I'm using Windows 2008 R2 as a webserer, the machine is part of a domain...

When the directory for each website is provisioned, it's setup with the
following permissions:

IIS APPPOOL\\<site> - READ
SYSTEM - FULL
Administrators - FULL

The website works fine, however whenever I attempt to browse to a newly
created folder in Windows Explorer I get the following:


"You don't currently have permissions to access this folder.

Click Continue to permanently get access to this folder. "


I've tried the following:

i) Running Explorer as Administrator
ii) Adding my domain user to a custom local group and adding FULL
permissions to that folder

Neither got rid of the prompt..

What I'd really like to happen is either no prompt at all, or forcing the
UAC confirmation prompt (UAC is turned on). I really don't want to have
every user receive this prompt, when there could be thousands of folders,
and the ACL's polluted with all this additional rubbish.

Any ideas?



~ Mike

--
--
NOTICE: This email and any file transmitted are confidential and/or legally
privileged and intended only for the person(s) directly addressed. If you
are not the intended recipient, any use, copying, transmission,
distribution, or other forms of dissemination is strictly prohibited. If you
have received this email in error, please notify the sender immediately and
permanently delete the email and files, if any.

Hello Mike,

I suggest to use this forum:
http://social.technet.microsoft.com/...logies/threads

Especially made for IIS 7.5 in 2008 R2.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I'm using Windows 2008 R2 as a webserer, the machine is part of a
> domain...
>
> When the directory for each website is provisioned, it's setup with
> the following permissions:
>
> IIS APPPOOL\\<site> - READ
> SYSTEM - FULL
> Administrators - FULL
> The website works fine, however whenever I attempt to browse to a
> newly created folder in Windows Explorer I get the following:
>
> "You don't currently have permissions to access this folder.
>
> Click Continue to permanently get access to this folder. "
>
> I've tried the following:
>
> i) Running Explorer as Administrator
> ii) Adding my domain user to a custom local group and adding FULL
> permissions to that folder
> Neither got rid of the prompt..
>
> What I'd really like to happen is either no prompt at all, or forcing
> the UAC confirmation prompt (UAC is turned on). I really don't want
> to have every user receive this prompt, when there could be thousands
> of folders, and the ACL's polluted with all this additional rubbish.
>
> Any ideas?
>
> ~ Mike
>

"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911d7b8f8cc1d4cb0a07eae@newsgroup

> Hello Mike,
>
> I suggest to use this forum:
> http://social.technet.microsoft.com/...logies/threads
>
> Especially made for IIS 7.5 in 2008 R2.

Thanks for the response,

It's not actually a IIS7 question though. It's a UAC/ACL issue.

I need to get around that explorer prompt somehow, through setting the ACL's
differently (I guess) or having a way to force a UAC prompt.

~ Mike

"Mike 'Spike' Lovell" <no.email.address.provided@newsgroup> wrote in
message news:OxMfKI0TKHA.1792@newsgroup

>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> news:6cb2911d7b8f8cc1d4cb0a07eae@newsgroup

>> Hello Mike,
>>
>> I suggest to use this forum:
>> http://social.technet.microsoft.com/...logies/threads
>>
>> Especially made for IIS 7.5 in 2008 R2.

>
> Thanks for the response,
>
> It's not actually a IIS7 question though. It's a UAC/ACL issue.
>
> I need to get around that explorer prompt somehow, through setting the
> ACL's differently (I guess) or having a way to force a UAC prompt.
>
> ~ Mike

If it's something you are trying to control access using web-based access
along with NTFS permissions to the website, and not logged on as the
administrator (assuming so since you have administrator in the ACL), then to
allow anonymous access, you will also need the IIS_IUSR account with
Read/Execute, Read and List.

