File-Level Security
Applies To: Windows Server 2003, Windows Server 2003 with SP1
As described in Table 4.4, IIS installs the metabase files with strict ACEs set to prevent anyone but administrators from viewing your configuration data. An access control list (ACL) is a container for ACEs.
Table 4.4 Metabase files, purpose, and permissions
| File | Purpose | ACL |
|---|---|---|
systemroot\System32\Inetsrv\MetaBase.xml |
Stores configuration data for the IIS services. |
NT AUTHORITY\SYSTEM : Full control BUILTIN\Administrators : Full control |
systemroot\System32\Inetsrv\MBSchema.xml |
Stores the schema for the configuration file. The schema defines what IIS properties can be set at certain metabase keys. |
NT AUTHORITY\SYSTEM : Full control BUILTIN\Administrators : Full control |
systemroot\System32\Inetsrv\ History\HistoryFile |
Stores the metabase history files that are created automatically by IIS. |
NT AUTHORITY\SYSTEM : Full control BUILTIN\Administrators : Full control |
systemroot\System32\Inetsrv\MetaBack\BackupFile |
Stores the metabase backup files that are created on demand by using Backup/Restore Configuration. |
NT AUTHORITY\SYSTEM : Full control BUILTIN\Administrators : Full control |