Setting security on a folder for a web app

[frederik.ivis]

I'm trying to configure the security settings for a folder. Not getting very far with it.
It is a data folder that will be used by an application running under IIS. This web app needs file create/read/write permission on that folder.

On the machine I'm trialling this, I'm running IIS 7/Win2K8, so IIS is running under the 'NETWORK SERVICE' account.
Ideally, there should be a way to find out what account IIS is running under, but that problem is secondary (although I'd like to know the answer to that too).

The folder that needs the permission set is \Target Computer\Application Folder\Data

I'm setting security through the Project Definition\Files & Folders -> \Target Computer\Application Folder\Data -> properties\permissions

I've tried a few combinations, but the installer fails to install successfully.
(Domain, Username)

[%USERDOMAIN], NETWORK SERVICE --> account doesn't exist (fair enough, it's a local machine account)
[%USERDOMAIN], NetworkService --> account doesn't exist
<blank>, NETWORK_SERVICE --> account doesn't exist (fair enough, it should be with a space, afaik)

NT AUTHORITY, NetworkService --> This fails during install, and logs this 1720 error in the event log.
NT AUTHORITY, NETWORK SERVICE --> This fails during install, and logs this 1720 error in the event log.
<blank>,NETWORK SERVICE --> This fails during install, and logs this 1720 errorin the event log. (this is the account setting I'd intuitively expect to work)
<blank>,NetworkService --> This fails during install, and logs this 1720 errorin the event log.
NT_AUTHORITY, NETWORK SERVICE --> This fails during install, and logs this 1720 errorin the event log.

"Product: TestXYZ Service -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action script error , : Line , Column , "

Pretty much stuck on this one. Any suggestions would be most appreciated.
Is there a variable to indicate the local machine (something like [%localmachine]) in the domain box, is it even required?
Ideally pre-populating the dropdowns with stuff like "the account IIS is running under" this would be really helpful. Equally having groupings of the flags, for standard read/write/full control as described in the help, would be really nice too.
Finally, how do you discover the account IIS is running under?

We really like advanced installer, so much nicer than installshield - but we need this resolved before our trial runs out (in 3 days -sigh), to proceed with our eval successfully.

Cheers,
F.

[Cosmin]

Hi,

On the machine I'm trialling this, I'm running IIS 7/Win2K8, so IIS is running under the 'NETWORK SERVICE' account.
Ideally, there should be a way to find out what account IIS is running under, but that problem is secondary (although I'd like to know the answer to that too).

Please note that the user account under which a web application runs is set in the web application. In the "IIS" page of your project you can use the Authentication tab to configure this. You can also use an application pool with custom identity settings.

Is there a variable to indicate the local machine (something like [%localmachine]) in the domain box, is it even required?

Please note that the domain is not required to set permissions. If a domain is not specified it is determined automatically. Also, each permission requires different options to be checked. For more details please see this article. The Username can be set to:

Code: Select all

NetworkService

Equally having groupings of the flags, for standard read/write/full control as described in the help, would be really nice too.

This improvement is on our TODO list and it will be available in a future version.

we need this resolved before our trial runs out (in 3 days -sigh), to proceed with our eval successfully.

You can obtain another 30 days of trial by installing Advanced Installer on another machine. We can also send you a custom EXE which extends the trial on your current machine. If you are interested please contact us at support at advancedinstaller dot com.

Regards,
Cosmin