Ensuring That Secure Content Is Served Over HTTPS Only (IIS 6.0)

After a certificate is installed on a site, it can be served over HTTP or HTTPS. To ensure that only SSL requests are served, you must configure the AccessSSL metabase property to force SSL content requests only.


You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /user:MyComputer\Administrator cmd to open a command window with administrator rights and then type cscript.exeScriptName (include the script's full path and any parameters).


To force SSL content requests only


Click Start, click Run, type


and then click OK.


Type the following command at the command prompt:

cscript.exe adsutil.vbs set /w3svc/<site identifier>/AccessSSL TRUE

where <site identifier> is the unique number that identifies the site.

Related Topics

For information about configuring server bindings for SSL host headers, see Configuring Server Bindings for SSL Host Headers.

For information about Adsutil.vbs, see Using the Adsutil.vbs Administration Script.

For information about AccessSSL, see AccessSSLFlags Metabase Property.

© 2017 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies