"Jeff Cochran" wrote:

> On Mon, 9 May 2005 14:28:04 -0700, "ThomsonWest"
> <ThomsonW***@discussions.microsoft.com> wrote:
>
> >During our build process and IIS 6 install we move the IIS log files to a
> >non-OS partition local to the server and set the NTFS permissions to allow a
> >specific user group read access to the IIS logfiles directory. Once a user
> >hits the website IIS creates a directory W3svcX for each site. In doing so
> >the inherit permissions attribute does not carry down from the parent
> >directory to the IIS logfiles directory (W3SVC?) as it did in IIS 5.
>
> That's a Windows thing.  Make sure the appropriate accounts in your
> group have the appropriate rights.  Check a Windows admin group for
> help and further detals.
>
> >Any suggestions short of pre-creating each "W3svcX" directory that will
> >allow IIS to create the log file directory and log file so the NTFS
> >permissions we set in our install process also carry down to the directories
> >IIS creates? Manually creating a directory at the parent will have the
> >inherit permissions checked in the same directory without any issues.
>
> Again, not an IIS issue but rather a Windows administration issue.
> You could script the directory creation before the logfiles are
> written of course, along with scripting correct permissions.
>
> Jeff
>

"Ducks" <Du***@discussions.microsoft.com> wrote in message
news:0CCE2907-E4DA-4B5B-A4C0-ED5AE95BEEF5@microsoft.com...
> We are scripting the move of the IIS logfiles and setting the appropriate
> permissions at the root directory for the IIS logfiles.
> d:\data\iis\logfiles.
> The issue occurs when IIS creates the W3SVC dirctory and log file, the
> permissions we set at  d:\data\iis\logfiles directory with the inherrit
> permissions enabled do not carry down to the directory W3SVC that IIS
> creates
> when the site is hit for the first time. The same behavior holds true if
> we
> leave the extended logging pointed to the default logging directory when
> IIS
> installed. Only permissions that are set at "W3SVC, which IIS creates" are
> the "default permissions" for IIS for this directory which are
> Administrator
> and the System accounts. If a file is manually created at this location
> the
> new folder carries the inherrit permissions attribute flag as expected.
>
> "Jeff Cochran" wrote:
>
>> On Mon, 9 May 2005 14:28:04 -0700, "ThomsonWest"
>> <ThomsonW***@discussions.microsoft.com> wrote:
>>
>> >During our build process and IIS 6 install we move the IIS log files to
>> >a
>> >non-OS partition local to the server and set the NTFS permissions to
>> >allow a
>> >specific user group read access to the IIS logfiles directory. Once a
>> >user
>> >hits the website IIS creates a directory W3svcX for each site. In doing
>> >so
>> >the inherit permissions attribute does not carry down from the parent
>> >directory to the IIS logfiles directory (W3SVC?) as it did in IIS 5.
>>
>> That's a Windows thing.  Make sure the appropriate accounts in your
>> group have the appropriate rights.  Check a Windows admin group for
>> help and further detals.
>>
>> >Any suggestions short of pre-creating each "W3svcX" directory that will
>> >allow IIS to create the log file directory and log file so the NTFS
>> >permissions we set in our install process also carry down to the
>> >directories
>> >IIS creates? Manually creating a directory at the parent will have the
>> >inherit permissions checked in the same directory without any issues.
>>
>> Again, not an IIS issue but rather a Windows administration issue.
>> You could script the directory creation before the logfiles are
>> written of course, along with scripting correct permissions.
>>
>> Jeff
>>

