Group Policy and Framework permissions.

We are installing a new web server on a windows 2008 Server R2.   Our web pages are failing because of write permissions on the ASP.NEt temporary file directory.   If I go in and reset the permissions on the directory so that all users have write access everything works okay for about an hour.  It then seems as if the GPO is being applied and the permissions keep getting reset.

The Domain Group Policy is on a Windows 2003 server which is still our Primary Domain Controller.

We do not seem to have this problem on our old web server which is also Windows 2003 server. How can I update the permissions or modify the group policy so that my permissions do not get reset?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
add the users i.e. default web site  and the app pools to the their own OU and then apply policy as per that group
Want to try changing the temp location?

Related Link:
Process and request identity in ASP.NET

Excerpt from the above KB article:
Note If you change the machine.config to save the ASP.NET temporary files in a different location, the ASPNET account must have the List Folder Contents access type on the root level of the drive.

>> You want to move this server out of the GPO?

paulfreeAuthor Commented:
I am not sure about moving it out of the GPO.  I have turned this over to the company that developed the web app.  It was running fine on my Windows 2003 server and the same exact web site is running into this problem on the Windows 2008 R2 server.

I am not very familiar with the inards of GPO and Framework so I think I will just let the developer sort things out.  
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

> Check out if you can move the server out of the current-OU to a location to any other servers-OU
Normally the DCs OU will not have the GPOs prevented from any other normal GPO settings which are meant for desktops (other computers)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David Johnson, CD, MVPOwnerCommented:
the above kb article is not relevant .. web sites now show up in the 'users' folder with iis 7 and above, windows 2003 uses iis 5.x
My Plan\thought was
- To try and move the temp-directory for the out of the default location to some other drives.
IMO, the default temp location is: (similar to the following)
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files


Note: On my Windows 2008 machine, i dont see the following XML configuration
(tempDirectory) as per the my machine.config files.
paulfreeAuthor Commented:
I moved all of my servers to a separate OU and turned off inheritance. Now each server is using the local rather than the domain group policy which seems to have done the trick,
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET App Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.