Why is IIS_IUSRS used instead of IUSR for file permissions?

23,144

Here is a good documentation about groups and users used in IIS 7. IUSR is built-in account for all anonymous authentication. IIS_IUSR is a built-in group has access to all the necessary file and system resources so that an account, when added to this group, can seamlessly act as an application pool identity.

You need to check if Drupal has any account specifically added in the IIS_IUSR group such that giving permission to the group suffices the need.

Going through Drupal document shows that it requires the IIS build-in group permission.

On a Windows system using IIS, right-click on sites/default/settings.php and grant Modify permissions to IIS_WPG (IIS6) or IIS_IUSRS (IIS7).
Share:
23,144

Related videos on Youtube

webworm
Author by

webworm

Updated on September 17, 2022

Comments

  • webworm
    webworm over 1 year

    I was recently setting up a Drupal install on IIS7. The setup instructions required that the IIS_IUSRS account be given, temporarily, write access to the settings.php file so it could write the database configuration to the file.

    In the end I had to edit the file myself and input the database configuration details myself. What I am wondering is why the instruction specified the IIS_IUSRS account rather than the IUSR account.

    Perhaps I am not properly understanding how IIS_IUSRS and IUSR differ.

  • webworm
    webworm over 13 years
    Thanks for the reply. So would I need to add a user to the group IIS_IUSRS for it to have any effect? You see, I did give the IIS_IUSRS group write permissions to settings.php file but Drupal still seemed unable to write to it.
  • MikeT
    MikeT over 13 years
    in that case I would use Process Monitor and check what permission Drupal is looking for.