Recently I was trying to identify what user account was writing a .json file from the web server so we can lock down permissions specifically to that account. Lots of articles reference several accounts like IIS apppool\{pool name} or the iis_iusrs accounts built in. Neither of these accounts were working in our scenario. After turning on file auditing and reviewing the security logs I found a frustrating but simple answer to my question. The account being use is just "iusr" for the write permissions on that file. I granted that account permission to the file specifically needing modified and suddenly it worked as expected. This is the equivalent of "apache" ownership for apache web servers.
No comments:
Post a Comment