locked
Creating a virtual directory with IIS and IUSR permissions RRS feed

  • Question

  •  Hi.

    I’ve found an issue when creating a Virtual Directory in a new directory, has anyone else experienced the same problem? Here’s what I’ve done:

    * As the default web site directory is on the c: drive, I wanted to create a new share on the d: drive. I did this remotely using the Connector, set the permissions so I could copy the files in, and copied them across.

    * Within the Connector I couldn’t see anything to create the Virtual Directory, but knowing how easy it is to do this in Windows Server 2003, I decided to sign on directly to the machine (as opposed to going via the Connector) and set it up there.

    * So in IIS I set up the Virtual Directory to point to the relevant directory in the new share I’d created, and realising that the anonymous user wouldn’t have access to the new share, set the new share to allow access for the ‘IUSR’ account.

    * This is all working perfectly.


    That is, until the machine is rebooted. At that point the share no longer allows access to the ‘IUSR’ account, and I have to manually add it in again. I’m assuming that this is because I didn’t grant access for the ‘IUSR’ account via the Connector, and it does some sort of re-syncing of permissions from an internal source to the physical share when booting up.

    My question is, how can I allocate access for a share to a system account from within the Connector? They just don’t get listed in there.

    I can’t help feeling I should be using some sort of IIS add-in though; is there such a thing? Part of me would still prefer to get onto the actual machine to carry out the work but there you go ;-)

    Thanks in advance.

    • Moved by Ken WarrenModerator Sunday, November 2, 2008 4:42 PM dev-related question (Moved from Windows Home Server Software to Windows Home Server Add-Ins and Developer Information)
    Sunday, November 2, 2008 10:36 AM

Answers

  • You should take a look at the Windows Home Server SDK and the Developer Guidelines document. Probably, you'll find it easier (read possible) to do what you want if you use application folders, as detailed in the SDK.

    Windows Home Server isn't designed to be used as a general purpose server, and what you're running into is one result of that design philosophy.

    I'm not on the WHS team, I just post a lot. :)
    Sunday, November 2, 2008 4:41 PM
    Moderator

All replies

  • Hello,
    I assume this is, because fiddling with NTFS permissions in shares folder on D: drive brings nothing good, as WHS console is the only place to manage shares permissions properly (which do not include IUSR account of the machine, only the normal users).
    If you wish to perform such unsupported actions, stay outside of the volumes controlled by WHS and create a shared folder on a volume, which is not part of the storage pool.
    You could also experiment with adding the IUSR account to one of the local groups on the server, which has the wanted permissions, but this may open a security gap and cause unwanted side effects.
    Best greetings from Germany
    Olaf
    Sunday, November 2, 2008 12:20 PM
    Moderator
  • Pelboy said:

     Hi.

    I’ve found an issue when creating a Virtual Directory in a new directory, has anyone else experienced the same problem? Here’s what I’ve done:

    * As the default web site directory is on the c: drive, I wanted to create a new share on the d: drive. I did this remotely using the Connector, set the permissions so I could copy the files in, and copied them across.

    * Within the Connector I couldn’t see anything to create the Virtual Directory, but knowing how easy it is to do this in Windows Server 2003, I decided to sign on directly to the machine (as opposed to going via the Connector) and set it up there.

    First, although the underlying OS is Windows Server 2003, there are other apps on top of it that make up WHS, so you would be advised not to treat it as Server 2003 (otherwise you may inadvertently trash your OS by running built-in apps that would normally work with Server 2003, forcing you to re-install and perhaps permanently lose data as well).  That warning when you logon to the server desktop is there for a reason.  :)

    Pelboy said:

    * So in IIS I set up the Virtual Directory to point to the relevant directory in the new share I’d created, and realising that the anonymous user wouldn’t have access to the new share, set the new share to allow access for the ‘IUSR’ account.

    * This is all working perfectly.

    That is, until the machine is rebooted. At that point the share no longer allows access to the ‘IUSR’ account, and I have to manually add it in again. I’m assuming that this is because I didn’t grant access for the ‘IUSR’ account via the Connector, and it does some sort of re-syncing of permissions from an internal source to the physical share when booting up.

    Correct.

    Pelboy said:

    My question is, how can I allocate access for a share to a system account from within the Connector? They just don’t get listed in there.

    You can't.  As Olaf said, you could try adding the user to the groups from Server 2003, but it's unsupported and you do so at your own risk.

    Pelboy said:

    I can’t help feeling I should be using some sort of IIS add-in though; is there such a thing?
     

    The only IIS-like add-in I know of is Whiist, but I don't think that will help you with what you want to accomplish.

    Pelboy said:

    Part of me would still prefer to get onto the actual machine to carry out the work but there you go ;-)

    Thanks in advance.



    Sunday, November 2, 2008 2:49 PM
    Moderator
  • You should take a look at the Windows Home Server SDK and the Developer Guidelines document. Probably, you'll find it easier (read possible) to do what you want if you use application folders, as detailed in the SDK.

    Windows Home Server isn't designed to be used as a general purpose server, and what you're running into is one result of that design philosophy.

    I'm not on the WHS team, I just post a lot. :)
    Sunday, November 2, 2008 4:41 PM
    Moderator