IIS permissions settings question

TheMSsForum.com: The Microsoft Software Forum

I have an MS access file residing on a web server that links to a table on a
mapped network drive. The linked table actually resides within another MS
access file that resides on a different server. The file mappings appear
just fine and I can access the linked table on the mapped drive just fine
when I open the table directly in MS Access. However, when the asp page
attempts to access the table I get an error:

x:\mappeddirectory\linked.mdb is not a valid path.

I think it has something to do with the IIS permissions, but I do not know
how to resolve it. Has anyone come across this type of problem and can you
give some direction on what I need to do to resolve the issue? I can't
combine the servers because they serve two independent and isolated
functions, but I need to access the dynamic data in order to provide
trending and historic information.

Thanks in advance for the assistance.
Top

Re: IIS permissions settings question by Ken

Ken
Mon Aug 16 20:02:25 CDT 2004

Drive letters are mapped for the logged on user only. So, if you log on, and
map a drive letter, then that drive letter will be valid for you only - no
other user. IIS is most likely not running your pages under the same user
context, so the drive mapping does not exist. Use a UNC path instead:
\\server\share\

Additionally, what user account IIS is impersonating needs to have access to
the remote share.

Cheers
Ken

"James Victor" <j.victor@besatisfied.com> wrote in message
news:OXbq3D9gEHA.3676@TK2MSFTNGP12.phx.gbl...
>I have an MS access file residing on a web server that links to a table on
>a
> mapped network drive. The linked table actually resides within another MS
> access file that resides on a different server. The file mappings appear
> just fine and I can access the linked table on the mapped drive just fine
> when I open the table directly in MS Access. However, when the asp page
> attempts to access the table I get an error:
>
> x:\mappeddirectory\linked.mdb is not a valid path.
>
> I think it has something to do with the IIS permissions, but I do not know
> how to resolve it. Has anyone come across this type of problem and can
> you
> give some direction on what I need to do to resolve the issue? I can't
> combine the servers because they serve two independent and isolated
> functions, but I need to access the dynamic data in order to provide
> trending and historic information.
>
> Thanks in advance for the assistance.
>
>


Top

Re: IIS permissions settings question by James

James
Tue Aug 17 12:57:54 CDT 2004

Thank you Ken,

Using the UNC path got me passed the "not a valid path" condition. But
somehow I am still missing something. On the remote file that I am linking
to, I navigate to the .mdb file and in the security settings, I give
permission to the remote accessing server (ex.: THATSERVER$
(THENAME\THESERVER$) with full control. Yet I get "The Microsoft Jet
database engine cannot open the file
\\servername\directory\myaccessfile.MDB . It is already opened exclusively
by another user, or you need permission to view its data." When you say,
what user account IIS is impersonating, I presume you mean the name of the
remote server, which would be THATSERVER$ (from the point of view of the
accessed server directory) would it not? Forgive me for being so novice
like on this, I usually only have to deal with single server/single domain
issues. Linking tables within single server domains is a cake walk, but
linking tables accross servers is a new experience for me and I appreciate
your patience.

Thanks
James




"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:Ov30dX$gEHA.644@tk2msftngp13.phx.gbl...
> Drive letters are mapped for the logged on user only. So, if you log on,
and
> map a drive letter, then that drive letter will be valid for you only - no
> other user. IIS is most likely not running your pages under the same user
> context, so the drive mapping does not exist. Use a UNC path instead:
> \\server\share\
>
> Additionally, what user account IIS is impersonating needs to have access
to
> the remote share.
>
> Cheers
> Ken
>
> "James Victor" <j.victor@besatisfied.com> wrote in message
> news:OXbq3D9gEHA.3676@TK2MSFTNGP12.phx.gbl...
> >I have an MS access file residing on a web server that links to a table
on
> >a
> > mapped network drive. The linked table actually resides within another
MS
> > access file that resides on a different server. The file mappings
appear
> > just fine and I can access the linked table on the mapped drive just
fine
> > when I open the table directly in MS Access. However, when the asp page
> > attempts to access the table I get an error:
> >
> > x:\mappeddirectory\linked.mdb is not a valid path.
> >
> > I think it has something to do with the IIS permissions, but I do not
know
> > how to resolve it. Has anyone come across this type of problem and can
> > you
> > give some direction on what I need to do to resolve the issue? I
can't
> > combine the servers because they serve two independent and isolated
> > functions, but I need to access the dynamic data in order to provide
> > trending and historic information.
> >
> > Thanks in advance for the assistance.
> >
> >
>
>


Top

Re: IIS permissions settings question by Ken

Ken
Tue Aug 17 18:52:52 CDT 2004

Hi

I assume you are using an ASP page (but this applies equally to any other
type of page, eg PHP or Perl).

