Addition to KB936696

  • Article

This posting is provided "AS IS" with no warranties, and confers no rights.

It is quite interesting that this KB article only talks about how to enable IIS 6 metabase audit, and there is no hint about how to disable it. Well, in fact it is rather easy to reverse the steps:)

To disable the metabase auditing feature in IIS 6.0, follow these steps.

Step 1: Disable auditing in the IIS metabase

1.  Click Start, click Run, type Cmd , and then click OK. 

2.  Use the CD command to change to the System32 folder. 

3.  Type the following command, and then press ENTER:

Iiscnfg.vbs /DisableAudit / metabase path

Note In this command, metabase path is the metabase path that you audit.

For example, to disable auditing for all the IIS metabase, type the following command, and then press ENTER:

Iiscnfg.vbs /DisableAudit / /r

To disable auditing only on the root of a Web site that has a site ID of 1, type the following command, and then press ENTER:

Iiscnfg.vbs /DisableAudit /w3svc/1/root

Note For more information about how to use the Iiscnfg.vbs command to disable the metabase auditing feature, type Iiscnfg.vbs /disableaudit /? at the command prompt, and the press ENTER. 

Step 2: Disable Group Policy auditing in Windows Server 2003

1.  Click Start, click Run, type Gpedit.msc , and then click OK. 

2.  Under Local Computer Policy, expand Computer Configuration, and then expand Windows Settings. 

3.  Expand Security Settings, expand Local Policies, and then click Audit Policy. 

4.  In the details pane, double-click Audit object access. 

5.  Click to uncheck the Success check box, and then click to uncheck the Failure check box. 

6.  Click OK.

(If you want other applications to use Audit Policy in the future, step 2 can be omitted.)

Note, I only tested the steps on my own Windows Server 2003 SP2 x64 box, so don’t guarantee they work on your boxes. :) No warranties is provided. Support is limited to this blog.