You can use the property inheritance feature of the metabase to configure your IIS installation with few settings, and to minimize the amount of memory required for the metabase. Most metabase properties are inheritable, meaning that they are not explicitly set at a specific key and will inherit values assigned at higher-level keys. For example, you can set file and directory permissions such as AccessScript, AccessExecute and AccessWrite at the W3SVC level to apply to all files and directories in all server instances, or you can set them at the W3SVC/2/ROOT level to apply to all files and directories for the second Web server only. You can then set different permissions for individual subdirectories and files by explicitly setting them at lower levels. For example, you might set the AccessExecute permission property to TRUE for specific directories, virtual directories, or files, such as ...W3SVC/1/ROOT/VDir1/VDir1a, ...W3SVC/1/ROOT/VDir2/Dir2d, and ...W3SVC/1/ROOT/VDir2/Dir3/File1, and so on.
The default settings for AccessScript, AccessExecute, and AccessWrite are all FALSE. The way inheritance works is that wherever you set the value of an inheritable property, all instances of that property in the remaining subnodes will be set automatically. If you use Internet Services Manager to set an inheritable property, a dialog box will ask you if you are sure you want to change the value for all the subnodes. However, if you use a script or the command line to set an inheritable property, the values will be propagated immediately.
In the following example, AccessScript is set to TRUE at the Web service level (.../W3SVC), AccessExecute to TRUE at the root level (.../W3SVC/1/ROOT), and AccessWrite to TRUE at the file level (.../W3SVC/n/ROOT/VDir/Dir/File). The round ball represents where the user sets the property value and the arrows show the path of inheritance as the value is propagated through the subnodes.
Most metabase properties are inheritable, except for a few that are used only at specific keys. Some properties in the metabase are lists of values, such as the ServerBindings property.
Flag properties, such as file access permissions, are often combined into one DWORD by use of bitmasking. The entire set of flags is stored together and inherits together. For example, if you change one of the file access permissions, such as AccessExecute for a directory, the entire set of file access permissions is stored at the metabase key for that directory.
Each metabase property is described in detail in the Administration Property Reference. This reference includes information about whether each property is inheritable. Also, properties that are stored as part of a larger set are identified as flags; for example, see the property AccessFlags.