Jump to content

Powershell - Folder permissions for IIS App Pools


Hopsta
 Share

Recommended Posts

Hi,

 

Been pulling my hair out trying to script the setup of folder permissions for use with custom IIS App Pools.  As the user is not a proper system user i'm struggling to get this working, google isn't throwing up much so thought i'd try here.

 

Sample of script below

 

$mypath = 'c:\inetpub\mysite\files'
$Acl = Get-Acl $mypath
Set-Acl $mypath  $Acl
$Acl = Get-Acl $mypath
$user = New-Object System.Security.Principal.NTAccount("iis apppool\myapppool")
$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("$user","Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$Acl.SetAccessRule($Ar)
Set-Acl $mypath $Acl
 
errors with
 
Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
At line:7 char:1
+ $Acl.SetAccessRule($Ar)
+ ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : IdentityNotMappedException
 
 
 
:beer:
Link to comment
Share on other sites

Where is this from?

 

$user = New-Object System.Security.Principal.NTAccount("iis apppool\myapppool")

 

You can't set a user context as an IIS pool property? That's trying to set the $user as user 'iis apppool\myapppool'. Usually that would be a username of some sort. Like this:

 

$user = New-Object System.Security.Principal.NTAccount("domainname","username")

Edited by Mac
Link to comment
Share on other sites

So you're trying to modify the ACL of that folder, with that user. You won't be able to do it that way. You'll either need to work with the SID of the user (or simulate one for the app pool I imagine), or just cheat and use powershell to call iACLs instead, far easier.

Edited by Mac
Link to comment
Share on other sites

Thanks Mac, the user is dynamic so needed to be parametrised as part of the run time.

Finally worked it out this morning and also realised I was calling bits before they were declared, joys of late night scripting on the sofa :smashfreak:

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...