Plesk has a built-in mechanism for customizing security settings for
Windows objects on the server disks. You can specify security rules and
then have Plesk automatically apply the rules to Windows object security
settings. The security files are easily accessible, and once you
understand the logic of their use, you will be able to customize
security settings on any folder or file found on a Plesk-managed server.
Incorrect security settings on Windows objects found on Plesk-managed
servers may result in a number of server problems including but not
limited to unavailability of site applications and services. We
recommend that you become acquainted with this section before attempting
to modify security settings on folders and files found on Plesk-managed
server.
Plesk creates different Windows user accounts to manage servers and to
serve Internet requests by IIS. Plesk has to assign the user accounts
necessary permissions to access and manage Windows objects on managed
servers. When assigning user account permissions, Plesk exercises two
different security policies towards Windows objects - Disk security
and Hosting security. Security settings for all Windows objects on a
Plesk-managed server are initially configured according to the policies
during Plesk installation. Compliance with the policies ensures maximum
security without compromising server performance. The Windows objects
security settings can be further customized. To manage object security
settings, Plesk uses a flexible system based on Plesk’s own security
metadata files and the DACL inheritance mechanisms implemented in
Windows. Security settings can be customized by using the security
metadata files and command-line utilities that are distributed with
Plesk.
Note: Before making any changes to the security metadata, make a backup
copy of the metadata file that you want to modify. For information
why backing up security metadata files before modifying them is a
good idea, see the sections Customizing Disk Security
and Customizing Hosting Security.