Re: IIS Problem

Michael E. Hanson ( )
Tue, 22 Apr 1997 11:34:40 -0500

Actually, its better this way.

Just to keep the permissions separate, create a user ID which will only be
used for the purpose of access "virtual directories" on another machine.
Make sure its a domain user id, not a local user id. For discussion lets
call it "INETServer"

On the machine where the directory actually resides, share the directory
and give "INETServer" access to the share (full control at this level).

Set the access permissions for the directory appropriately. Unless you're
writing to the directory (say from a CGI script or ISAPI DLL) I'd recommend
giving "INETServer" only Read and Execute permissions, but if you're
writing to it give it Read, Write, Execute, and Delete. Then give the IIS
anonymous user (IUSR_servername) Read and Execute to both the share and the

Now configure IIS for the virtual directory, and specify the shared
directory by its UNC (NOT by a mapped drive letter) e.g.
\\MyOtherServer\FredsWebRoot. When you do this, IIS Manager opens up
another pair of fields for you to specify the userID and password to be
used to access the share, Enter "INETServer" and its password.

Stop and restart IIS to make sure it picks up the permissions correctly,
and check to make sure there are no errors. You should be good to go at
this point.

Michael E. Hanson
President, Gryphon Consulting Services
1508 J.F. Kennedy Dr. Suite 207-4
Bellevue, NE 68005-3642
(402) 292-7401

> >I try to map a virtual directory which is on another server and I
> >consistently get an Access Denied error. It doesn't matter which box
> >or drive or folder that I try to map to, I get the same message. FAT
> >or NTFS makes no difference.
> >
> >The only virtuals that I can successfully map are on the same machine
> >as IIS.
> Correct. What user is the IIS service running as? Remember, SERVICES
> not have access to the mapped drives that logged-on users do, unless you
> really tweak the config. I'm not SURE about this, but you may be able
> have IIS run as a specific user in the domain, and then refer to the
> drives by server name, so long as that user has access to log onto THAT
> and that directory.