Microsoft KB Archive/832853

= The IIS metabase is restored from a backup when you rerun the Lockdown Tool to undo changes =

Article ID: 832853

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Services 5.1

-



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx





INTRODUCTION
You can run the Microsoft Internet Information Services (IIS) 5.0 Lockdown Tool after you have installed the tool if you want to undo the changes that the tool made. When you use the Undo feature of the Lockdown Tool, the IIS metabase reverts to the version that was backed up when you first installed the Lockdown Tool. Any changes that were made to the metabase after you first ran the Lockdown Tool are lost.



MORE INFORMATION
The Lockdown Tool creates the following metabase backup file when the tool is installed:

\%SystemRoot%\System32\Inetsrv\Metaback\Oblt-mb.md0

The Lockdown Tool creates this file so that you can undo the metabase changes that the Lockdown Tool makes if you find problems after you run the tool. When you run the Iislockd.exe executable file, the program checks the Metaback directory for the Oblt-mb.md0 file. If the Iislockd.exe file finds the backup file in that location, the Iislockd.exe file assumes that the Lockdown Tool was previously run and that you are running the Iislockd.exe file again to undo the changes that the Lockdown Tool made. The Lockdown Tool, therefore, continues with the Undo sequence. In the Undo sequence, the Oblt-mb.md0 version of the IIS metabase is restored.

The rolling back to the Oblt-mb.md0 version of the metabase is an important feature of the Lockdown Tool. This feature makes sure that a valid version of the metabase exists and can be restored if the installation of the Lockdown Wizard interferes with the typical function of an IIS application.

Sometimes, you may have to reapply the Lockdown Tool settings without reverting to the earlier copy of the metabase. To do this, move the Oblt-mb.md0 file out of the %SystemRoot%\System32\Inetsrv\Metaback directory before you run the Iislockd.exe file.

Note When you run the Lockdown Tool after you move the Oblt-mb.md0 file, you may have to modify some settings. You will have to modify these settings if you made changes after you first applied the Lockdown Tool.

