Folder permissions in Windows 2003

Tuesday, February 3, 2004

.NET General

Is there something special in the security approach in Windows 2003 ?

I have really a painful experience with this OS on one server with folder permissions. What I want to do is a really basic thing, an upload folder where users can upload their images.

Works fine on my laptop with WinXP, but there, not a chance. I really tried everything, including giving full control permissions to Everyone on this folder.

I know it's not the best practice, but I can't figure out why it's still not working. The only thing I have 'special' is that the website itself is not under wwwroot, like I usually do in production sites.

Any idea ?

10 Comments

First, what account is the web application running under? IUSR_*, IWAM_*, ASPNET?

Once you find out which one it is running as that is the process you need to give permission to READ/MODIFY(WRITE/CHANGE) to the folder. You might also need to set the WRITE attribute in IIS for the folder (under HOME DIRECTORY).

Give that a try.

Adam Weigert - Tuesday, February 3, 2004 2:20:00 PM

On W2k3, you'll most likely have to give permissions to the IIS_WPG user.

Chris Hynes - Tuesday, February 3, 2004 2:25:00 PM

It's an ASP app, and it's running under IIS anonymous user. The point is that I gave Everyone Full permission (just to try) and nothing happens !

Well thanks for the Write attribute I have to check. But something I didn't post here, is the fact that it was working fine las tweek at the first deployment.

Paschal - Tuesday, February 3, 2004 2:26:00 PM

Actually try granting permissions to the "NT AUTHORITY\NETWORK SERVICE". This is because the ASP.NET worker process identity, which is usually “{machinename}\ASPNET” on IIS5.0 (Windows 2000 and Windows XP) is “NT AUTHORITY\NETWORK SERVICE” on IIS 6.0 (Windows Server 2003)

mike_lorengo@nospam.hotmail.com - Tuesday, February 3, 2004 3:35:00 PM

The problem Mike is this happens with an ASP application, so I am not sure ASPNET is indeed involved in this

Paschal - Tuesday, February 3, 2004 3:55:00 PM

this is all I can think of for things to check.

1 - make sure the PUT HTTP verb is enabled on the folder

2 - make sure IIS knows that users can Write to the folder

3 - check the Advanced Security dialog on the NTFS Security. There's an Effective Permissions tab. Check all the usernames listed above.

4 - try setting the Audit for Failure security settings for the folder, and check the Event Log.

HTH

Alan McBee - Tuesday, February 3, 2004 7:39:00 PM

BTW - I'm not sure about the PUT thing. doh!

->A

Alan McBee - Tuesday, February 3, 2004 7:52:00 PM

Also realize that Deny wins over Allow, if you give Everybody full access it does not overwrite any Deny rights setup (or inherited).

Jerry Pisk - Tuesday, February 3, 2004 9:56:00 PM

If its an ASP.NET app make sure <identity impersonate="true"/> is set in your web.config file

Brian R. James - Wednesday, February 4, 2004 10:14:00 PM

Verify what the SHARE permissions are set to. In windows2003 the default SHARE permissions are set to "everyone" read. This will override the NTFS permissions.

Change the SHARE permission to "everyone" Full Control and then lock it down with NTFS.

Art - Thursday, March 11, 2004 5:13:00 AM

Comments have been disabled for this content.