« Previous Next »

• 10-28-2009, 1:07 PM

  Fresh0razoR Joined on 10-28-2009, 4:55 PM Posts 2

  IIS behaves strange... Reply Contact  Hello everyone!  I just have set up a clean install of Server 2008 Web Edition. The only changes I made was, removing any ASP stuff and installing CGI(FastCGI) for php. This worked fine in folder inetpub\wwwroot. Static files and php-files as well were shown (and processed) perfectly. PHP worked fine. Then I wanted to change to physikal folder ("inetpub\wwwroot") to a new folder on my desktop ("http"). So I deleted everything in inetpub (except of the temp folder, it was write-protected - why?) . Then I deleted the default website in IIS and the default application pool. Then I created a new Website (a new pool was created automatically). Since then, I always get HTTP ERROR 401.3 and cannot access this page from anywhere. How can this be? Can you help me? Thank you!!  regards Fresh

• 10-28-2009, 7:58 PM

  In reply to

  lextm Joined on 10-22-2008, 12:18 AM Shanghai, PRC Posts 1,413

  Re: IIS behaves strange... Reply Contact First, never delete critical files under inetpub. Folders such as adminscripts, custerr, logs, history, temp have their usage. For example, IIS writes temporary files into temp folder. Second, 401.3 means IIS cannot access the new web site content folder as permissions are not enough. If you did not delete wwwroot, you can check its security settings and compare to the new folder.  I suggest you start all over again from another clean install. Regards, Lex Li Support Engineer at Microsoft --------------------------- This posting is provided "AS IS" with no warranties, and confers no rights.

• 10-28-2009, 10:11 PM

  In reply to

  Fresh0razoR Joined on 10-28-2009, 4:55 PM Posts 2

  Re: IIS behaves strange... Reply Contact  thanks for your response!  reinstalling windows is no option, it's a hosted virtual server. reinstalling would cost 40$. but: I have deleted all features and roles and reinstalled them. now the folders are back. but: how can I check with icacls (or whatever) which rights the IUSR-User has (which seems to be the one who accesses the folder and files by iis)?? or more important: how can I delete ALL rights of this user and set them new to go sure, that the user has only rights I explicit allow? I really want to start with "no rights for everyone" and give the rights only were necessary...  thank you!! regards Christian

• 10-28-2009, 11:12 PM

  In reply to

  lextm Joined on 10-22-2008, 12:18 AM Shanghai, PRC Posts 1,413

  Re: IIS behaves strange... Reply Contact Hi, An approach to maximum security is not bad. But we only have a KB article documenting IIS 6 necessary things, http://support.microsoft.com/kb/812614 There is no IIS 7 version, which means you need to be very careful. I think for the content folder, the following rights are necessary, Inetpub\wwwroot (or content directories) Administrators Full control Inetpub\wwwroot (or content directories) System Full control Inetpub\wwwroot (or content directories) IIS_WPG Read, execute Inetpub\wwwroot (or content directories) IUSR Read, execute Inetpub\wwwroot (or content directories) ASPNET (See Note 2.) Read, execute The flexibility here is you may remove IUSR if anonymous is disable or you use another account (but that account in turn needs the permissions). This also applies to ASPNET. Lex Li Support Engineer at Microsoft --------------------------- This posting is provided "AS IS" with no warranties, and confers no rights.