We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

fileSystem object and remote permissions

1cell
1cell asked
on
Medium Priority
501 Views
Last Modified: 2006-11-17
You can have every point I've got if you can help me make this work... that's only 224 don't get excited.

<%
set fso = server.CreateObject("scripting.filesystemObject")
listpath = "\\server\listdirectory\"
masterpath = "\\server\masterdirectory\"
scriptpath = "\\server\scriptdirectory\"
fso.CreateFolder listpath
fso.CreateFolder masterpath
fso.CreateFolder scriptpath
%>

I'm getting a permission denied error.  I'm sure it's some kind of user rights issue with IUSER_server but I can't figure it out.  
Comment
Watch Question

Make sure IUSER_server user has all the permission

Commented:
To clarify, navigate to the folder c:\inetpub\wwwroot\listdirectory\ (if you're web app isn't on the root, then it will have a different path). Right click on the folder, choose properties, choose security, click "Add", select the "IUSR_server", and change their permissions to include read, write, and (I believe you'll also need) modify. Repeat this process for the other folders. After you get it working, try removing the modify permissions and see if it still works. The weaker the permissions for IUSR_server (while still being functional), the better.

Author

Commented:
sforcier, to clarify a bit more....  \\server\directory\ is a directory on a remote server.  it's not on the same machine as the web server.

jitganguly, domain\IUSER_server has everything but Delete Subfolders and Files, Change Permissions, and Change Ownership. is ALL really necessary???

Commented:
For this to work the IUser_server account must have permissions to write to the folder and it must have rights to access these directories using the same username and password that the IUSR account has.

Now if that is a problem the solution is to add the paths as virtual directories using the correct password. This would open up the directories to the outside world so turn authentication on for those virtual directories and disable all IP addresses apart from that of the server to block them again.

HTH
Steve

Author

Commented:
mouatts, I let windoze manage the IUSER password.  I don't even know what it is unless I assign it.  I figured if that was managed BY windows that the domain user info would be supplied to other servers.  Do you think I'm wrong about that?

Maybe the virtual directories solution is best.  I didn't really give it much thought because of the security issues but authenticating on IP would work.

Commented:
> I figured if that was managed BY windows that the domain user info would be supplied to other servers.  Do you think I'm wrong about that?

I think so. Certainly looking at my servers the USR account is a local one. The only USR account which is a domain one is for the web server that sits on the domain controller.

Steve

Author

Commented:
well, I tried creating a virtual directory under the existing site but I'm still getting a permission denied error.  In the properties for the virtual directory, I used a user with full permissions to the parent directory and applied them all to all subdirectories.

I can browse the virtual directory through IIS mgr so the password is correct, right?

Author

Commented:
I also got the same result when trying to map a drive letter and do it that way.

Commented:
No you don't want to do it via a drive letter. When you do that it is your account that is allowed access not the IUSR account.
When you create the virtual directory enter the UNC filename and on the next screen it will prompt you for the username and password.

Steve

Author

Commented:
and for that user I can use any user with the permissions to the target directory?

that's what I did, and I've been playing with, but I can't get it to go.

Commented:
Trying restarting IIS it's sometimes a bit of a pig to get this to take. Trust me it works but believe me when I tell you I have spent hours retyping the bloody thing before it seems to connect :(

Steve

Commented:
Just a though you may need the domain name in front of the username eg mydomain/adminsitrator

Author

Commented:
restarted, same error

the domain name is in front of the username.

I was reading an article about duplicate anonymous accounts
http://support.microsoft.com/default.aspx?scid=kb;en-us;184566

Author

Commented:
and this...

http://support.microsoft.com/default.aspx?scid=kb;en-us;169271

I'm gonna see what I can mess up in that direction.
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
HEY! There you go!  Lemme fiddle around with this a bit and make sure I can apply it to my situation.  It worked for my testing purposes.

Author

Commented:
thanks a lot to everybody but sforcier's idea worked very well for me and I'll be able to enforce user level security on it as well so I can implement it per page and not worry about other holes.

Commented:
I'm glad I could help! I just want to reiterate how careful you should be when doing this. Granting an ASP page more power makes it easier to hack. I'm sure you're aware of this, and I'm sure you'll use due dilligence; I just can't stress this point enough.

Author

Commented:
that's what I mean about enforcing user level security.  While the page has permissions, I can set requirements within it by using userLevels that already exist in my app..... so, only specific logged in users can even access the page.  anybody else gets redirected.

you think that's adequate???

Commented:
I don't know that I fully understand what you mean by "user level access" specifically. If you mean disabling anonymous access or using NTFS security on the individual ASP pages, then yes, that should certainly be adequate.

Commented:
I have an asp application that colects images from a folder generated by a scanner. This folder is in a network drive (like \\a_drive\scanner). I wish to move all images from this folder to another folder wich is located in my local server.
Please help...

Commented:
joninhas you will need to post your own question. You can't just piggy back another.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.