Plesk’s security rules for managed objects on hosted domains and web user folders are stored in security metadata files. Because Plesk has two different security policies applied to Windows objects, it uses two different types of security metadata files: disk security metadata file and hosting security metadata files.

The disk security metadata file defines security rules for Windows objects on server disks except for the contents of the %plesk_vhosts% directory, which contains hosted content for hosting accounts and is governed by a different security policy.

Security rules for Windows objects in the %plesk_vhosts% directory are defined by hosting security metadata files. Separate instances of hosting security metadata files are automatically created for each hosting account (domain or web user) from the corresponding template files during hosting account creation in Plesk.

You can manually modify security rules by editing corresponding security metadata files or templates. For detailed information about modifying Plesk’s security rules, see the sections Customizing Disk Security and Customizing Hosting Security.