cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
alegerlotz
Level 7

How to set IIS Permissions on folders

I'm sorry if this has been covered before. I did a search and could not find the information I was looking for.

I am creating a virtual directory in IIS through InstallShield 2008 and populating it with a set of files in one of my installation features.

I need to set the permissions on most of the web site to read only, but have a couple of the directories under the site writeable and one to not even being readable through IIS.

How can I set individual security on these folders in IIS via InstallShield? If the built in IIS functionality in InstallShield 2008 can't do this, how would you go about it?

My project is Basic MSI with some InstallScript custom actions thrown in.

Thanks in advance for any info you can provide.
-Al
Labels (1)
0 Kudos
(5) Replies
m_rudolph
Level 6

A VBScript should do what you need.

http://msdn2.microsoft.com/en-us/library/ms951564.aspx

Sample script from the page:

<%
Dim WebServerRootObj
Dim VDirObj
Dim WritePerm

' Open the object for the first virtual Web server root
Set WebServerRootObj = GetObject("IIS://MyComputer/W3SVC/1/Root")

' Deny write access for all directories and files
' for the server (except those already specifically set)
' Using the Put method
WebServerRootObj.Put "AccessWrite", False

' Save the changed value to the metabase
WebServerRootObj.SetInfo

' Get a directory subordinate to the Web server root. Note that this line of code assumes
' Vdir1 has already been created.
Set VDirObj = GetObject("IIS://MyComputer/W3SVC/1/Root/Vdir1/Dir1a")

' Overwrite the inherited value for write access
' using the dot method equivalent to Put
VDirObj.AccessWrite = True

' Save the changed value to the metabase
VDirObj.SetInfo
%>
0 Kudos
dongwang
Level 3

Does this work if the folder is not application level instead of a subfolder of it?
e.g, I have setup a virtual path called testsite, url will be http://localhost/testsite,physical path is c:\program files\testpath

under the path, there is an image folder, which is c:\program files\testpath\images

now i want to set the permission on the images folder only. but this script will give you error.coz "images" folder is not in the metamap of IIS.



m.rudolph wrote:
A VBScript should do what you need.

http://msdn2.microsoft.com/en-us/library/ms951564.aspx

Sample script from the page:

<%
Dim WebServerRootObj
Dim VDirObj
Dim WritePerm

' Open the object for the first virtual Web server root
Set WebServerRootObj = GetObject("IIS://MyComputer/W3SVC/1/Root")

' Deny write access for all directories and files
' for the server (except those already specifically set)
' Using the Put method
WebServerRootObj.Put "AccessWrite", False

' Save the changed value to the metabase
WebServerRootObj.SetInfo

' Get a directory subordinate to the Web server root. Note that this line of code assumes
' Vdir1 has already been created.
Set VDirObj = GetObject("IIS://MyComputer/W3SVC/1/Root/Vdir1/Dir1a")

' Overwrite the inherited value for write access
' using the dot method equivalent to Put
VDirObj.AccessWrite = True

' Save the changed value to the metabase
VDirObj.SetInfo
%>
0 Kudos
alegerlotz
Level 7

Right.. I want to do the same thing as 'dongwang'. I have several folders under one virtual directory and I want to set one folder (_private) to have no rights and then I want to set two others to have both read and write permissions.

dongwang wrote:
Does this work if the folder is not application level instead of a subfolder of it?
e.g, I have setup a virtual path called testsite, url will be http://localhost/testsite,physical path is c:\program files\testpath

under the path, there is an image folder, which is c:\program files\testpath\images

now i want to set the permission on the images folder only. but this script will give you error.coz "images" folder is not in the metamap of IIS.
0 Kudos
alegerlotz
Level 7

Thanks for the pointer, m.rudolph. I tried the full script from the web site you referenced. After appending my virtual directory name, I was able to get down to:
<%
Dim WebServerRootObj
Dim VDirObj
Dim WritePerm

' Open the object for the first virtual Web server root
Set WebServerRootObj = GetObject("IIS://MyComputer/W3SVC/1/Root/MyVirtualDir")

' Deny write access for all directories and files
' for the server (except those already specifically set)
' Using the Put method
WebServerRootObj.Put "AccessWrite", False

' Save the changed value to the metabase
WebServerRootObj.SetInfo

' Get a directory subordinate to the Web server root. Note that this line of code assumes
' Vdir1 has already been created.


I get an error on the next line of the script where it tries to get a directory under my virtual directory, which is really what I want to set.

Set VDirObj = GetObject("IIS://MyComputer/W3SVC/1/Root/MyVirtualDir/MyDirectory")

' Overwrite the inherited value for write access
' using the dot method equivalent to Put
VDirObj.AccessWrite = True

' Save the changed value to the metabase
VDirObj.SetInfo
%>


The error I get is "Path Not Found". When I go into the IIS Admin program, that directory is there, under my virutal directory, under my default web site.

Any ideas?? This is my first time working with IIS in this way (obviously...).
0 Kudos
alegerlotz
Level 7

It seems that the way to do this is to create a virtual directory for each specific folder on which you want to set security. The sub folders on the file system under the parent get virtual directories under the parent as well.

So, for example if you have a virtual dir called Top, and that contains 10 folders under it on the file system called folder1, folder2, folder3, ... folder 10. I want all the folders to be read only in IIS, except for folder 2 and folder 5. To do this through InstallShield, it appears as if the right way to do this is to create the virtual directories as follows and set the security accordingly.

- Top (set access to read)
- folder 2 (set access to read and write)
- folder 5 (set access to read and write)
0 Kudos