Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 599
  • Last Modified:

Folder Permissions in Win 2008 for IIS 7.5 to Show Web Pages

I have a web server running Windows 2008 and IIS 7.5

I have 3 developers, Tom, Dick & Harry, each with their own folder, and each with multiple websites underneath:

e:\tom\site1\
e:\tom\site2\

e:\dick\site3\
e:\dick\site4\

e:\harry\site5\
e:\harry\site6\

This is an Active Directory environment.

What I want to do is this...

Only Tom can access the e:\tom folder
Only Dick can access the e:\dick folder
Only Harry can access the e:\harry folder

I've done this by removing the general "Domain Users" from these 3 folders and that works fine.  Via Remote Desktop, they can all see the E: drive but can't get into each others folders.  That's good.

However, now when I try to access the sites via a web browser, I'm getting 500 internal errors.  I'm thinking it is security related, since that is the only thing I changed.

What "Object Type" / User do I need to add back in so these directories can be "surfed" ?

Keep in mind, I don't want the developers (outside contractors) to be able to access each other's folders & get source code.

I remember in older Windows / IIS there was IUSR_ and IWAM_ but I don't see those anymore...

Thanks
0
drgdrg
Asked:
drgdrg
1 Solution
 
CSIPComputingCommented:
Is it practical to do this the other way round and put a DENY on the folders.

e.g. C:\Tom - DENY Dick and Harry etc.

This should allow the sites to be viewed by everyone else.

Alternatively, create a "user" account for your web sites (i.e. recreate the IUSR account)
Give that account read-only access to the folders
Create a custom application pool , and set the identity that the application pool runs as the IUSR account you just created.~
Make the relevant web sites run as the new application pool, and you should be back in business. (you may need to restart the websites or application pool).

Hope that helps!
0
 
drgdrgAuthor Commented:
Thanks.  Adding the IUSR back in did it.  The problem was what, because I was in active directory, it kept offering user accounts from AD only.  When I told it to look in the local machine, IUSR was there... I chose that and voila.

Thanks
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now