cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ISIZBEN
Level 3

Giving IUSR_(user) and IWAM_(user)permissions on a folder

:confused: i was wondering if it's now possible with IS 11.5 to retrieve IWAM and IUSR usernames, and giving an IWAM and/or IUSR permissions on a file or folder?!!! :confused:
Labels (1)
0 Kudos
(8) Replies
sithlord
Level 4

With ISMP this task looks highly unlikely. Could it be that you are targeting MSI/InstallScript? If not, then you would need to either use VBS/C# or JNI to change/access this information.
/.Will
0 Kudos
ISIZBEN
Level 3

sithlord wrote:
With ISMP this task looks highly unlikely. Could it be that you are targeting MSI/InstallScript? If not, then you would need to either use VBS/C# or JNI to change/access this information.
/.Will


Thanks for the help. I found the following script but i donno how to use(in InstallScript MSI project). I managed to add the script as a custom action but i donno what i possibly could do to get the variables out of this VBS and use it while i'm changing a folder's permission property?!
Could u plz help me with this!!???!!! :confused: :confused:

Dim IIsObject, IUSRUserName, IUSRUserPass, IWAMUserName, IWAMUserPass
Set IIsObject = GetObject ("IIS://localhost/w3svc")
IUSRUserName = IIsObject.Get("AnonymousUserName")
IUSRUserName = IIsObject.Get("AnonymousUserPass")
IWAMUserName = IIsObject.Get("WAMUserName")
IWAMUserPass = IIsObject.Get("WAMUserPass")
0 Kudos
sithlord
Level 4

To modify the directory permissions you'd need to run CACLS.EXE. That is what I do currently. Once you get the user name you can pass it to cacls.exe and be done with it. For more info on cacls.exe type cacls.exe /? from dos command prompt.
/.Will


' call cacls routine
Call runCacls(enquotedDirPath, IUSRUserName)

Sub runCacls(baseDir, account)
Dim objShell
Set objShell = WScript.CreateObject("WScript.Shell")

Const SILENTMODE = 7 'do not open any windows
Const PERMS = ":C" ':C is read, write, execute permissions

Dim strCommand
strCommand = "cacls " & baseDir & " /T /E /P " & account & PERMS

Call objShell.Run(strCommand, SILENTMODE)
End Sub

0 Kudos
ISIZBEN
Level 3

thaks for the quick reply, i've managed to put the IUSR/IWAM username info to a set of property values. the problem starts from there....I've tried to make property value from my VBS by using the folowing code line.

Property("IWAMUserName") = IIsObject.Get("WAMUserName")


During the installation i try to call on the property values by using the following code line:

Session.Property("IWAMUserName")


The problem is now that while calling the property value i can put the data i got from the property into a messagebox(directy from the VBS) but cannot use it(or pass it elsewhere) while i'm setting folders permissions(via folder property window).

My property name is for example IWAMUserName and i punt [IWAMUserName] as a property value in the folder property manager window as a user that has permissions on the folder.
After the installation is completed, i check the user permissions of the folder and i see something like BUILTIN\BUILTIN\BUILTIN instead of IWAM_.

The property value seem to the get lost somewhere during the installation process and the funny thing is, i don't get any error that indicates that the property value i'm using is an invalid windows username.....

that's actually what my problem is right now...

and another thing, is it possible to change permissions on certain files using CACLS.EXE?! cause i should change permissions on folders AND files.


thanks again for your quick reply,
and sorry for my bad english 😉
0 Kudos
ISIZBEN
Level 3

I solved the problem...

first i made some properties for IWAM/IUSR user info. then i used the following VBS code(as immidiate action) to get IWAM/IUSR user info from the target System to set the property values i had made before. After doing that i'm able to use the IWAM/IUSR info enywhere i want during the installation process. 😄 😄


Dim IIsObject, IWAMUserName
Set IIsObject = GetObject ("IIS://localhost/w3svc")
Session.Property("IUSRUserName") = IIsObject.Get("AnonymousUserName")
Session.Property("IUSRUserPass") = IIsObject.Get("AnonymousUserPass")
Session.Property("IWAMUserName") = IIsObject.Get("WAMUserName")
Session.Property("IWAMUserPass") = IIsObject.Get("WAMUserPass")



Thaks,
Ben
0 Kudos
sithlord
Level 4

FYI,

I usually get the information straight from the Virtual Directory itself.

'Get handle to an IIsWebVirtualDir IIS ADSI object
Dim website
' findweb code can be found at http://www.iisfaq.com/Default.aspx?tabid=2754
' computer and website are passed in as strings
Set website = findWeb(computer, websiteName)

if ((Not IsObject(website)) Or (Err <> 0)) Then
Call AppendFile(WScript.Arguments(6), ERR_VAL & "Unable to find " & WebsiteName & " on " & computer)
Exit Sub
End If


'Get handle to the virtual root directory
Dim vRoot
Set vRoot = website.GetObject("IIsWebVirtualDir", "Root")

if ((Not IsObject(vRoot)) Or (Err <> 0)) Then
Call AppendFile(WScript.Arguments(6), ERR_VAL & "Unable to access root for " & website.ADsPath)
Exit Sub
End If

'Create/Update the virtual directory named by the 2nd command line parameter to this script
Dim vDir
Set vDir = vRoot.GetObject("IIsWebVirtualDir", dirname)
WScript.Echo "Anonymous user " & vDir.AnonymousUserName

Anyway, I am glad you've solved the issue.
/.Will
0 Kudos
sbrown
Level 6

I needed to add the Internet Guest Account so I created a new property, iisguestacct.
according to http://technet.microsoft.com/en-us/library/bb693984.aspx, guest acct is IUSR_ so I created a custom action to set the new property using IUSR_ComputerName as the value.
Then went into the properties of the folder to set permissions and used my new property as the user and selected my permissions.
Seems to work.
0 Kudos
sbrown
Level 6

Ran into a problem with some of out VMs. They are clones and the account is the original computers name. Had to set the property using the code from this thread:
Dim IIsObject, IUSRUserName
On error resume next
Set IIsObject = GetObject ("IIS://localhost/w3svc")
IUSRUserName = IIsObject.Get("AnonymousUserName")
'MsgBox IUSRUserName
Session.property("IISGUESTACCT") = IUSRUserName
0 Kudos