Hacking IIS6 with Metabase Explorerby Mitch Tulloch
Mucking about in version 6 of the Internet Information Server (IIS) metabase is a lot easier than in earlier versions. That's because of two things:
- The IIS metabase is a simple XML file (as opposed to the binary file of earlier IIS versions), which you can edit using any text editor such as Notepad (or better, Notepad2).
- If you do try to edit the metabase and end up making a mess of the XML syntax, IIS will automatically restore the previous version of the metabase from its history file to avoid metabase corruption.
This sounds terrific until you go ahead and use Notepad to edit the metabase and end up creating well-formed, but totally meaningless, XML. The result is metabase corruption, and while you can still restore your metabase from an earlier saved version, you may not know that you've got a corrupt metabase until strange things start happening to your web server. As a result, it's better not to use Notepad or any other text editor to edit the IIS6 metabase. Instead, use Metabase Explorer, a GUI tool for viewing and editing the metabase on local and remote machines. You can download Metabase Explorer as part of the IIS 6.0 Resource Kit Tools available from the Microsoft Download Center.
But just because you can modify the metabase directly doesn't mean you'll need to. In fact, most IIS admins never need (or even want) to directly edit the metabase since most of the important metabase settings can be configured from the GUI. Not all of them, however--there are some occasions when you have to roll up your sleeves and dive into the metabase to do something. I was digging around recently on some of the popular IIS sites and weblogs, and the following are some metabase hacks you should know about if you're using IIS6 in a production environment.
Brett Hill, an IIS evangelist working for Microsoft, has a terrific list of 21 tasks you should perform right away after you install IIS on a Windows Server 2003 machine. This list of tasks is found on IIS Answers, one of several IIS sites managed by Hill (be sure to check out his weblog too). One of these tasks is to change the LogEventOnRecycle metabase property from its default value of 137 to 255, as this causes all recycling events to be logged in the event logs. This property is found in the AppPools metabase key as shown here in Figure 1 using Metabase Explorer:
Another reason for diving into the metabase is to enable compression for HTTP transfers. Scott Forsyth has a really great explanation of how to do this in his weblog, and it involves creating a new web service extension for the compression DLL (gzip.dll) and editing several properties of the IIsCompressionScheme metabase key. This key is found under both /LM/W3SVC/Filters/Compression/deflate and /LM/W3SVC/Filters/Compression/gzip (see my previous article Inside the XML Metabase of IIS 6 for an explanation of metabase paths like this) and using Metabase Explorer to try and find this key highlights one of the limitations in version 1.6 of Metabase Explorer--it has no search functionality built into it. So, if you need to find a key by name but don't know its path, you first have to open the metabase.xml file in Notepad and use Edit | Find to find the path to the key. Let's hope the next version of Metabase Explorer will have some search functionality built into it!
Another thing you can do by editing the metabase is create a "website operator" for a given website in IIS 6.0. Earlier versions of IIS had this option in the GUI, but it was removed in IIS 6.0 for some reason. Not to fear though, as IIS MVP Bernard Cheah explains how to do this in a post on his MVP weblog. MVPs are Microsoft awards given to "outstanding members of technical communities for their community participation and willingness to help others." Cheah is one of thousands of MVPs, including myself (shameless plug!), and a lot of MVPs have weblogs you may want to check out.
Finally, you can edit the metabase to obfuscate an SMTP site running on IIS6 by replacing the default SMTP banner with something new you devise. Security by obscurity doesn't add much security of course, but if you're interested in finding out how to do this see this KB article for instructions. And if you have other metabase hacks you want to share with WindowsDevCenter readers, feel free to post them as comments to this article. Thanks!
Return to the Windows DevCenter.