Group Policy and Framework permissions.

Posted on 2011-10-05
Last Modified: 2012-05-12
We are installing a new web server on a windows 2008 Server R2.   Our web pages are failing because of write permissions on the ASP.NEt temporary file directory.   If I go in and reset the permissions on the directory so that all users have write access everything works okay for about an hour.  It then seems as if the GPO is being applied and the permissions keep getting reset.

The Domain Group Policy is on a Windows 2003 server which is still our Primary Domain Controller.

We do not seem to have this problem on our old web server which is also Windows 2003 server. How can I update the permissions or modify the group policy so that my permissions do not get reset?

Question by:paulfree
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    add the users i.e. default web site  and the app pools to the their own OU and then apply policy as per that group
    LVL 26

    Expert Comment

    Want to try changing the temp location?

    Related Link:
    Process and request identity in ASP.NET

    Excerpt from the above KB article:
    Note If you change the machine.config to save the ASP.NET temporary files in a different location, the ASPNET account must have the List Folder Contents access type on the root level of the drive.

    >> You want to move this server out of the GPO?


    Author Comment

    I am not sure about moving it out of the GPO.  I have turned this over to the company that developed the web app.  It was running fine on my Windows 2003 server and the same exact web site is running into this problem on the Windows 2008 R2 server.

    I am not very familiar with the inards of GPO and Framework so I think I will just let the developer sort things out.  
    LVL 26

    Accepted Solution

    > Check out if you can move the server out of the current-OU to a location to any other servers-OU
    Normally the DCs OU will not have the GPOs prevented from any other normal GPO settings which are meant for desktops (other computers)
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    the above kb article is not relevant .. web sites now show up in the 'users' folder with iis 7 and above, windows 2003 uses iis 5.x
    LVL 26

    Expert Comment

    My Plan\thought was
    - To try and move the temp-directory for the out of the default location to some other drives.
    IMO, the default temp location is: (similar to the following)
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files


    Note: On my Windows 2008 machine, i dont see the following XML configuration
    (tempDirectory) as per the my machine.config files.

    Author Closing Comment

    I moved all of my servers to a separate OU and turned off inheritance. Now each server is using the local rather than the domain group policy which seems to have done the trick,

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now