Ace

"Ace Fekay [MCT]" <aceman@newsgroup> wrote in message
news:#8O0Cy7TKHA.1280@newsgroup

> "Mike 'Spike' Lovell" <no.email.address.provided@newsgroup> wrote in
> message news:OxMfKI0TKHA.1792@newsgroup

>>
>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>> news:6cb2911d7b8f8cc1d4cb0a07eae@newsgroup

>>> Hello Mike,
>>>
>>> I suggest to use this forum:
>>> http://social.technet.microsoft.com/...logies/threads
>>>
>>> Especially made for IIS 7.5 in 2008 R2.

>>
>> Thanks for the response,
>>
>> It's not actually a IIS7 question though. It's a UAC/ACL issue.
>>
>> I need to get around that explorer prompt somehow, through setting the
>> ACL's differently (I guess) or having a way to force a UAC prompt.
>>
>> ~ Mike

>
>
> If it's something you are trying to control access using web-based access
> along with NTFS permissions to the website, and not logged on as the
> administrator (assuming so since you have administrator in the ACL), then
> to allow anonymous access, you will also need the IIS_IUSR account with
> Read/Execute, Read and List.

The only problem I have (ignore anything to do with websites), is getting
the above warmomg when logged is as a Domain Admin account (tried both
explorer normally, then explorer run as an administrator).

Both "Domain Admins" and local "Administrators" have full permissions to the
folder.

No UAC prompt (which would be better than the error I first mentioned), and
no ACL setup I'm found that sorts it out (as per first post).

Confused! -:-) I think everyone might be under a false impression to what
I'm saying the problem is, if you re-read the first post it might become
clearer.

~ Mike

"Mike 'Spike' Lovell" <no.email.address.provided@newsgroup> wrote in
message news:uBVBP$$TKHA.5164@newsgroup

>
> "Ace Fekay [MCT]" <aceman@newsgroup> wrote in message
> news:#8O0Cy7TKHA.1280@newsgroup

>> "Mike 'Spike' Lovell" <no.email.address.provided@newsgroup> wrote in
>> message news:OxMfKI0TKHA.1792@newsgroup

>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
>>> news:6cb2911d7b8f8cc1d4cb0a07eae@newsgroup
>>>> Hello Mike,
>>>>
>>>> I suggest to use this forum:
>>>> http://social.technet.microsoft.com/...logies/threads
>>>>
>>>> Especially made for IIS 7.5 in 2008 R2.
>>>
>>> Thanks for the response,
>>>
>>> It's not actually a IIS7 question though. It's a UAC/ACL issue.
>>>
>>> I need to get around that explorer prompt somehow, through setting the
>>> ACL's differently (I guess) or having a way to force a UAC prompt.
>>>
>>> ~ Mike

>>
>>
>> If it's something you are trying to control access using web-based access
>> along with NTFS permissions to the website, and not logged on as the
>> administrator (assuming so since you have administrator in the ACL), then
>> to allow anonymous access, you will also need the IIS_IUSR account with
>> Read/Execute, Read and List.

>
> The only problem I have (ignore anything to do with websites), is getting
> the above warmomg when logged is as a Domain Admin account (tried both
> explorer normally, then explorer run as an administrator).
>
> Both "Domain Admins" and local "Administrators" have full permissions to
> the folder.
>
> No UAC prompt (which would be better than the error I first mentioned),
> and no ACL setup I'm found that sorts it out (as per first post).
>
> Confused! -:-) I think everyone might be under a false impression to
> what I'm saying the problem is, if you re-read the first post it might
> become clearer.
>
> ~ Mike

I assume you've created the child folder (under that folder) in Explorer,
and of course it inherited those permissions. I haven't dwelved into the new
IIS 2008 R2 permissions, but it is possible the AppPool permissions may have
a built-in protection somewhere to even disallow certain permissions
considering it may be a web-based security protection mechanism for anyone
coming in as admin to stop any possibly attempt at control. Therefore,
curious, if you removed the AppPool permissions and create another folder,
does the same thing happen?

Ace