Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Folder Permissions in Win 2008 for IIS 7.5 to Show Web Pages

Posted on 2013-05-13
2
Medium Priority
?
598 Views
Last Modified: 2013-05-13
I have a web server running Windows 2008 and IIS 7.5

I have 3 developers, Tom, Dick & Harry, each with their own folder, and each with multiple websites underneath:

e:\tom\site1\
e:\tom\site2\

e:\dick\site3\
e:\dick\site4\

e:\harry\site5\
e:\harry\site6\

This is an Active Directory environment.

What I want to do is this...

Only Tom can access the e:\tom folder
Only Dick can access the e:\dick folder
Only Harry can access the e:\harry folder

I've done this by removing the general "Domain Users" from these 3 folders and that works fine.  Via Remote Desktop, they can all see the E: drive but can't get into each others folders.  That's good.

However, now when I try to access the sites via a web browser, I'm getting 500 internal errors.  I'm thinking it is security related, since that is the only thing I changed.

What "Object Type" / User do I need to add back in so these directories can be "surfed" ?

Keep in mind, I don't want the developers (outside contractors) to be able to access each other's folders & get source code.

I remember in older Windows / IIS there was IUSR_ and IWAM_ but I don't see those anymore...

Thanks
0
Comment
Question by:drgdrg
2 Comments
 
LVL 10

Accepted Solution

by:
CSIPComputing earned 2000 total points
ID: 39162218
Is it practical to do this the other way round and put a DENY on the folders.

e.g. C:\Tom - DENY Dick and Harry etc.

This should allow the sites to be viewed by everyone else.

Alternatively, create a "user" account for your web sites (i.e. recreate the IUSR account)
Give that account read-only access to the folders
Create a custom application pool , and set the identity that the application pool runs as the IUSR account you just created.~
Make the relevant web sites run as the new application pool, and you should be back in business. (you may need to restart the websites or application pool).

Hope that helps!
0
 
LVL 1

Author Closing Comment

by:drgdrg
ID: 39162227
Thanks.  Adding the IUSR back in did it.  The problem was what, because I was in active directory, it kept offering user accounts from AD only.  When I told it to look in the local machine, IUSR was there... I chose that and voila.

Thanks
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question