RE: IUSR and IWAM Permissions
- From: Cowboy (Gregory A. Beamer) - MVP <NoSpamMgbworld@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 15 Mar 2007 09:43:43 -0700
The most likely reason, if it is all directories, is the network admin turned
off anonymous access on the sites in IIS. If so, tell him to turn them back
on, unless your sites are using Windows Authentication only (ie, these are
Intranet applications that serve based on users domain credentials). As you
are getting errors on IUSR and IWAM, you probably have forms auth, which
locks things down.
He could have also whacked the IUSR and IWAM accounts by removing from
groups or resetting policy. If so, you really need the network admin to pull
his head out. Worst case is reinstalling IIS and then spanking an admin. :-)
I would not think someobody would do this, but security changes are often
knee jerk reactions, so this is not impossible.
The other option is to check the ACLs (Access Control lists) on the web
folders (where your virtual directories are pointed to). Most likely he
increased access security on the web folders, or worse, on the entire drive
(which would cascade down). I would put it back on his plate, as he was the
one who did it, but say to him, "did you clamp down on the ACLs on web
directories?" He will either think you have gotten smarter (rare in most
network admins, who think developers are stupid, but worth a shot). :-)
There may be some IWAM and IUSR perms that were whacked even beyond this,
but this is the norm.
If I think of something else, I will post.
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
***************************
Think Outside the Box!
***************************
"Simon Watkins" wrote:
Our server administrators recently changed the permissions of most of our.
servers (you know how it is, the developers had, shock horror, got to know
the domain administrator password, and some decision was made on high to
clamp down on everything)
This consequently has had the effect of rendering our live ASP.NET 2 web
server useless with page requests for .NET sites returning ACL permission
errors.
I ran a few tools and found out that it seems to be the permissions of IUSR
and IWAN. As far as I can tell, they have the correct permissions (we are
running IIS 5 on Windows 2000 Server), but placing these users (temporarily)
inside the administrators group restores access. Obviously I can't leave
them in this group.
I'm 99% this has come about because of the permissions clamp down as we have
a development server that is experiencing identical behaviour. Is it
possible that the use of the Active Directory Manager from the domain
controller has screwed something up to cause this?
We also run Report Server on these servers and this had proved to be a bit
of a headache in the past, so it wouldn't surprise me if this had
contributed either.
Can anyone (hopefully there is an MVP about) give me any pointers as to what
I can do to restore the IWAM and IUSR permissions to their correct settings?
Thanks in advance
--
Simon Watkins
- Follow-Ups:
- Re: IUSR and IWAM Permissions
- From: Simon Watkins
- Re: IUSR and IWAM Permissions
- From: Jamie
- Re: IUSR and IWAM Permissions
- References:
- IUSR and IWAM Permissions
- From: Simon Watkins
- IUSR and IWAM Permissions
- Prev by Date: Re: Link
- Next by Date: Re: How to display page while long-running process executing?
- Previous by thread: IUSR and IWAM Permissions
- Next by thread: Re: IUSR and IWAM Permissions
- Index(es):
Relevant Pages
|
Loading
