Re: Virtual Directory - Permission Denied with fso CopyFile

From: Barry (no_one_at_home.net)
Date: 09/10/04 

Date: Fri, 10 Sep 2004 11:18:24 -0400

David,

In answer to your questions:
1. The fso.CopyFile is server side. The pdf generation is on our server as
well as the copying of the file to the archive directory.
2. Domain Admins, Enterprise Admins, Everyone and IUSR_<machinename> have
all privledges on the filesystem
3. Everyone has full control, change and read for the share

-I've setup the site to use the IUSR_<machinename> in the "Connect As"

I went through all these steps and I'm still getting the access denied
error.

Any ideas?

Thanks,
Barry

"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:u25%23DKxlEHA.3520@tk2msftngp13.phx.gbl...
> Access denied with filesystems indicates that the identity executing the
> CopyFile does not have permissions on the named remote resource. Thus,
you
> need to clearly describe your settings such that you can determine what
the
> identity is, and what the permissions are. Please clarify the following:
>
> 1. Is Fso.CopyFile executed as client-side script or server-side script
> (i.e. is the PDF copied from the user's machine to the archive server, or
> from the web server to the archive server).
> 2. What are the ACLs of the Filesystem namespace mapped to the UNC share
> 3. What are the ACLs of the UNC share itself
>
> "Connect As" only affects IIS retrieving resources from remote servers,
> while Fso.CopyFile is script executed by a ScriptEngine with no relation
to
> "Connect As". Based on your current description, you should:
> 1. Set "Connect As" to be the IUSR. Make sure this IUSR account exists on
> both web server and archive server and has the same credentials (i.e. you
> can use either two identically named local accounts with synchronized
> passwords, or a single domain account).
> 2. Set the ACLs of the FileSystem namespace to allow Write & Modify access
> to IUSR (if server-side script) or the individual remote authenticated
user
> (if client-side script)
> 3. Set the ACLs on the UNC share to Everyone:Full. This allows you to
> control access with purely filesystem ACLs without the confusion of the
UNC
> share ACLs
>
> I suggest reading this URL for more info on how UNC shares work.
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Barry" <no_one@home.net> wrote in message
> news:ekqu4LnlEHA.3988@tk2msftngp13.phx.gbl...
> I have 2 servers running win2k, one is a web server and the other is going
> to be an archive server. The process would be that a user generates a pdf
> report, and then they would choose to archive the report in which the file
> would then be copied to the archive directory.
>
> Both servers are running win2k which is currently my test servers and my
> live servers will be win2k3. I've setup the archive directory for sharing
> and given everyone all permissions except full control. I've setup the
> virtual directory within my site using \\<ip>\archive, where the connect
as
> has been setup using my username/password (I'm a domain admin, this is too
> wide open, but I'm just trying to get it to work for now). The site is
> using anonymous access. I've even given the archive directory anonymous,
> everyone and iusr_machinename sharing and security permission for all
> permissions except full control.
>
> The problem that I'm running into is when a user selects save, I create a
> FileSystemObject and use the CopyFile function to which I get a permission
> denied error.
>
> Any ideas?
>
> Thanks,
> Barry
>
>
>
>

Relevant Pages

  • Re: Enabling telnet, ftp, pop3 for root...
    ... Many users do not have a functional knowledge of ACLs, of those that do, they find them very confusing, because the repercussions of them leaves something else entirely open for analysis. ... If you want to argue Windows 2k/2k3 Server verses Windows NT Server 3.51, you can argue until you're blue in the face about reasons to upgrade to Windows 2000 Server or 2003 Server over NT 3.51, but I know of at least one place that is still running NT 3.51 as a server. ... This is a bit of an exaggeration, as I don't expect someone wanting help with that system will be on Usenet; however, with UNIX systems, the capability to deal with sudo is more common then the capability to deal with ACLs. ... And there could be performance reasons in the choice of a filesystem, depending on the content of the filesystem. ...
    (alt.os.linux)
  • Re: write with cURL
    ... execute permissions. ... of potential security risks from other users on the same server. ... I made this suggestion because their web host appears to run Apache ... risk to allow Apache's group write access, since all PHP scripts ran ...
    (alt.php)
  • RE: Windows 2003 Server - Everyone Group
    ... this folder only accessable by the users in the "special" group. ... Configure User and Group Access on an Intranet in Windows Server ... NTFS files system permissions control ... group that you want to set permissions for, click Check Names to verify the ...
    (microsoft.public.win2000.networking)
  • Fail DBD::Mysql 4.003 installation
    ... This test requires a running server and write permissions. ... permissions, then retry. ... Failed 9/9 tests, 0.00% okay ...
    (perl.dbi.users)
  • Re: write with cURL
    ... execute permissions. ... of potential security risks from other users on the same server. ... I made this suggestion because their web host appears to run Apache ... risk to allow Apache's group write access, since all PHP scripts ran ...
    (alt.php)
Loading