The metabase key values are stored in a disk file. The metabase is loaded from disk when IIS starts, stored to disk when IIS shuts down, and saved periodically while IIS is running. It is important to protect this file from unauthorized use, even though secure data is stored in a secure manner within the file. It is recommended that you store this file on an NTFS partition and use Windows NTŪ security to protect it.
The metabase is stored in a special format file, by default named METABASE.BIN in the INETSRV directory in which you installed IIS. You can move or rename the file and change the Windows NTŪ registry setting that tells IIS where to find the file on startup. To relocate or rename the metabase file, you will need to stop IIS, move or rename the file, and modify the registry key LOCAL_MACHINE\\SOFTWARE\\Microsoft\\INetMgr\\Parameters. Add a REG_SZ value to this key named MetadataFile that specifies the new complete path of the metabase file including the drive letter and file name.
You can implement your own custom backup policy for the metabase using simple ASP scripts. The IISComputer object in the IIS Admin Objects provides methods to manage metabase backups. These methods allow you to store multiple backup versions in long-term storage, restore the metabase from a backup version of your choice, and enumerate and delete backups. You can also use the IIS Admin Base Object with C++ programs to implement the same backup management functionality.