A default installation of IIS 6.0 ensures metabase security by setting strict access control entries (ACEs) on the metabase files and by encrypting sensitive data within the files. If you maintain this level of security, perform regular backups, use a strong administrator password, and limit the number of users who have administrative credentials, you are taking the proper precautions to protect your metabase files.
As described in Table 11.4, IIS installs the metabase files with strict ACEs set to prevent anyone but administrators from viewing your configuration data. An access control list (ACL) is a container for ACEs.
Table 11.4. Metabase files, purpose, and permissions