what are the default locations for these files, and what are the security implications if unauthorised access can access/edit them? many IIS security references say access to them is key and unauthorised access poses an issue, but I'd like to understand what they are for and why they are such a concern to security teams. do they contain plain text passwords or something?
Can you please let us know the which OS you are using windows 2003/2008??
both in this case, albeit 2003 not for much longer