IIS 7 and Above
Configuration & Scripting
Configuration of IUSR group with IIS7
Last post Jul 29, 2009 09:11 PM by brccabral
Jan 11, 2007 07:24 AM|ecl|LINK
I develop a client/server application which is using IIS7 with Vista.
I would like to change ACL for files and directory of my application.
With IIS6, I use the user group IUSR_<Machine name> which has been replace by IUSR for Vista.
But when I try to add this user group, I cannot find it in WIN32_Account and I don’t know its SID name.
Here is my code :
Set objWMI = GetObject("winmgmts:\\.\root\cimv2")
'Get a collection of Users objects, using ExecQuery
Set colUsers = objWMI.ExecQuery("SELECT * FROM WIN32_Account WHERE Name = IUSR")
'The collection should only have one user in it. Loop through the one user collection
'and create a user object
For Each userName in colUsers
Set objUserName = userName
getInternetUserSID = objUserName.SID
-> The variable colUsers is always empty.
Help will be appreciated.
Jan 12, 2007 05:03 AM|Qbernard|LINK
The IUSR is an built in system account like network services. Not sure how to get its SID, what about granting the iis_iusrs group ?
Jan 16, 2007 09:51 AM|ecl|LINK
Jan 17, 2007 04:44 AM|Qbernard|LINK
Ok, I test it on my vista and this works.
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objAccount = objWMIService.Get _
Since it's a builtin account, it will be short:
network service - S-1-5-20
iusrs - S-1-5-17
iis_iusrs - S-1-5-32-568
It will be the same for your Vista
Jan 17, 2007 12:30 PM|ecl|LINK
It works with my vista
Jul 29, 2009 08:32 PM|brccabral|LINK
This is almost the same problem I have: I want to give 'write' permission to IUSR but I can't find the IUSR account.
I tryed to give the IIS_IUSRS but it didn't work.
It worked when I gave to all users, but it isn't the right thing to do.
So, how do I find the IUSR account?
Jul 29, 2009 09:11 PM|brccabral|LINK
Well, I tryed a lot of things, but the answer I kinda findout myself...
The IUSR account is "NT AUTHORITY\IUSR", the SID is S-1-5-17. I tryed to put it in "Administrators" group but it didn't work.
Under "Administrators" group I had to put the "NT AUTHORITY\Authenticated Users" with SID S-1-5-11.
I hope this help!