security Settings, expand Local Policies, and then click Audit Policy.
  4. In the details pane, double-click Audit object access.
  5. Click to select the Success check box, and then click to select the Failure check box.
  6. Click OK.

Step 2: Enable auditing in the IIS metabase

  1. Click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type CD System 32.
  3. Type the following command, and then press Enter:
    Iiscnfg.vbs /EnableAudit /<metabase path>
    Note In this command, <metabase path> represents the metabase path that you want to audit. 

    For example, to enable auditing for all the IIS metabase, type the following command, and then press Enter:
    Iiscnfg.vbs /EnableAudit / /r
     To enable auditing only on the root of a website that has a site ID of 1, type the following command, and then press Enter:
    Iiscnfg.vbs /EnableAudit /w3svc/1/root
    Note For more information about how to use the Iiscnfg.vbs command to enable the metabase auditing feature, type Iiscnfg.vbs /enableaudit /? at the command prompt, and then press Enter.
To disable metabase auditing, follow these steps:
  1. Click Start, click Run, type cmd, and then click OK
  2. At the command prompt, type the following command to run the Iiscnfg.vbs script: 
    cscript iiscnfg.vbs /disableAudit <path>
    Note In this command, <path> represents the path of the metabase location. For example, to disable metabase auditing at root level, type the following command:
    Iiscnfg.vbs /DisableAudit //r
  3. Press Enter.
Properties

Article ID: 936696 - Last Review: 12/21/2012 19:01:00 - Revision: 3.0

  • Microsoft Internet Information Services 6.0
  • kbaudit kbinfo kbhowto KB936696
Feedback