IIS: internet guest account & inheriting permissions

Hi

I had to uninstall & reinstall IIS (v5.1).

Now, with Visual Interdev 6.0, I am hitting a strange permissions
problem. I have set up the security permissions on c:\inetpub for
(1) the Internet Guest Account [computername\IUSR_computername], and
(2) for the Launch IIS Process Account [computername
\IWAM_computername]

I have set them both up for Full Control access on the inetpub folder.
Under the Advanced button options, I have the inherit permissions
button ticked.

In Visual Interdev, I create a new project. It creates the folder in
the wwwroot directory, but then bombs out with an error when it gets
to putting files into the web directory, such as the global.asa file.
The error message it gives is:
"Unable to add file C:\DOCUME~1\Sean\My Documents\Visual Studio
Projects\TEST\global.asa to HTTP:/localhost/TEST/"

(shouldn't that be HTTP:// ?)

It then gives the same message for the file seach.htm, and then gives
an error message
"Unexpected error encountered while copying Script Library files to
server : "

*** It must surely be a permissions problem, because if I look at the
security permissions tab for the TEST directory in wwwroot, the IWAM
account has Full Access Control ticked and greyed out (inherited?).
BUT, the IUSR account has NO permissions - it hasn't inherited
anything. Why not? If I add permissions, then it lets me add a file to
the directory in Interdev, but then I have to do this for each & every
directory - aaargh!

Weirdly enough, after hitting the error messages, the _private,
_ScriptLibrary and images folders ARE created in the TEST directory in
wwwroot. The hidden _vti_pvt directory is also there with files (eg.
service.lck) in it. Same permissions as the TEST directory though -
i.e. no permission for the IUSR account.

How do I set this up correctly to fix this problem?

Many thanks
Sean

Re: internet guest account & inheriting permissions

thats really weird... it sounds like your using FPSE to deploy (pretty sure
thats what is used) and since the rest of the stuff is getting deployed ok i
would assume the security is setup correctly. is there already a global.asa
that its trying to overwrite? did you check the permissions of that file?

I think your problem might be with the path its trying to deploy to, but
that would be odd considering half of its sent ok and the other half isnt...
but your right, it is missing a / and thats fairly important...

have you tried to create new project and do a test deploy to see if its a
project problem? i think it might be more a workstation issue and less of a
server/IIS issue... i would try a new project and if possible try a new
project from a different workstation...

Justin



wrote in message
news:1193819530.854978.102230@y42g2000hsy.googlegroups.com.. .
> Hi
>
> I had to uninstall & reinstall IIS (v5.1).
>
> Now, with Visual Interdev 6.0, I am hitting a strange permissions
> problem. I have set up the security permissions on c:\inetpub for
> (1) the Internet Guest Account [computername\IUSR_computername], and
> (2) for the Launch IIS Process Account [computername
> \IWAM_computername]
>
> I have set them both up for Full Control access on the inetpub folder.
> Under the Advanced button options, I have the inherit permissions
> button ticked.
>
> In Visual Interdev, I create a new project. It creates the folder in
> the wwwroot directory, but then bombs out with an error when it gets
> to putting files into the web directory, such as the global.asa file.
> The error message it gives is:
> "Unable to add file C:\DOCUME~1\Sean\My Documents\Visual Studio
> Projects\TEST\global.asa to HTTP:/localhost/TEST/"
>
> (shouldn't that be HTTP:// ?)
>
> It then gives the same message for the file seach.htm, and then gives
> an error message
> "Unexpected error encountered while copying Script Library files to
> server : "
>
> *** It must surely be a permissions problem, because if I look at the
> security permissions tab for the TEST directory in wwwroot, the IWAM
> account has Full Access Control ticked and greyed out (inherited?).
> BUT, the IUSR account has NO permissions - it hasn't inherited
> anything. Why not? If I add permissions, then it lets me add a file to
> the directory in Interdev, but then I have to do this for each & every
> directory - aaargh!
>
> Weirdly enough, after hitting the error messages, the _private,
> _ScriptLibrary and images folders ARE created in the TEST directory in
> wwwroot. The hidden _vti_pvt directory is also there with files (eg.
> service.lck) in it. Same permissions as the TEST directory though -
> i.e. no permission for the IUSR account.
>
> How do I set this up correctly to fix this problem?
>
> Many thanks
> Sean
>

Re: internet guest account & inheriting permissions

Hi Justin

I'm using XP Pro on my laptop. The IIS is installed on my laptop, and
I develop in Visual Interdev on the same laptop (no "workstations"). I
dont use FPSE explicitly, although it has to be installed to do what
I'm doing, as I understand it.

If I create a new project, it stumbles on the global.asa file & the
search.htm file. The subfolders (and any files therein) seems to be
ok.

I'm getting around it now by explicitly setting the IUSR_ permissions
on every folder via Windows Explorer. Not really an ideal situation
though! Once I've set the permissions, it seems to work fine, though.
So it just seems to be a permissions inheritance issue on WindowsXP,
when interacting with IIS.

(I'm posting this to the security_admin newsgroup - hope that's ok!)

Thanks
Sean

Re: internet guest account & inheriting permissions

So, are you on an AD? i would say its one of two thing.... either your not
on an AD or your not an admin of the machine..

i know you can setup user accounts for FPSE but, im an admin on all of my
machines and they are all in a domain...

because FPSE uses HTTP i think because you dont have any accounts set your
running in to this problem... so if your not in an AD your only option is to
use the FPSE account stuff, which i dont know how to use at all, or if you
have AD going on make your AD account an admin on the machine..

Justin

wrote in message
news:1193914209.147006.322300@50g2000hsm.googlegroups.com...
> Hi Justin
>
> I'm using XP Pro on my laptop. The IIS is installed on my laptop, and
> I develop in Visual Interdev on the same laptop (no "workstations"). I
> dont use FPSE explicitly, although it has to be installed to do what
> I'm doing, as I understand it.
>
> If I create a new project, it stumbles on the global.asa file & the
> search.htm file. The subfolders (and any files therein) seems to be
> ok.
>
> I'm getting around it now by explicitly setting the IUSR_ permissions
> on every folder via Windows Explorer. Not really an ideal situation
> though! Once I've set the permissions, it seems to work fine, though.
> So it just seems to be a permissions inheritance issue on WindowsXP,
> when interacting with IIS.
>
> (I'm posting this to the security_admin newsgroup - hope that's ok!)
>
> Thanks
> Sean
>

Re: internet guest account & inheriting permissions

Hi Justin

What is an AD?

Thanks for your help.

Sean

Re: internet guest account & inheriting permissions

Active Directory, a central place for user accounts and authentication.

Justin

wrote in message
news:1193927743.047553.101790@o38g2000hse.googlegroups.com.. .
> Hi Justin
>
> What is an AD?
>
> Thanks for your help.
>
> Sean
>