Re: Virtual Directory - Permission Denied with fso CopyFile

From: Barry (no_one_at_home.net)
Date: 09/23/04 

Date: Thu, 23 Sep 2004 09:17:59 -0400

Finally figured this one out.

We created a new user instead of using the INETUSR_MachineName and
everything is working fine now. Thanks for your help.

Barry

"Barry" <no_one@home.net> wrote in message
news:Of5vpl0lEHA.3428@TK2MSFTNGP11.phx.gbl...
> David,
>
> In answer to your questions:
> 1. The fso.CopyFile is server side. The pdf generation is on our server
as
> well as the copying of the file to the archive directory.
> 2. Domain Admins, Enterprise Admins, Everyone and IUSR_<machinename> have
> all privledges on the filesystem
> 3. Everyone has full control, change and read for the share
>
> -I've setup the site to use the IUSR_<machinename> in the "Connect As"
>
> I went through all these steps and I'm still getting the access denied
> error.
>
> Any ideas?
>
> Thanks,
> Barry
>
>
>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:u25%23DKxlEHA.3520@tk2msftngp13.phx.gbl...
> > Access denied with filesystems indicates that the identity executing the
> > CopyFile does not have permissions on the named remote resource. Thus,
> you
> > need to clearly describe your settings such that you can determine what
> the
> > identity is, and what the permissions are. Please clarify the
following:
> >
> > 1. Is Fso.CopyFile executed as client-side script or server-side script
> > (i.e. is the PDF copied from the user's machine to the archive server,
or
> > from the web server to the archive server).
> > 2. What are the ACLs of the Filesystem namespace mapped to the UNC share
> > 3. What are the ACLs of the UNC share itself
> >
> > "Connect As" only affects IIS retrieving resources from remote servers,
> > while Fso.CopyFile is script executed by a ScriptEngine with no relation
> to
> > "Connect As". Based on your current description, you should:
> > 1. Set "Connect As" to be the IUSR. Make sure this IUSR account exists
on
> > both web server and archive server and has the same credentials (i.e.
you
> > can use either two identically named local accounts with synchronized
> > passwords, or a single domain account).
> > 2. Set the ACLs of the FileSystem namespace to allow Write & Modify
access
> > to IUSR (if server-side script) or the individual remote authenticated
> user
> > (if client-side script)
> > 3. Set the ACLs on the UNC share to Everyone:Full. This allows you to
> > control access with purely filesystem ACLs without the confusion of the
> UNC
> > share ACLs
> >
> > I suggest reading this URL for more info on how UNC shares work.
> >
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx
> >
> > --
> > //David
> > IIS
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > //
> > "Barry" <no_one@home.net> wrote in message
> > news:ekqu4LnlEHA.3988@tk2msftngp13.phx.gbl...
> > I have 2 servers running win2k, one is a web server and the other is
going
> > to be an archive server. The process would be that a user generates a
pdf
> > report, and then they would choose to archive the report in which the
file
> > would then be copied to the archive directory.
> >
> > Both servers are running win2k which is currently my test servers and my
> > live servers will be win2k3. I've setup the archive directory for
sharing
> > and given everyone all permissions except full control. I've setup the
> > virtual directory within my site using \\<ip>\archive, where the connect
> as
> > has been setup using my username/password (I'm a domain admin, this is
too
> > wide open, but I'm just trying to get it to work for now). The site is
> > using anonymous access. I've even given the archive directory
anonymous,
> > everyone and iusr_machinename sharing and security permission for all
> > permissions except full control.
> >
> > The problem that I'm running into is when a user selects save, I create
a
> > FileSystemObject and use the CopyFile function to which I get a
permission
> > denied error.
> >
> > Any ideas?
> >
> > Thanks,
> > Barry
> >
> >
> >
> >
>
>