IIS 7 and Above
WebDAV in IIS 7.0 - authoring rule not working - Access is Denied - b...
Last post Oct 29, 2009 12:48 AM by mlopilato
May 01, 2009 04:45 PM|elk5432|LINK
This is something I was really frustrated by and wanted to share.
I've tried this on two Windows 2008 servers with the same behavior. WebDAV doesn't seem to recognize users in the Administrators group when using authoring rule that specifies user groups (the built in administrator account appears to work though). Haven't
tested it, but maybe it doesn't work for any groups?
What I did:
1) Installed WebDAV 7.5.
2) Created authoring rule that allowed access to content and selected "Specified roles or user groups", added the administrators group.
3) Setup virtual directory in website (/webdav).
4) Attempted to connect from Win XP to webdav folder typing in "net use z: http://websitedomain.com/webdav /user:admin2 password" (admin2 is a user in the administrators group
5) Also couldn't connect using Windows Vista
Got this error Error:
System error 5 has occurred.
Access is denied.
If I change the authoring rule to "All users" or add admin2 into "Specified users" it works like a charm, so it doesn't seem to be an NTFS permissions or Authentication issue.
Is this a bug or am I doing something wrong?
I searched through the forums and didn't really find anything similar, possibly this user had the same problem:
May 01, 2009 04:58 PM|anilr|LINK
Look at this
kb article - also discussed
May 01, 2009 05:20 PM|elk5432|LINK
Good reference, makes sense.
One thing I don't understand though:
Why does specifying the "Administrators" group for the Authoring rule for access as opposed a particular user in the "administrators" group (admin2) act differently? Don't they both have identical permissions?
Also, a warning would be useful given this only applies to the Administrators group and weird circumstances.
May 08, 2009 08:30 PM|anilr|LINK
UAC only applies to administrators group - basically, with UAC, a token for a user who is a member for the administrators group has that group membership partially stripped (deny ACEs still apply, allow ACEs do not). UAC does not apply to any other user/group
- so giving access to any other user/group is not affected by UAC.
UAC is a fact of life on vista+, so an extra warning would be superfluous.
Oct 29, 2009 12:48 AM|mlopilato|LINK
The issue I'm having with IIS7 is this:
Using Visual Studio 2008, I connect to a website, using my username and password(member of Administrators Group) AND given explicit 'Full Control' everything works fine.
If the explicit 'Full Control' is removed, then I'm denied access.
If I attempt to connect using a user not in Admin group, but has 'full control' assigned through 'Advanced Security Settings' for 'This Folder, Subfolders and files'. I'm denied access. Why?
WebDAV and FTP work fine.
What is needed to allow authoring on 1 website for this user?
This server is a public web hosting server with many sites.
I've installed Frontpage Extentions.
Please help me understand this.