Solved

Folder Permissions in Win 2008 for IIS 7.5 to Show Web Pages

Posted on 2013-05-13
2
591 Views
Last Modified: 2013-05-13
I have a web server running Windows 2008 and IIS 7.5

I have 3 developers, Tom, Dick & Harry, each with their own folder, and each with multiple websites underneath:

e:\tom\site1\
e:\tom\site2\

e:\dick\site3\
e:\dick\site4\

e:\harry\site5\
e:\harry\site6\

This is an Active Directory environment.

What I want to do is this...

Only Tom can access the e:\tom folder
Only Dick can access the e:\dick folder
Only Harry can access the e:\harry folder

I've done this by removing the general "Domain Users" from these 3 folders and that works fine.  Via Remote Desktop, they can all see the E: drive but can't get into each others folders.  That's good.

However, now when I try to access the sites via a web browser, I'm getting 500 internal errors.  I'm thinking it is security related, since that is the only thing I changed.

What "Object Type" / User do I need to add back in so these directories can be "surfed" ?

Keep in mind, I don't want the developers (outside contractors) to be able to access each other's folders & get source code.

I remember in older Windows / IIS there was IUSR_ and IWAM_ but I don't see those anymore...

Thanks
0
Comment
Question by:drgdrg
2 Comments
 
LVL 10

Accepted Solution

by:
CSIPComputing earned 500 total points
Comment Utility
Is it practical to do this the other way round and put a DENY on the folders.

e.g. C:\Tom - DENY Dick and Harry etc.

This should allow the sites to be viewed by everyone else.

Alternatively, create a "user" account for your web sites (i.e. recreate the IUSR account)
Give that account read-only access to the folders
Create a custom application pool , and set the identity that the application pool runs as the IUSR account you just created.~
Make the relevant web sites run as the new application pool, and you should be back in business. (you may need to restart the websites or application pool).

Hope that helps!
0
 
LVL 1

Author Closing Comment

by:drgdrg
Comment Utility
Thanks.  Adding the IUSR back in did it.  The problem was what, because I was in active directory, it kept offering user accounts from AD only.  When I told it to look in the local machine, IUSR was there... I chose that and voila.

Thanks
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now