| Groups | Blog | Home |
iis security : File WRITE permissions in IIS 5.1/XP SP2
using it for website development. I had the "site" set up for anonymous authentication. I recently upgraded to Windows XP SP2, and it looks like I also got upgraded to IIS 5.1 in the process. After I upgraded, IIS was actually not working correctly, so I uninstalled and reinstalled it. It now appears to be processing ASP scripts correctly, and can read from a database I'm using. However, when I try to WRITE to the database I get an ASP error message saying the DB is read- only. When I use the iis.msc snap-in for the MMC, I configure the folder and file I'm trying to write to to allow write access. But there seems to be a disconnect with setting the NTFS permissions in XP SP2. When I go to explorer and open the "permissions" dialog box for the folder, the "read-only" checkbox has a checkmark in it that is grey, not black (like only part of the folder's contents are read-only). I can deselect the checkbox (i.e., control is not disabled) and choose to apply the new settings to all the files in the directory, then cliick "OK", but when I re-open the properties dialog the checkbox has the grey check in it again. In addition, XP SP2 has a "Web Security" tab that has the same security settings you see in the iis.msc snap-in. But the settings don't necessarily match those you see/set in MMC. I've tried setting these to match the MMC settings, but that didn't work. I'm guessing that XP somehow changed the permissions provided to the IUSR_<servername> anonymous guest account, but not sure how to reset them. The security settings in XP SP2 are totally different than they used to be. Bottom line: I've got a file that I'm trying to write to, but all the new security in SP2 is making it difficult to even allow that. I know others have figured this out by now... what am I missing?
OK, I think I found the problem. For other users who may
see similar issues: It appears that the iis.msc snap-in is not properly communicating with the NTFS file system (the "Web Sharing" tab for a folder's "properties" dialog) to set the read/write permissions correctly, and it has something to do with using the MMC to create a virtual directory instead of using the "Web Sharing" tab to create it. If I create a virtual directory from inside the MMC, the IIS read/write/browse permissions do NOT get synced up with what's showing on the "Web Sharing" tab of the properties dialog. However, I fould that I could fix this problem by working through the NTFS properties dialog: 1. I deleted all the virtual directories in the IIS MMC snap-in 2. Went to explorer, found the folder I wanted to use as my root folder, and used the "Web Sharing" tab to share the file and create a virtual directory (alias). For purposes of this example, call this alias <root>. 3. Went back to IIS.msc in the MMC, and found IIS had also set this as an application (OK for what I wanted). The read/write/browse permissions are also now all synced up between the snap-in and the NTFS system. 4. The folder I wanted to give write access to was actually a sub-folder of my root directory, so I went back to Explorer and told it to also share this one on the web. I gave it an alias of <root>/<this_folder>. 5. IIS once again turned this folder into an application, but I think the forward slash in the alias name screwed up the name for the application... the "application name" was blank, but the "remove" button was active, indicating an application was running. I wanted this folder to run as part of my main application, so I removed the no-name application for this folder only. 6. As with the root folder, the read-write permissions of the sub-folder now look to be synced between IIS.msc and the NTFS system. When I change one, they both update. The interesting part in all this is that creating an alias for the root directory allowed all the sub-directories to have read access, but I could not get write access to any of the sub-directories without specifically telling the NTFS system I wanted to share them on the web. Guessing there's probably a better way to do this, but this workaround seems to be working. At least until Mr Gates puts out another "upgrade" that causes perfectly-good code to quit working... [quoted text, click to view] >-----Original Message-----
>I have Windows XP installed on my home computer, and am >using it for website development. I had the "site" set up >for anonymous authentication. I recently upgraded to >Windows XP SP2, and it looks like I also got upgraded to >IIS 5.1 in the process. > >After I upgraded, IIS was actually not working correctly, >so I uninstalled and reinstalled it. It now appears to be >processing ASP scripts correctly, and can read from a >database I'm using. However, when I try to WRITE to the >database I get an ASP error message saying the DB is read- >only. > >When I use the iis.msc snap-in for the MMC, I configure >the folder and file I'm trying to write to to allow write >access. But there seems to be a disconnect with setting >the NTFS permissions in XP SP2. When I go to explorer and >open the "permissions" dialog box for the folder, >the "read-only" checkbox has a checkmark in it that is >grey, not black (like only part of the folder's contents >are read-only). I can deselect the checkbox (i.e., >control is not disabled) and choose to apply the new >settings to all the files in the directory, then >cliick "OK", but when I re-open the properties dialog the >checkbox has the grey check in it again. > >In addition, XP SP2 has a "Web Security" tab that has the >same security settings you see in the iis.msc snap-in. >But the settings don't necessarily match those you see/set >in MMC. I've tried setting these to match the MMC >settings, but that didn't work. > >I'm guessing that XP somehow changed the permissions >provided to the IUSR_<servername> anonymous guest account, >but not sure how to reset them. The security settings in >XP SP2 are totally different than they used to be. > >Bottom line: I've got a file that I'm trying to write to, >but all the new security in SP2 is making it difficult to >even allow that. I know others have figured this out by >now... what am I missing? > >Thanks in advance! >.
