NT AUTHORITY\Network Service is the default process identity for the
w3wp.exe worker processes under IIS 6.0

To see if this is a permissions problem give the IIS_WPG group full control
over that folder (maybe from Data\ downwards)

Cheers
Ken

[quoted text, click to view]
: Sorry for the double posting but just realised there's a specific news
group for IIS
: Security issues..
:
: ----------
: I've recently upgraded from 2000 Server to 2003 Server and
: I'm trying to track down why one particular application is
: not working fully. It is not displaying one particular
: web page properly and I suspect that the problem is
: security related. I ran the app with FileMon in the
: background and at the point that it fails I get the
: following message in its log.
:
: TIME: 22:44:01
: PROCESS: w3wp.exe:308
: REQUEST: IRP_MJ_CREATE
: PATH: C:\Program Files\WorkgroupMail\Data\tmp\tmpF7F.tmp
: REASON: ACCESS DENIED NT AUTHORITY\NETWORK SERVICE
:
: To try to eliminate the problem I opened secrity right up
: for the app user but I still have the problem. Can anyone
: suggest what I should try next?
:
: TIA
:
: Malcolm
: ----------

I'm not sure what your application does - so I don't know exactly what
folders you need to give permissions to. I just based it on the fact that
the "data" folder contained a "tmp" folder, which implies that's where
temporary working files should go.

You may not need Full Control - maybe only "Change" or similar. However, I
would give this right to the IIS_WPG group. All user accounts that can be
used as process identities for Web App Pools are/should be placed into this
group (that's why it's called the IIS_WPG for Worker Process Group). So
LocalSystem, Network Service, Local Service etc are in there.

Cheers
Ken

[quoted text, click to view]
:
: Thanks Ken. That seems to have worked - but what have I done and is that
the final
: solution? :-) Is it okay to leave it like that or should I narrow the
permissions down?
:
: Malcolm
:
: On Wed, 21 Apr 2004 20:18:59 +1000, "Ken Schaefer"
[quoted text, click to view]
:
: >NT AUTHORITY\Network Service is the default process identity for the
: >w3wp.exe worker processes under IIS 6.0
: >
: >To see if this is a permissions problem give the IIS_WPG group full
control
: >over that folder (maybe from Data\ downwards)
: >
: >Cheers
: >Ken
: