Hello
Machine: Windows Vista Business, standalone machine (no domain).
Installed an old classic ASP webapplication in IIS7, running under a new app.pool with 'NETWORK SERVICE' account (using existing app.pool gives same results).
This webapplication tries to write to a log file.
Used Process Monitor (from Sysinternals) for monitoring purposes.
Logged in to my machine as 'MYPC\danny', a local account that's a member of the administrators group.
Test 1 and 2: webapp only uses 'windows authentication' .
Test 3: only 'anonymous authentication' with the default IUSR account
Test 4: only 'anonymous authentication' running under the same account that I'm currently logged in with, so 'MYPC\danny'.
1) start internet explorer normally => creating or writing fails => user is 'NETWORK SERVICE' impersonating 'MYPC\danny'
2) start internet explorer with the 'run as administrator' option => creating or writing succeeds => user is 'NETWORK SERVICE' impersonating 'MYPC\danny'
3) start internet explorer normally => creating or writing succeeds => user is 'NETWORK SERVICE' impersonating 'IUSR'
4) start internet explorer normally => creating or writing succeeds => user is 'NETWORK SERVICE' impersonating 'MYPC\danny'
Here are the detailed results from Process monitor:
1) 21320 15:21:26,323927 1 w3wp.exe 5940 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log ACCESS DENIED Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: MYPC\danny NT AUTHORITY\NETWO RK SERVICE
2) 19096 15:22:00,672166 0 w3wp.exe 5940 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: MYPC\danny, OpenResult: Created NT AUTHORITY\NETWO RK SERVICE
3) 22581 15:40:12,793263 6 w3wp.exe 5940 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: NT AUTHORITY\IUSR, OpenResult: Created NT AUTHORITY\NETWO RK SERVICE
4) 58762 14:28:20,014496 9 w3wp.exe 5740 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: MYPC\danny, OpenResult: Created NT AUTHORITY\NETWO RK SERVICE
In test 1 ALL write actions fail (no matter what folder, Foxpro tries to create some temp. tables, this also only fails with test 1).
All read actions succeed.
In all other cases everthing always works.
Giving every possible user and every possible group every possible right to that folder makes no difference.
My question: can anybody explain test case 1, how can this possibly happen ????
Thanks for any help.
Machine: Windows Vista Business, standalone machine (no domain).
Installed an old classic ASP webapplication in IIS7, running under a new app.pool with 'NETWORK SERVICE' account (using existing app.pool gives same results).
This webapplication tries to write to a log file.
Used Process Monitor (from Sysinternals) for monitoring purposes.
Logged in to my machine as 'MYPC\danny', a local account that's a member of the administrators group.
Test 1 and 2: webapp only uses 'windows authentication' .
Test 3: only 'anonymous authentication' with the default IUSR account
Test 4: only 'anonymous authentication' running under the same account that I'm currently logged in with, so 'MYPC\danny'.
1) start internet explorer normally => creating or writing fails => user is 'NETWORK SERVICE' impersonating 'MYPC\danny'
2) start internet explorer with the 'run as administrator' option => creating or writing succeeds => user is 'NETWORK SERVICE' impersonating 'MYPC\danny'
3) start internet explorer normally => creating or writing succeeds => user is 'NETWORK SERVICE' impersonating 'IUSR'
4) start internet explorer normally => creating or writing succeeds => user is 'NETWORK SERVICE' impersonating 'MYPC\danny'
Here are the detailed results from Process monitor:
1) 21320 15:21:26,323927 1 w3wp.exe 5940 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log ACCESS DENIED Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: MYPC\danny NT AUTHORITY\NETWO RK SERVICE
2) 19096 15:22:00,672166 0 w3wp.exe 5940 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: MYPC\danny, OpenResult: Created NT AUTHORITY\NETWO RK SERVICE
3) 22581 15:40:12,793263 6 w3wp.exe 5940 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: NT AUTHORITY\IUSR, OpenResult: Created NT AUTHORITY\NETWO RK SERVICE
4) 58762 14:28:20,014496 9 w3wp.exe 5740 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: MYPC\danny, OpenResult: Created NT AUTHORITY\NETWO RK SERVICE
In test 1 ALL write actions fail (no matter what folder, Foxpro tries to create some temp. tables, this also only fails with test 1).
All read actions succeed.
In all other cases everthing always works.
Giving every possible user and every possible group every possible right to that folder makes no difference.
My question: can anybody explain test case 1, how can this possibly happen ????
Thanks for any help.
Comment