This identifier contains a Microsoft® Windows NT® security descriptor that can be used to control access to any metabase subtree. Using discretionary ACL (DACL), this identifier can grant read access, restricted write access, or unrestricted write access.
| Data type | BINARY REFERENCE |
| Default inheritance | Inheritable |
| User type | IIS_MD_UT_SERVER |
| Constant | Value | Description |
|---|---|---|
| MD_ACR_READ | 0x00000001 | Enable read access to all properties |
| MD_ACR_WRITE | 0x00000002 | Enable write access to all properties |
| MD_ACR_ENUM_KEYS | 0x00000008 | Enable key enumeration |
| MD_ACR_RESTRICTED_WRITE | 0x00000020 | See note below |
| MD_ACR_UNSECURE_PROPS_READ | 0x00000080 | Enable read access to properties that do not have METADATA_SECURE attribute set |
| MD_ACR_WRITE_DAC | 0x00040000 | Enable write access to MD_ADMIN_ACL for security descriptor creator (as stored in MD_ADMIN_ACL) |
Note MD_ACR_RESTRICTED_WRITE enables write access to the following properties: MD_ADMIN_ACL, MD_APP_ISOLATED, MD_VR_PATH, MD_ACCESS_PERM, MD_ANONYMOUS_USER_NAME, MD_ANONYMOUS_PWD, MD_MAX_BANDWIDTH, MD_MAX_BANDWIDTH_BLOCKED, MD_SECURE_BINDINGS, and MD_SERVER_BINDINGS.
This identifier is available at the following metabase keys:
| Metabase Path | Key Type |
|---|---|
| /LM/MSFTPSVC | IIsFtpService |
| /LM/MSFTPSVC/n | IIsFtpServer |
| /LM/W3SVC | IIsWebService |
| /LM/W3SVC/n | IIsWebServer |