I was asked the following, totally normal sysadmin question; will the Internet Information Service at a given server be allowed to write to a network-mapped folder. Whoa.
Had this been Linux, it would have been an easy one, but since it was Windows, it instead turned into a Valuable Learning Experience.
Through some creative googling and a wee bit of experimentation, here’s how, on a Windows 2003 or XP, using IIS 6.
First we need the Internet Information Services (or is it Server?) management interface.
· Open Start menu à Administrative tools à IIS Manager
Then we need to know which Application Pool runs a given Web Site, marked relevant web site below:
· Click your way: IIS Manager à server name à Web Sites à relevant web site [right-click] à Properties
· Relevant Web Site Properties à Home Directory à Application Settings à Application Pool à Which Application Pool
On a one-site server, this may turn out to be default application pool DefaultAppPool. Oh if things were more exciting J
Now we’ll figure out who runs That Application Pool:
· IIS Manager à server name à Application Pools à That Application Pool [right-click] à Properties.
· ThatAppPool Properties à Identity à The Service Account You Are Looking For
Again, on a one-site server, it just might be Network Service. There is something in me that rings a small alert bell that this may not be the most secure of options. If some security guru knows better, please do leave a comment!
Alright, now we’ll need to check whether That Service Account has proper rights.
· Open Windows Explorer on My Computer and right-click the folder you want to examine à Properties
· From the Security Tab, click Advanced, and on the popped up dialog box, choose Effective Permissions
· Press the Select button, fill in That Service Account and press Enter
The Effective Permissions will now be displayed.
Phew. Easy as algebra.
Post a Comment