0

We have two servers in the Domain (both are running Windows Server 2008)- one hosting the IIS7, and the other having files and folders.

On the IIS7, we have service running as Local System, on FileServer we have a folder shared to Everyone / ReadWrite.

It seems that the Service can't access the given folder.

I figured that the Local System doesn't fall into the "Everyone" category, but I can't setup the Share to be usable to Computer account (as I could in WinServer2003 for example) - simply, when I go to FileSharing to choose the MYSERVERIIS7$ account (the name of the server machine) in the "Object Types" window there's only "Built in security principals", "Users", "Groups" - no "Computers" as it was before.

How can I make this work? Note that I would like the service to remain running as Local System, not some new user account.

veljkoz
  • 157
  • 3
  • 8
  • Have you set similarly loose filesystem permissions as well as share permissions? – SmallClanger May 10 '11 at 10:59
  • Yes, I found the Computer account there and added it with no problems... now that I look at this issue from another angle, is it possible that UAC on IIS7 server is causing the problems? – veljkoz May 10 '11 at 11:35
  • hmm I've seen this before so I tested it again on a w2k8r2 and the computers object is there. wonder if its w2k8 issue. – tony roth May 10 '11 at 14:37
  • try this add to the share the domain computer group - full (not sure if you need full) then set the ntfs perms for the machineaccount$. – tony roth May 10 '11 at 14:40

1 Answers1

1

I'm assuming IIS is on machineA, and it's trying to access the share on machineB? When accessing network resources with IIS set to "Local System", it uses a NULL account, rather than a specified account. I believe since WinXP SP2, Anonymous (or NULL) is not included in the "Everyone" security principal. This means you have to use the "ANONYMOUS LOGON" for it to get access. The other alternative is to use network service instead. This should force it into the "Everyone" group.

Jon Angliss
  • 1,782
  • 10
  • 8
  • I think we tried like a gazillion things, so now I'm not sure what helped, but I guess it's this :) Thx – veljkoz May 21 '11 at 21:56