Thanks for the link. After filtering thu it, I found a
MUCH easier solution... The error I was getting was "Microsoft OLE DB Provider for ODBC Drivers (0x80004005) [Microsoft][ODBC Microsoft Access Driver] Cannot update. Database or object is read-only." I knew it was because the folder's write permissions were not set in the NTFS system correctly, but couldn't figure out what XP SP2 had done to change the way these were set. Turns out that in the Explorer/ Tool Menu / Folder Options dialog box it had turned on the "Use Simple File Sharing" checkbox. I uncliked this, went back to the folder's properties dialog box, and now a "Security" tab (the one I'm used to using from past experience) shows up that lets you pick and choose exactly what permissions you're trying to set for the folder for each user. Didn't have to mess with setting up an alias on the "Web Sharing" tab. Just used IIS.MSC. For future readers, the following link helped: http://www.aspfaq.com/show.asp?id=2205 Thanks again! Joel [quoted text, click to view] >-----Original Message-----
>On Tue, 21 Sep 2004 08:49:20 -0700, "Joel" ><anonymous@discussions.microsoft.com> wrote: > >>I have Windows XP installed on my home computer, and am >>using it for website development. I had the "site" set up >>for anonymous authentication. I recently upgraded to >>Windows XP SP2, and it looks like I also got upgraded to >>IIS 5.1 in the process. > >Nope. XP is IIS 5.1, always has been. > >>After I upgraded, IIS was actually not working correctly, >>so I uninstalled and reinstalled it. It now appears to be >>processing ASP scripts correctly, and can read from a >>database I'm using. However, when I try to WRITE to the >>database I get an ASP error message saying the DB is read- >>only. > >Full error messages please. Likely along this line: > >Why do I get database-related 80004005 errors? >http://www.aspfaq.com/show.asp?id=2009 > >Jeff > >>When I use the iis.msc snap-in for the MMC, I configure >>the folder and file I'm trying to write to to allow write >>access. But there seems to be a disconnect with setting >>the NTFS permissions in XP SP2. When I go to explorer and >>open the "permissions" dialog box for the folder, >>the "read-only" checkbox has a checkmark in it that is >>grey, not black (like only part of the folder's contents >>are read-only). I can deselect the checkbox (i.e., >>control is not disabled) and choose to apply the new >>settings to all the files in the directory, then >>cliick "OK", but when I re-open the properties dialog the >>checkbox has the grey check in it again. >> >>In addition, XP SP2 has a "Web Security" tab that has the >>same security settings you see in the iis.msc snap-in. >>But the settings don't necessarily match those you see/set >>in MMC. I've tried setting these to match the MMC >>settings, but that didn't work. >> >>I'm guessing that XP somehow changed the permissions >>provided to the IUSR_<servername> anonymous guest account, >>but not sure how to reset them. The security settings in >>XP SP2 are totally different than they used to be. >> >>Bottom line: I've got a file that I'm trying to write to, >>but all the new security in SP2 is making it difficult to >>even allow that. I know others have figured this out by >>now... what am I missing? >> >>Thanks in advance! > >.
On Tue, 21 Sep 2004 08:49:20 -0700, "Joel"
[quoted text, click to view] <anonymous@discussions.microsoft.com> wrote: >I have Windows XP installed on my home computer, and am >using it for website development. I had the "site" set up >for anonymous authentication. I recently upgraded to >Windows XP SP2, and it looks like I also got upgraded to >IIS 5.1 in the process. Nope. XP is IIS 5.1, always has been. [quoted text, click to view] >After I upgraded, IIS was actually not working correctly, >so I uninstalled and reinstalled it. It now appears to be >processing ASP scripts correctly, and can read from a >database I'm using. However, when I try to WRITE to the >database I get an ASP error message saying the DB is read- >only. Full error messages please. Likely along this line: Why do I get database-related 80004005 errors? http://www.aspfaq.com/show.asp?id=2009 Jeff [quoted text, click to view] >When I use the iis.msc snap-in for the MMC, I configure
>the folder and file I'm trying to write to to allow write >access. But there seems to be a disconnect with setting >the NTFS permissions in XP SP2. When I go to explorer and >open the "permissions" dialog box for the folder, >the "read-only" checkbox has a checkmark in it that is >grey, not black (like only part of the folder's contents >are read-only). I can deselect the checkbox (i.e., >control is not disabled) and choose to apply the new >settings to all the files in the directory, then >cliick "OK", but when I re-open the properties dialog the >checkbox has the grey check in it again. > >In addition, XP SP2 has a "Web Security" tab that has the >same security settings you see in the iis.msc snap-in. >But the settings don't necessarily match those you see/set >in MMC. I've tried setting these to match the MMC >settings, but that didn't work. > >I'm guessing that XP somehow changed the permissions >provided to the IUSR_<servername> anonymous guest account, >but not sure how to reset them. The security settings in >XP SP2 are totally different than they used to be. > >Bottom line: I've got a file that I'm trying to write to, >but all the new security in SP2 is making it difficult to >even allow that. I know others have figured this out by >now... what am I missing? > >Thanks in advance!
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |