|
Home > Archive > IIS Server > January 2004 > IIS server error 40.1 access denied due to ACL
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IIS server error 40.1 access denied due to ACL
|
|
| Terence Spencer 2004-01-24, 1:37 am |
| Hi all,
I am running IIS 6.0 on a Win2003 server. I created a new website
called abc.com which is situated under e:\content\web\abc directory
structure.
NTFS permissions are as follow: Everyone is allowed full access to ABC
folder which does not inherit permissions from parent folder.
Read Permissions are given via the IIS and scripts are allowed to run.
There are no deny rules in any of the parent folders above ABC.
I am not using the default IUser account, I created a new one on the
DC.
Everyone is suppose to have access to the site (anonymous access is
enabled) and integrated windows authentication is active, however only
the administrators can access the website.
Can anyone help????
| |
| Tom Kaminski [MVP] 2004-01-24, 1:37 am |
| "Terence Spencer" <camping41@hotmail.com> wrote in message
news:6a181ad5.0401070810.5c5fd68f@posting.google.com...quote:
> Hi all,
> I am running IIS 6.0 on a Win2003 server. I created a new website
> called abc.com which is situated under e:\content\web\abc directory
> structure.
> NTFS permissions are as follow: Everyone is allowed full access to ABC
> folder which does not inherit permissions from parent folder.
> Read Permissions are given via the IIS and scripts are allowed to run.
> There are no deny rules in any of the parent folders above ABC.
> I am not using the default IUser account, I created a new one on the
> DC.
> Everyone is suppose to have access to the site (anonymous access is
> enabled) and integrated windows authentication is active, however only
> the administrators can access the website.
Is it a 401.1 or 401.3 error?
--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsser...ty/centers/iis/
| |
| Paul Lynch 2004-01-24, 1:37 am |
| On 7 Jan 2004 08:10:48 -0800, camping41@hotmail.com (Terence Spencer)
wrote:
quote:
>Hi all,
>I am running IIS 6.0 on a Win2003 server. I created a new website
>called abc.com which is situated under e:\content\web\abc directory
>structure.
>NTFS permissions are as follow: Everyone is allowed full access to ABC
>folder which does not inherit permissions from parent folder.
>Read Permissions are given via the IIS and scripts are allowed to run.
>There are no deny rules in any of the parent folders above ABC.
>I am not using the default IUser account, I created a new one on the
>DC.
>Everyone is suppose to have access to the site (anonymous access is
>enabled) and integrated windows authentication is active, however only
>the administrators can access the website.
>
>Can anyone help????
Use Filemon to track it down :
HOWTO: Track "Permission Denied" Errors on DLL Files
http://support.microsoft.com/?id=286198
Regards,
Paul Lynch
MCSE
| |
| Jeff Cochran 2004-01-24, 1:37 am |
| On 7 Jan 2004 08:10:48 -0800, camping41@hotmail.com (Terence Spencer)
wrote:
quote:
>I am running IIS 6.0 on a Win2003 server. I created a new website
>called abc.com which is situated under e:\content\web\abc directory
>structure.
>NTFS permissions are as follow: Everyone is allowed full access to ABC
>folder which does not inherit permissions from parent folder.
>Read Permissions are given via the IIS and scripts are allowed to run.
>There are no deny rules in any of the parent folders above ABC.
>I am not using the default IUser account, I created a new one on the
>DC.
>Everyone is suppose to have access to the site (anonymous access is
>enabled) and integrated windows authentication is active, however only
>the administrators can access the website.
>
>Can anyone help????
Sure. First, learn a little more about using groups in Windows. The
group "Everyone" is just that, a group. It may or may not include
every account on the system, and by default the IUSR/IWAM accounts
aren't part of that group. So assigning access to "Everyone" just
opens access to all those you didn't want to let in, and ignores the
ones you did.
Next, the IUSR account is a local account. Changing from the default
one set up at install to a domain account can add problems, most
notably that you may have to manage permissions and passwords on your
own. Plus now, anyone compromising your system is doing so with
domain level accounts.
Third, if you use Windows Authentication on an intranet, IE will pass
credentials only if it believes the system actually is on the same
network. As in being listed in the intranet zone in IE's security
tab.
And lastly, post the errors in full. Include event viewer entries, as
well as log file snippets where relevant. You've chnaged quite a few
parameters and now it doesn't work, but you don't say if you changed
all that before it ever worked or not.
Jeff
|
|
|
|
|