Thursday, July 7, 2011

Solving permissions problems where IIS Application Pool cannot read a file.

Occasionally when setting up a new site in a host environment you'll run across an error like: "Cannot read configuration file due to insufficient permissions"

Sometimes all you need to do is add security permissions for IIS_IUSRS to read the directory, I've also needed to grant the application pool user permissions before.

To see the application pool user you need to do something similar to the following command.


icacls C:\inetpub\wwwroot\mysite\ /grant:r "IIS APPPOOL\defaultapppool":(OI)(CI)(RX)

Then when we check the security settings, yay we have the option to grant more permissions.


More information about icacls:
http://ss64.com/nt/icacls.html
http://technet.microsoft.com/en-us/library/cc753525(WS.10).aspx