Windows Server 2003 - Files not inheriting permissions properly.

I have a folder which I've given FULL EVERYTHING access to the IUSR account.

When I copy a new EXE into that folder, the IUSR account shows that it has read/write/execute/modify -- but the FULL radio button is not checked.

Also, IUSR clearly does not have full access to the newly-copied EXE file because IUSR cannot even run the EXE file.

To fix this, I have to click the "Full" button under security on the EXE for the IUSR (internet guest account).



Why wasn't this inherited from the parent folder?

Why is it showing that IUSR has read/write/execute/modify on the EXE, but it can't even execute the file?


I suspect windows has some special "behavior" for the IUSR account. Any thoughts on how I can combat this? I want to be able to copy the EXE into that folder knowing that it will gain the permissions of the parent folder.

Thanks.
hamlin11Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SyncromindCommented:
I really dont know so much about the IUSR account, but you might first go to properties of the folder, security tab, advanced, and uncheck the "inherit permissions...." from parent folder, when warning appears, select "copy".

After that check the last checkbox, that enables propagation of security setting on child objects and containters and apply.

If that doesnt solves,please tell me and I will search a little more info for you.

Hope it helps.
0
majidhajaliCommented:
check the owner of the file. maybe your administrator user account isn't the owner of the file and so you can't change permissions properly.
0
hamlin11Author Commented:
Syncromind,

This didn't work. I still get the same behavior. I suspect that there are some global "deny" privileges set for the IUSR account that get automatically propagated to the file. And to the best of my knowledge, a global deny will trump a parent "allow".

Any ideas?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

SyncromindCommented:
can you print screen the security tab of that folder , the advanced security tab and the owner tab information?
0
hamlin11Author Commented:
sync, please see attachment descriptions for each screen shot

ee1.png
ee2.png
ee3.png
ee4.png
ee5.png
ee6.png
ee7.png
ee8.png
0
SyncromindCommented:
Ok, now we are fine. With that screnshots, you can see that IUSR have full controll. It is a normal behaviour that Full control, and the "replace permission entries on child objects" doesnt stay checked on. That is normal.

What I can say is that ISUR account (respecting to ntfs permissions) have a valid rights assignment.

So you should begin to look in otherside the reason of your problem. What kind of ee file is that? Is that a frameworks.net builded exe file?
With some intermediate languajes, you need speciall permissinos defined in DCOM components configuration, because windows wont allow to execture the intermediate lenguaje from  network unless you specify it on the frameworks control.

Besides it, what errorare you having when you try to execute the file from the iusr account?
You might have execute permissions, and .exe added on MIME types on IIS server to allow you execute that kind of files.

0
hamlin11Author Commented:
Sync,

The EXE is a .NET framework 3.5 file generated by VB 2008 compiler.

I do not get an error report anywhere -- not in the windows log files or in the PHP error log. I am using php's exec() or shell_exec() to execute the app. The behavior of that function is to return nothing if the application fails to start.

I'm not familiar enough wither either DCOM or MIME types on IIS Server to successfully implement what you suggested in your last two paragraphs.

Can you be a little more specific for me? Thanks
0
SyncromindCommented:
try the following:
put that exe file on a network shared folder, and try to execute that exe file from network.
You might have a error, because frameworks doesnt allows that.
I can help you to find hot to run .net exe files from network, but it will be a little more difficult, and I have to search more info for it and I am at work at this moment.
try that to see if that is the error, is that is the case, I suggest you begin a new question, where more skilled people in .net frameworks network policies, would help you.

Hope it helps!!!
0
hamlin11Author Commented:
I would try that but I cannot, because it is a dedicated web server at some misc. point in the world (i have no idea where).

Do you have any other ideas?
0
SyncromindCommented:
But how do you access the server? if you have remote desktop connection, or vpn connection with administrative prvileges, you should connect via vpn an write:
\\serverinternalip\sharename  in a browser and you will access.

Anyway, as I told you, i really suggest you to post a thread in programming, to deploy the programm execution using the .net frameworks configuration utility. I really dont remember exactly how to do that, and i am not sure what kind of changes has .net 3.5 regarding this issue.

0
hamlin11Author Commented:
I connect view remote desktop. How do I do what you're saying via remote desktop?

Thanks
0
SyncromindCommented:
How you connect to the ermote desktop.?

If you dont dial a vpn connection to make remote desktop, you cannot try the last suggestiion.
If that is the case, please try posting a comment on programming section, asking about how to execute a .net frameworks 3.5 file from an web application using IUSR account.
Sorry, but I dont know so hard of programming, elseway I would help you more.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hamlin11Author Commented:
Thanks for the try
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.