IIS server error 40.1 access denied due to ACL

On 7 Jan 2004 08:10:48 -0800, camping41 DeleteThis @hotmail.com (Terence Spencer)
wrote:

 >Hi all,
 >I am running IIS 6.0 on a Win2003 server. I created a new website
 >called abc.com which is situated under e:\content\web\abc directory
 >structure.
 >NTFS permissions are as follow: Everyone is allowed full access to ABC
 >folder which does not inherit permissions from parent folder.
 >Read Permissions are given via the IIS and scripts are allowed to run.
 >There are no deny rules in any of the parent folders above ABC.
 >I am not using the default IUser account, I created a new one on the
 >DC.
 >Everyone is suppose to have access to the site (anonymous access is
 >enabled) and integrated windows authentication is active, however only
 >the administrators can access the website.
 >
 >Can anyone help????

Use Filemon to track it down :

HOWTO: Track "Permission Denied" Errors on DLL Files
<a style='text-decoration: underline;' href="http://support.microsoft.com/?id=286198" target="_blank">http://support.microsoft.com/?id=286198</a>


Regards,

Paul Lynch
MCSE<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS server error 40.1 access denied due to ACL 

On 7 Jan 2004 08:10:48 -0800, camping41.DeleteThis@hotmail.com (Terence Spencer)
wrote:

 >I am running IIS 6.0 on a Win2003 server. I created a new website
 >called abc.com which is situated under e:\content\web\abc directory
 >structure.
 >NTFS permissions are as follow: Everyone is allowed full access to ABC
 >folder which does not inherit permissions from parent folder.
 >Read Permissions are given via the IIS and scripts are allowed to run.
 >There are no deny rules in any of the parent folders above ABC.
 >I am not using the default IUser account, I created a new one on the
 >DC.
 >Everyone is suppose to have access to the site (anonymous access is
 >enabled) and integrated windows authentication is active, however only
 >the administrators can access the website.
 >
 >Can anyone help????

Sure. First, learn a little more about using groups in Windows. The
group "Everyone" is just that, a group. It may or may not include
every account on the system, and by default the IUSR/IWAM accounts
aren't part of that group. So assigning access to "Everyone" just
opens access to all those you didn't want to let in, and ignores the
ones you did.

Next, the IUSR account is a local account. Changing from the default
one set up at install to a domain account can add problems, most
notably that you may have to manage permissions and passwords on your
own. Plus now, anyone compromising your system is doing so with
domain level accounts.

Third, if you use Windows Authentication on an intranet, IE will pass
credentials only if it believes the system actually is on the same
network. As in being listed in the intranet zone in IE's security
tab.

And lastly, post the errors in full. Include event viewer entries, as
well as log file snippets where relevant. You've chnaged quite a few
parameters and now it doesn't work, but you don't say if you changed
all that before it ever worked or not.

Jeff<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS server error 40.1 access denied due to ACL