When the request comes in, and the user does not supply any credentials
(because you've enabled/allowed anonymous
authentication), then IIS still needs to impersonate a user account in order
to read the ASP file off the hard disk. Windows doesn't allow "unknown
users" or "non-users" to access files on NTFS partitions - each request for
file access must be in the context of some Windows user account. IIS also
runs this ASP page in this user context - so all file/database access is in
this user context.

So, in IIS you configure an "anonymous user account". By default this is
IUSR_<machinename>. You can view/change this by opening the properties of
your website in IIS Manager, going to the Directory Security tab, hitting
Edit in the anonymous auth section.

Now IUSR_<machinename> is an account that is local to the webserver. You
can't directly assign it permissions to a remtoe resource. Try it if you are
unsure: on the remote server, see if you can explictly add
webserver\IUSR_webservername to any ACL. People think they can get around
this by using Everyone, but if you can't find the account, Everyone isn't
going to help you. Everyone only contains things that are valid in the first
place!

Now, if this is a Windows domain, you can use a domain account as the IIS
anonymous user account. Domain accounts are valid on all machines in the
domain.

If these are two standalone workgroup servers, you will need to create an
account called IUSR_<webservername> on the remote server. You will need to
manually reset the passwords for both of these accounts, so that they are
the same on both servers.

Cheers
Ken

"James Victor" <j.victor@besatisfied.com> wrote in message
news:OUQx8OIhEHA.3980@TK2MSFTNGP12.phx.gbl...
> Thank you Ken,
>
> Using the UNC path got me passed the "not a valid path" condition. But
> somehow I am still missing something. On the remote file that I am
> linking
> to, I navigate to the .mdb file and in the security settings, I give
> permission to the remote accessing server (ex.: THATSERVER$
> (THENAME\THESERVER$) with full control. Yet I get "The Microsoft Jet
> database engine cannot open the file
> \\servername\directory\myaccessfile.MDB . It is already opened
> exclusively
> by another user, or you need permission to view its data." When you say,
> what user account IIS is impersonating, I presume you mean the name of the
> remote server, which would be THATSERVER$ (from the point of view of the
> accessed server directory) would it not? Forgive me for being so novice
> like on this, I usually only have to deal with single server/single domain
> issues. Linking tables within single server domains is a cake walk, but
> linking tables accross servers is a new experience for me and I appreciate
> your patience.
>
> Thanks
> James
>
>
>
>
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> news:Ov30dX$gEHA.644@tk2msftngp13.phx.gbl...
>> Drive letters are mapped for the logged on user only. So, if you log on,
> and
>> map a drive letter, then that drive letter will be valid for you only -
>> no
>> other user. IIS is most likely not running your pages under the same user
>> context, so the drive mapping does not exist. Use a UNC path instead:
>> \\server\share\
>>
>> Additionally, what user account IIS is impersonating needs to have access
> to
>> the remote share.
>>
>> Cheers
>> Ken
>>
>> "James Victor" <j.victor@besatisfied.com> wrote in message
>> news:OXbq3D9gEHA.3676@TK2MSFTNGP12.phx.gbl...
>> >I have an MS access file residing on a web server that links to a table
> on
>> >a
>> > mapped network drive. The linked table actually resides within another
> MS
>> > access file that resides on a different server. The file mappings
> appear
>> > just fine and I can access the linked table on the mapped drive just
> fine
>> > when I open the table directly in MS Access. However, when the asp
>> > page
>> > attempts to access the table I get an error:
>> >
>> > x:\mappeddirectory\linked.mdb is not a valid path.
>> >
>> > I think it has something to do with the IIS permissions, but I do not
> know
>> > how to resolve it. Has anyone come across this type of problem and can
>> > you
>> > give some direction on what I need to do to resolve the issue? I
> can't
>> > combine the servers because they serve two independent and isolated
>> > functions, but I need to access the dynamic data in order to provide
>> > trending and historic information.
>> >
>> > Thanks in advance for the assistance.
>> >
>> >
>>
>>
>
>


Top