Solved

Folder Permissions in Win 2008 for IIS 7.5 to Show Web Pages

Posted on 2013-05-13
2
593 Views
Last Modified: 2013-05-13
I have a web server running Windows 2008 and IIS 7.5

I have 3 developers, Tom, Dick & Harry, each with their own folder, and each with multiple websites underneath:

e:\tom\site1\
e:\tom\site2\

e:\dick\site3\
e:\dick\site4\

e:\harry\site5\
e:\harry\site6\

This is an Active Directory environment.

What I want to do is this...

Only Tom can access the e:\tom folder
Only Dick can access the e:\dick folder
Only Harry can access the e:\harry folder

I've done this by removing the general "Domain Users" from these 3 folders and that works fine.  Via Remote Desktop, they can all see the E: drive but can't get into each others folders.  That's good.

However, now when I try to access the sites via a web browser, I'm getting 500 internal errors.  I'm thinking it is security related, since that is the only thing I changed.

What "Object Type" / User do I need to add back in so these directories can be "surfed" ?

Keep in mind, I don't want the developers (outside contractors) to be able to access each other's folders & get source code.

I remember in older Windows / IIS there was IUSR_ and IWAM_ but I don't see those anymore...

Thanks
0
Comment
Question by:drgdrg
2 Comments
 
LVL 10

Accepted Solution

by:
CSIPComputing earned 500 total points
ID: 39162218
Is it practical to do this the other way round and put a DENY on the folders.

e.g. C:\Tom - DENY Dick and Harry etc.

This should allow the sites to be viewed by everyone else.

Alternatively, create a "user" account for your web sites (i.e. recreate the IUSR account)
Give that account read-only access to the folders
Create a custom application pool , and set the identity that the application pool runs as the IUSR account you just created.~
Make the relevant web sites run as the new application pool, and you should be back in business. (you may need to restart the websites or application pool).

Hope that helps!
0
 
LVL 1

Author Closing Comment

by:drgdrg
ID: 39162227
Thanks.  Adding the IUSR back in did it.  The problem was what, because I was in active directory, it kept offering user accounts from AD only.  When I told it to look in the local machine, IUSR was there... I chose that and voila.

Thanks
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question