How do I set folder permissions to the application pool identity?


(Fernando Auresco) #1

I need to set write permission to a folder to the Application Pool Identity. I am trying to use the step called “File Sytem - grant permission”, it does not fail but also does not set the permissions.

In the “Write Users” property of the step I am using the value “IIS AppPool\Something”. This is the log file from the deployment task:

Path: D:\SitesRC\Something\logs
Adding read permissions for IIS AppPool\Something
Adding write permissions for IIS AppPool\Something
Adding modify permissions for IIS AppPool\Something
Complete

But when I go to the security tab of the “logs” folder, the user “Something” is not listed.

Am I doing something wrong? Or do I have to use another method to set permissions to the application pool identity? Maybe it is not recognizing the “IIS AppPool” thing.

Thanks!


(Matthew Casperson) #3

Hi @Fernando_Auresco, thanks for reaching out.

The settings you have described appear to be correct, so it may be an issue with the community step that is preventing the permissions from being applied.

Can you try setting the permissions with a script step and the following call to ICACLS? This will set the permissions directly, and any errors with this command will help you narrow down the root issue.

ICACLS "D:\SitesRC\Something\logs" /grant "IIS AppPool\Seomthing:M" /t

The Microsoft documentation at https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities#securing-resources has more details on this command.

Regards
Matt C


(Fernando Auresco) #4

It works, thanks Matthew!

Also I have managed to get working with the community step as well, it turns out that I was setting the permissions in the parent folder instead, after some rest sometimes we can see things better! :wink:

Thanks!