Plesk has a built-in mechanism for customizing security settings for Windows objects on the server disks. You can specify security rules and then have Plesk automatically apply the rules to Windows object security settings. The security files are easily accessible, and once you understand the logic of their use, you will be able to customize security settings on any folder or file found on a Plesk-managed server.

Incorrect security settings on Windows objects found on Plesk-managed servers may result in a number of server problems including but not limited to unavailability of site applications and services. We recommend that you become acquainted with this section before attempting to modify security settings on folders and files found on Plesk-managed server.

Plesk creates different Windows user accounts to manage servers and to serve Internet requests by IIS. Plesk has to assign the user accounts necessary permissions to access and manage Windows objects on managed servers. When assigning user account permissions, Plesk exercises two different security policies towards Windows objects - Disk security and Hosting security. Security settings for all Windows objects on a Plesk-managed server are initially configured according to the policies during Plesk installation. Compliance with the policies ensures maximum security without compromising server performance. The Windows objects security settings can be further customized. To manage object security settings, Plesk uses a flexible system based on Plesk’s own security metadata files and the DACL inheritance mechanisms implemented in Windows. Security settings can be customized by using the security metadata files and command-line utilities that are distributed with Plesk.

Note: Before making any changes to the security metadata, make a backup copy of the metadata file that you want to modify. For information why backing up security metadata files before modifying them is a good idea, see the sections Customizing Disk Security and Customizing Hosting Security.