Writing to a Remote Resource from an ASP App
Dave Burke is trying to make his classic ASP app write to a UNC path under IIS6. You can do this! Here's the long and short of what you've got to do, why you've got to do it, and how:
IIS 6 Apps, by default, run under the Network Service account. This is owned by the NT Authority on the system - it doesn't leave the system, in other words. The Network Service account is kind of like IUSR_MachineName, except it's a lot more secure. The problem is, that the Network Service account is useless when authenticating to another machine. But, there's a fix!
If the servers are a member of the domain, the best solution is to create an a domain account which the application will run under. This account will need to be granted Log on as Batch Job and Log on as Service rights on the IIS server. I usually create a group on my domain for Service Accounts for specific purposes, i.e. IIS apps, and then grant the group rights via a GPO on the proper server(s). It should also be added to the IIS_WPG local group. The new account should be given the proper permissions to the remote resource, of course.
The next step is actually getting the ASP app to run under this account. The best solution is to create an Application Pool in IIS Manager, and configure it to run under the new service account. This is pretty straight forward. Make sure the app pool is selected on the application's property page as well. Setting up this new app pool will create a new w3wp process for the application (and anything else in the pool) which runs in the context of the new account.
If there is not a domain in place, the new account will need to be created locally on each machine with identical username and password. Windows' security mechanisms will automatically try it's current context against the remote resource.
If there continues to be an issue, check the Application and System event logs, and if need be turn on security auditing (specifically logon failure) auditing on the remote and local machines.