 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / IIS / IIS Security / March 2007Windows 2003 permissions and Process Monitor output
I am configuring MS Access Internet Synchronization which I've done several times on Windows 2003 without issue over the past few years but this I can't get the anonymous user to be able to create files in my dropbox directory. On the surface, this looks to be a permissions issue but I don't understand what the right lever is to fix it. I set up a virtual directory in IIS 6 with read/write privileges and anonymous access using an account I created called IUSR_Dropbox. Using the MS utility bigpost.exe (fetched from Trigeminal), I can overwrite existing files but when creating a new file, it fails with a "404.0 2" error in the IIS log. Using Process Monitor, I can see that it fails with a "FILE NOT FOUND" and here is the output: 19293 12:24:49.2579997 PM w3wp.exe 3720 CreateFile C:\Inetpub\Testdrop \test1.tmp NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Open For Backup, Attributes: RE, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: MYSERVER \IUSR_Dropbox 19294 12:24:49.2583137 PM w3wp.exe 3720 CreateFile C:\Inetpub\Testdrop \test1.tmp NAME NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non- Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: MYSERVER\IUSR_Dropbox Since IUSR_Dropbox has full control, is a member of Users which have full control, and has been assigned to the Administrators group (all these only temporarily for testing ;-), why does CreateFile fail and how can I fix this? At this point, I feel like I've run out of permissions to assign! Other items of interest that may be of use: - special permissions shows "Create File / Write Data" is checked - AccessEnum shows write access to directory for Administrators, NT Authority/System, and Users but does not list IUSR_Dropbox. Is this because IUSR_Dropbox is a membor of Users and Administrators or is this a clue to what is going on? Right clicking on the directory and looking at security, I have confirmed many times that IUSR_Dopbox has full control. - The /testdrop directory is not shared Since I previously set this up on Windows 2003 and manually applied service pack 1, is there some change with Windows 2003 R2 which I am using now? Is there an local security, IIS 6 setting or something else that blocks anonymous users from creating files (remember that I can overwrite an existing one). Thanks! Applying SP2 did not fix the problem. I ended up opening a ticket on this with Microsoft and after several days of making no progress, an uninstall including IIS, SMTP, common files and one of the machine keys (C:\Documents and Settings\All Users\Application Data\Microsoft \Crypto\RSA\MachineKeys) and then a reinstall fixed it. This was the second time IIS was uninstalled/reinstalled and the first time did not fix it but I did not uninstall the common files and SMTP server nor was the machine key deleted. So, I still can't say what was wrong with the configuration out of the box but clearly the only way to fix it was a complete reinstall. HTH, Jim |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.