How to set permissions to modify virtual directories (metabase) from asp.net on Windows 2008 IIS7 without using the build-in administrator account?
We use System.Directoryservices to edit virtual directories from within asp.net pages on our webservers. The script works on Windows 2003 and Vista, but we can't get it to work on Windows 2008. It only works if we use the build-in Administrator account.
Does anyone have an idea how to set the proper permissions to allow a usergroup to have access to change virtual directories from within asp.net pages using impersonation?
The error we get if we don't use the build-in administrator account is:
AppAudit: Root: /
AppAudit: Add virtualdir: en E:\Inetpub\be.cl-cosmetics\beta\xx-xx\ IIS://localhost/W3SVC/7/ROOT
AppAudit: Binding to: IIS://localhost/W3SVC/7/ROOT
Error: System.Runtime.InteropServices.COMException (0x80070005): Access is denied. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_SchemaClassName() at Portalizer.IIS.CreateVirtualDirectory(VirtualDirectory& VD) in F:\UDM\Portalizer2.0\IIS.vb:line 18
If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.