Checking and Setting up the Correct Permissions on the IIS Server
If you are using an ASP application, or writing an ASP application, that requires that you write data to a database or a text file then you will need to check and if necessary change the permissions on the server so that you have write as well as read permissions on the directory, and database or text file, you wish to write too.
To check or change the permissions on the server go to Windows Explorer and do the following (for NT and Win 2K users only using NTFS file system, Win XP Pro users see note at bottom): –
1. Right click on the directory containing the database or text file.
2. Click on ‘Properties’.
3. Choose the ‘Security’ tab form the dialog box window.
4. Uncheck ‘Allow inheritable permissions from parent to propagate to this object’, from the bottom of the dialog box.
5. Next, click on the ‘Add’ button at the top left of the window.
Security Properties Dialog Box
6. Next the ‘Select Users or Groups’ dialog box will open, highlight ‘IUSR_MyComputer’ account from the list by clicking on it. Where ‘MyComputer’ is this will be the name of your computer. ‘IUSER’ is the Internet Guest Account setup by default when IIS is installed on the system.
Select Users or Groups Dialog Box
7. Next click on the ‘Add’ button in the middle left of the dialog box. You should then see ‘MyComputer\IUSER_MyComputer’ appear in the box in the bottom half of the dialog box. Again where ‘MyComputer’ is will be the name of your computer.
9. Now click on the ‘OK’ button at the bottom right of the ‘Select Users or Groups’ dialog box.
10. You should now be back at the ‘Security Properties’ dialog box where the top box should now contain the ‘Internet Guest Account (MyComputer\IUSER_MyComputer)’.
11. Highlight the ‘Internet Guest Account (MyComputer\IUSER_MyComputer)’ by clicking on it in the top box.
12. Select ‘Read’ and ‘Write’ permissions for this account by checking the boxes at the bottom of the window (If you are not to worried about security you could check all the boxes to make sure that you have no problems with permissions).
Security Properties Dialog Box
13. Next repeat all the steps above on the database or text file itself, to make sure the database or text file also has the correct permissions.
Windows XP Pro users please note: –
Although the instructions above are for NT4/Win2k it is almost the same in XP Pro, but you must first turn off ‘Simple File Sharing’ from ‘Folder Options’ found in the Control Panel.
Security note: –
For extra security to prevent hackers from downloading Access databases and getting hold of sensitive data like passwords, you should place any Access databases outside of the root of your web site in a private folder that is not accessible using a web browser.
http://www.webwiz.co.uk/kb/asp_knowledgebase/server_permissions.asp