"Ducks" <Du***@discussions.microsoft.com> wrote in message
news:0CCE2907-E4DA-4B5B-A4C0-ED5AE95BEEF5@microsoft.com...
> We are scripting the move of the IIS logfiles and setting the appropriate
> permissions at the root directory for the IIS logfiles.
> d:\data\iis\logfiles.
> The issue occurs when IIS creates the W3SVC dirctory and log file, the
> permissions we set at  d:\data\iis\logfiles directory with the inherrit
> permissions enabled do not carry down to the directory W3SVC that IIS
> creates
> when the site is hit for the first time. The same behavior holds true if
> we
> leave the extended logging pointed to the default logging directory when
> IIS
> installed. Only permissions that are set at "W3SVC, which IIS creates" are
> the "default permissions" for IIS for this directory which are
> Administrator
> and the System accounts. If a file is manually created at this location
> the
> new folder carries the inherrit permissions attribute flag as expected.
>
> "Jeff Cochran" wrote:
>
>> On Mon, 9 May 2005 14:28:04 -0700, "ThomsonWest"
>> <ThomsonW***@discussions.microsoft.com> wrote:
>>
>> >During our build process and IIS 6 install we move the IIS log files to
>> >a
>> >non-OS partition local to the server and set the NTFS permissions to
>> >allow a
>> >specific user group read access to the IIS logfiles directory. Once a
>> >user
>> >hits the website IIS creates a directory W3svcX for each site. In doing
>> >so
>> >the inherit permissions attribute does not carry down from the parent
>> >directory to the IIS logfiles directory (W3SVC?) as it did in IIS 5.
>>
>> That's a Windows thing.  Make sure the appropriate accounts in your
>> group have the appropriate rights.  Check a Windows admin group for
>> help and further detals.
>>
>> >Any suggestions short of pre-creating each "W3svcX" directory that will
>> >allow IIS to create the log file directory and log file so the NTFS
>> >permissions we set in our install process also carry down to the
>> >directories
>> >IIS creates? Manually creating a directory at the parent will have the
>> >inherit permissions checked in the same directory without any issues.
>>
>> Again, not an IIS issue but rather a Windows administration issue.
>> You could script the directory creation before the logfiles are
>> written of course, along with scripting correct permissions.
>>
>> Jeff
>>

"David Wang [Msft]" <some***@online.microsoft.com> wrote in message
news:OJbfl1gVFHA.2796@TK2MSFTNGP09.phx.gbl...
> It is by design.
>
> HTTP.SYS will set its own ACLs when it creates the log file and directory.
>
> If the logfile's directory is already there, then HTTP.SYS will use the
> existing ACLs.
>
> We did know about this before release, and the current behavior is a
> compromise (it used to be HTTP.SYS sets its own ACLs, period).
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "Bernard" <qbern***@hotmail.com.discuss> wrote in message
> news:ufUFu$dVFHA.2960@TK2MSFTNGP15.phx.gbl...
> Not sure if this is by design. but those log paths created by IIS will NOT
> inherit the permissions from parent directory. I know, it's really
> troublesome to manually set it, but that's the only way to change it. You
> can try tools like xcacls.exe to set it.
>
> --
> Regards,
> Bernard Cheah
> http://www.microsoft.com/iis/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/bernard/
>
>
> "Ducks" <Du***@discussions.microsoft.com> wrote in message
> news:0CCE2907-E4DA-4B5B-A4C0-ED5AE95BEEF5@microsoft.com...
>> We are scripting the move of the IIS logfiles and setting the appropriate
>> permissions at the root directory for the IIS logfiles.
>> d:\data\iis\logfiles.
>> The issue occurs when IIS creates the W3SVC dirctory and log file, the
>> permissions we set at  d:\data\iis\logfiles directory with the inherrit
>> permissions enabled do not carry down to the directory W3SVC that IIS
>> creates
>> when the site is hit for the first time. The same behavior holds true if
>> we
>> leave the extended logging pointed to the default logging directory when
>> IIS
>> installed. Only permissions that are set at "W3SVC, which IIS creates"
>> are
>> the "default permissions" for IIS for this directory which are
>> Administrator
>> and the System accounts. If a file is manually created at this location
>> the
>> new folder carries the inherrit permissions attribute flag as expected.
>>
>> "Jeff Cochran" wrote:
>>
>>> On Mon, 9 May 2005 14:28:04 -0700, "ThomsonWest"
>>> <ThomsonW***@discussions.microsoft.com> wrote:
>>>
>>> >During our build process and IIS 6 install we move the IIS log files to
>>> >a
>>> >non-OS partition local to the server and set the NTFS permissions to
>>> >allow a
>>> >specific user group read access to the IIS logfiles directory. Once a
>>> >user
>>> >hits the website IIS creates a directory W3svcX for each site. In doing
>>> >so
>>> >the inherit permissions attribute does not carry down from the parent
>>> >directory to the IIS logfiles directory (W3SVC?) as it did in IIS 5.
>>>
>>> That's a Windows thing.  Make sure the appropriate accounts in your
>>> group have the appropriate rights.  Check a Windows admin group for
>>> help and further detals.
>>>
>>> >Any suggestions short of pre-creating each "W3svcX" directory that will
>>> >allow IIS to create the log file directory and log file so the NTFS
>>> >permissions we set in our install process also carry down to the
>>> >directories
>>> >IIS creates? Manually creating a directory at the parent will have the
>>> >inherit permissions checked in the same directory without any issues.
>>>
>>> Again, not an IIS issue but rather a Windows administration issue.
>>> You could script the directory creation before the logfiles are
>>> written of course, along with scripting correct permissions.
>>>
>>> Jeff
>>>
>
>
>