Solved

Windows Server 2003 - Files not inheriting permissions properly.

Posted on 2008-10-27
13
1,100 Views
Last Modified: 2012-05-05
I have a folder which I've given FULL EVERYTHING access to the IUSR account.

When I copy a new EXE into that folder, the IUSR account shows that it has read/write/execute/modify -- but the FULL radio button is not checked.

Also, IUSR clearly does not have full access to the newly-copied EXE file because IUSR cannot even run the EXE file.

To fix this, I have to click the "Full" button under security on the EXE for the IUSR (internet guest account).



Why wasn't this inherited from the parent folder?

Why is it showing that IUSR has read/write/execute/modify on the EXE, but it can't even execute the file?


I suspect windows has some special "behavior" for the IUSR account. Any thoughts on how I can combat this? I want to be able to copy the EXE into that folder knowing that it will gain the permissions of the parent folder.

Thanks.
0
Comment
Question by:hamlin11
  • 6
  • 6
13 Comments
 
LVL 4

Assisted Solution

by:Syncromind
Syncromind earned 480 total points
ID: 22818824
I really dont know so much about the IUSR account, but you might first go to properties of the folder, security tab, advanced, and uncheck the "inherit permissions...." from parent folder, when warning appears, select "copy".

After that check the last checkbox, that enables propagation of security setting on child objects and containters and apply.

If that doesnt solves,please tell me and I will search a little more info for you.

Hope it helps.
0
 
LVL 4

Assisted Solution

by:majidhajali
majidhajali earned 20 total points
ID: 22819329
check the owner of the file. maybe your administrator user account isn't the owner of the file and so you can't change permissions properly.
0
 

Author Comment

by:hamlin11
ID: 22834487
Syncromind,

This didn't work. I still get the same behavior. I suspect that there are some global "deny" privileges set for the IUSR account that get automatically propagated to the file. And to the best of my knowledge, a global deny will trump a parent "allow".

Any ideas?
0
 
LVL 4

Expert Comment

by:Syncromind
ID: 22834556
can you print screen the security tab of that folder , the advanced security tab and the owner tab information?
0
 

Author Comment

by:hamlin11
ID: 22835147
sync, please see attachment descriptions for each screen shot

ee1.png
ee2.png
ee3.png
ee4.png
ee5.png
ee6.png
ee7.png
ee8.png
0
 
LVL 4

Assisted Solution

by:Syncromind
Syncromind earned 480 total points
ID: 22835282
Ok, now we are fine. With that screnshots, you can see that IUSR have full controll. It is a normal behaviour that Full control, and the "replace permission entries on child objects" doesnt stay checked on. That is normal.

What I can say is that ISUR account (respecting to ntfs permissions) have a valid rights assignment.

So you should begin to look in otherside the reason of your problem. What kind of ee file is that? Is that a frameworks.net builded exe file?
With some intermediate languajes, you need speciall permissinos defined in DCOM components configuration, because windows wont allow to execture the intermediate lenguaje from  network unless you specify it on the frameworks control.

Besides it, what errorare you having when you try to execute the file from the iusr account?
You might have execute permissions, and .exe added on MIME types on IIS server to allow you execute that kind of files.

0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:hamlin11
ID: 22835610
Sync,

The EXE is a .NET framework 3.5 file generated by VB 2008 compiler.

I do not get an error report anywhere -- not in the windows log files or in the PHP error log. I am using php's exec() or shell_exec() to execute the app. The behavior of that function is to return nothing if the application fails to start.

I'm not familiar enough wither either DCOM or MIME types on IIS Server to successfully implement what you suggested in your last two paragraphs.

Can you be a little more specific for me? Thanks
0
 
LVL 4

Assisted Solution

by:Syncromind
Syncromind earned 480 total points
ID: 22835759
try the following:
put that exe file on a network shared folder, and try to execute that exe file from network.
You might have a error, because frameworks doesnt allows that.
I can help you to find hot to run .net exe files from network, but it will be a little more difficult, and I have to search more info for it and I am at work at this moment.
try that to see if that is the error, is that is the case, I suggest you begin a new question, where more skilled people in .net frameworks network policies, would help you.

Hope it helps!!!
0
 

Author Comment

by:hamlin11
ID: 22835966
I would try that but I cannot, because it is a dedicated web server at some misc. point in the world (i have no idea where).

Do you have any other ideas?
0
 
LVL 4

Assisted Solution

by:Syncromind
Syncromind earned 480 total points
ID: 22836130
But how do you access the server? if you have remote desktop connection, or vpn connection with administrative prvileges, you should connect via vpn an write:
\\serverinternalip\sharename  in a browser and you will access.

Anyway, as I told you, i really suggest you to post a thread in programming, to deploy the programm execution using the .net frameworks configuration utility. I really dont remember exactly how to do that, and i am not sure what kind of changes has .net 3.5 regarding this issue.

0
 

Author Comment

by:hamlin11
ID: 22836369
I connect view remote desktop. How do I do what you're saying via remote desktop?

Thanks
0
 
LVL 4

Accepted Solution

by:
Syncromind earned 480 total points
ID: 22837079
How you connect to the ermote desktop.?

If you dont dial a vpn connection to make remote desktop, you cannot try the last suggestiion.
If that is the case, please try posting a comment on programming section, asking about how to execute a .net frameworks 3.5 file from an web application using IUSR account.
Sorry, but I dont know so hard of programming, elseway I would help you more.
0
 

Author Closing Comment

by:hamlin11
ID: 31510588
Thanks for the try
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
OfficeMate Freezes on login or does not load after login credentials are input.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now