|
Home > Archive > IIS Server Security > March 2006 > Moved to new server, I_USR not showing
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Moved to new server, I_USR not showing
|
|
| Joey Martin 2006-03-15, 5:54 pm |
| I moved web server (from Server 2003 Standard to Server 2003 Web
Edition).
I noticed that permissions hasve changed some under IIS. My asp page
uses FileSystemObject to write file. My old server, this worked fine.
I have verified that WRITE permission is enabled under IIS. But, Under
PERMISSIONS, I noticed that I_USR is missing. When I add it, my WRITE
command works. On my old server, the I_USR shows that it's inheriting
rights from the parent. What would be the parent directory under IIS? I
looked under Windows Explorer and the main directory does not have
I_USR. Ideas??
*** Sent via Developersdex http://www.codecomments.com ***
| |
| David Wang [Msft] 2006-03-16, 7:49 am |
| http://blogs.msdn.com/david.wang/ar...Permission.aspx
Write permission in IIS has no bearing on FileSystemObject being able to
Write a file. As the blog describes, they are two separate concepts that
users frequently mix up.
So, all you did was enable WebDAV. Fortunately, WebDAV is disabled by
default in Web Service Extensions. Whew; IIS6's defense in depth just saved
you from your mistake.
As for "missing IUSR" -- IIS never gives NTFS WRITE permission to IUSR, so
you are basically asking why a custom configuration on your old server was
not present on the new server. I can only point at the man in the mirror for
this misconfiguration.
There are no ACL differences between Windows Server 2003 Standard and
Windows Server 2003 Web. It's the same IIS6 binaries. Any difference you
observe is either user-initiated or inherited from an upgrade. Maybe your
Windows Server 2003 Standard server was an upgrade from NT4 or Windows
2000 -- upgrades will preserve old crusty ACLs. I always clean install and
then migrate sites for the best possible experience. IIS6 security settings
are different between Upgrade and Clean install, with Clean install the most
secure.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Joey Martin" <joey@kytechs.com> wrote in message
news:uuZ%23o4GSGHA.4792@TK2MSFTNGP14.phx.gbl...
>I moved web server (from Server 2003 Standard to Server 2003 Web
> Edition).
>
> I noticed that permissions hasve changed some under IIS. My asp page
> uses FileSystemObject to write file. My old server, this worked fine.
>
> I have verified that WRITE permission is enabled under IIS. But, Under
> PERMISSIONS, I noticed that I_USR is missing. When I add it, my WRITE
> command works. On my old server, the I_USR shows that it's inheriting
> rights from the parent. What would be the parent directory under IIS? I
> looked under Windows Explorer and the main directory does not have
> I_USR. Ideas??
>
>
>
> *** Sent via Developersdex http://www.codecomments.com ***
| |
| joey@kytechs.com 2006-03-16, 5:52 pm |
| So, please help me out here please so I do this the right way. I have a
script where people can create a website test drive. It takes a folder
online, copies it to a new location with a new folder name, and then
writes a "custom" file with that users information into that new
directory. It now errors on creating the new file.
Where do I need to give WRITE permissions so that this can be done
on-the-fly? On my old server, each of these newly created folder had
WRITE access given to the IUSR account. It states the permission was
inherited from C:\, but I do not see it there. I cannot figure out
where it's inheriting it from.
On the new server, IUSR does not show under the SECURITY list, and
cannot write a file to this folder.
Thanks!
| |
| David Wang [Msft] 2006-03-17, 7:50 am |
| Your question concerns Windows Security/NTFS ACL and not IIS - I recommend
you rephrase your question in those newsgroups (microsoft.public.security)
to get an understanding of what you are trying to do and then do it
yourself.
Unfortunately, I cannot help you do it the right way because:
1. I cannot take responsibility for how your custom provisioning code works
2. You are relying on custom ACL configuration not setup by IIS
3. You need to know what you are setting up
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
<joey@kytechs.com> wrote in message
news:1142537818.483069.198220@z34g2000cwc.googlegroups.com...
> So, please help me out here please so I do this the right way. I have a
> script where people can create a website test drive. It takes a folder
> online, copies it to a new location with a new folder name, and then
> writes a "custom" file with that users information into that new
> directory. It now errors on creating the new file.
>
> Where do I need to give WRITE permissions so that this can be done
> on-the-fly? On my old server, each of these newly created folder had
> WRITE access given to the IUSR account. It states the permission was
> inherited from C:\, but I do not see it there. I cannot figure out
> where it's inheriting it from.
>
> On the new server, IUSR does not show under the SECURITY list, and
> cannot write a file to this folder.
>
> Thanks!
>
|
|
|
|
|