O'Reilly logo

Internet Information Services (IIS) 6 Resource Kit by The Microsoft IIS Team

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Metabase Security

A default installation of IIS 6.0 ensures metabase security by setting strict access control entries (ACEs) on the metabase files and by encrypting sensitive data within the files. If you maintain this level of security, perform regular backups, use a strong administrator password, and limit the number of users who have administrative credentials, you are taking the proper precautions to protect your metabase files.

File-Level Security

As described in Table 11.4, IIS installs the metabase files with strict ACEs set to prevent anyone but administrators from viewing your configuration data. An access control list (ACL) is a container for ACEs.

Table 11.4. Metabase files, purpose, and permissions

File

Purpose

ACL

systemroot\System32\Inetsrv\ ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required