"Larry" <La***@discussions.microsoft.com> wrote in message
news:B9A38124-01C7-4EE6-9ADE-CF6E4FB67CBF@microsoft.com...
>I have an ASP.NET site hosted on an SBS 2003 server.  The server is a day
>old
> and no changes have been made to IIS with respect to user rights, etc.
> I have configured IIS_WPG to have the rights necessary to access what
> needs
> to be accessed on my site folder.  I have set this up many times before
> via
> the same script on non-SBS servers.  However, the web app cannot
> manipulate
> the folder as it should be able to based on these rights.  I have verified
> this by temporarily giving "everyone" full rights to the folder and the
> web
> app runs fine.
> I know that ASP.NET application is running in a pool where NETWORK SERVICE
> is the runtime context:
> System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT
> AUTHORITY\NETWORK SERVICE
>
> I have read a couple articles that explain that on a fresh install of IIS
> 6,
> "NETWORK SERVICE" should be a member of IIS_WPG.  Well, on my new install,
> it
> is not.
> So, I opened up the DefaultAppPools node of IIS Mgr and opened the IIS_WPG
> Properties and at the "Members" tab, no "NETWORK SERVICE" in the list.
> There
> is IWAM_machinename, and "SharePoint...bla.bla.".  I attempt to add
> "NETWORK
> SERVICE", but it does not appear to be a user that can be selected from
> Active Directory.
> I am stuck at this point because either the OS has a bug, SBS 2003 is
> "different again" from vanilla servers, the MSDN article is wrong, or I'm
> seeing things.
> I will be greatly appreciative if someone can tell me which is the case
> and
> set me straight.
> Regards,
> Larry

"Larry" <La***@discussions.microsoft.com> wrote in message
news:B9A38124-01C7-4EE6-9ADE-CF6E4FB67CBF@microsoft.com...
:I have an ASP.NET site hosted on an SBS 2003 server.  The server is a day
old
: and no changes have been made to IIS with respect to user rights, etc.
: I have configured IIS_WPG to have the rights necessary to access what
needs
: to be accessed on my site folder.  I have set this up many times before
via
: the same script on non-SBS servers.  However, the web app cannot
manipulate
: the folder as it should be able to based on these rights.  I have verified
: this by temporarily giving "everyone" full rights to the folder and the
web
: app runs fine.
: I know that ASP.NET application is running in a pool where NETWORK SERVICE
: is the runtime context:
: System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT
: AUTHORITY\NETWORK SERVICE
:
: I have read a couple articles that explain that on a fresh install of IIS
6,
: "NETWORK SERVICE" should be a member of IIS_WPG.  Well, on my new install,
it
: is not.
: So, I opened up the DefaultAppPools node of IIS Mgr and opened the IIS_WPG
: Properties and at the "Members" tab, no "NETWORK SERVICE" in the list.
There
: is IWAM_machinename, and "SharePoint...bla.bla.".  I attempt to add
"NETWORK
: SERVICE", but it does not appear to be a user that can be selected from
: Active Directory.
: I am stuck at this point because either the OS has a bug, SBS 2003 is
: "different again" from vanilla servers, the MSDN article is wrong, or I'm
: seeing things.
: I will be greatly appreciative if someone can tell me which is the case
and
: set me straight.
: Regards,
: Larry

"Ken Schaefer" wrote:

> Hi,
>
> Network Service should be available from the drop-down list of preconfigured
> identities (along with Local System and Local Service). I just checked on my
> SBS2003 box.
>
> What are the exact preconfigured identities that you are seeing?
>
> Cheers
> Ken
>
>
> "Larry" <La***@discussions.microsoft.com> wrote in message
> news:B9A38124-01C7-4EE6-9ADE-CF6E4FB67CBF@microsoft.com...
> :I have an ASP.NET site hosted on an SBS 2003 server.  The server is a day
> old
> : and no changes have been made to IIS with respect to user rights, etc.
> : I have configured IIS_WPG to have the rights necessary to access what
> needs
> : to be accessed on my site folder.  I have set this up many times before
> via
> : the same script on non-SBS servers.  However, the web app cannot
> manipulate
> : the folder as it should be able to based on these rights.  I have verified
> : this by temporarily giving "everyone" full rights to the folder and the
> web
> : app runs fine.
> : I know that ASP.NET application is running in a pool where NETWORK SERVICE
> : is the runtime context:
> : System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT
> : AUTHORITY\NETWORK SERVICE
> :
> : I have read a couple articles that explain that on a fresh install of IIS
> 6,
> : "NETWORK SERVICE" should be a member of IIS_WPG.  Well, on my new install,
> it
> : is not.
> : So, I opened up the DefaultAppPools node of IIS Mgr and opened the IIS_WPG
> : Properties and at the "Members" tab, no "NETWORK SERVICE" in the list.
> There
> : is IWAM_machinename, and "SharePoint...bla.bla.".  I attempt to add
> "NETWORK
> : SERVICE", but it does not appear to be a user that can be selected from
> : Active Directory.
> : I am stuck at this point because either the OS has a bug, SBS 2003 is
> : "different again" from vanilla servers, the MSDN article is wrong, or I'm
> : seeing things.
> : I will be greatly appreciative if someone can tell me which is the case
> and
> : set me straight.
> : Regards,
> : Larry
>
>
>

"Larry" <La***@discussions.microsoft.com> wrote in message
news:337F3F8E-DA93-40FC-9EC6-D5B6CF4F7167@microsoft.com...
:I really looked hard.  There is no way to get NETWORK SERVICE to be a
member
: of the group.  It will not appear in the list of users/group when trying
to
: add it to the IIS_WPG group, and you cannot type it in.
:
: Per David Wang's response, I would guess that this has been disabled on a
: later (or earlier?) version of SBS2003 than you have.  This is probably
the
: result of a security patch at some point.
:
: MSFT really makes our lives easy, huh?
:
: Thanks,
: Larry
:
: "Ken Schaefer" wrote:
:
: > Hi,
: >
: > Network Service should be available from the drop-down list of
preconfigured
: > identities (along with Local System and Local Service). I just checked
on my
: > SBS2003 box.
: >
: > What are the exact preconfigured identities that you are seeing?
: >
: > Cheers
: > Ken
: >
: >
: > "Larry" <La***@discussions.microsoft.com> wrote in message
: > news:B9A38124-01C7-4EE6-9ADE-CF6E4FB67CBF@microsoft.com...
: > :I have an ASP.NET site hosted on an SBS 2003 server.  The server is a
day
: > old
: > : and no changes have been made to IIS with respect to user rights, etc.
: > : I have configured IIS_WPG to have the rights necessary to access what
: > needs
: > : to be accessed on my site folder.  I have set this up many times
before
: > via
: > : the same script on non-SBS servers.  However, the web app cannot
: > manipulate
: > : the folder as it should be able to based on these rights.  I have
verified
: > : this by temporarily giving "everyone" full rights to the folder and
the
: > web
: > : app runs fine.
: > : I know that ASP.NET application is running in a pool where NETWORK
SERVICE
: > : is the runtime context:
: > : System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT
: > : AUTHORITY\NETWORK SERVICE
: > :
: > : I have read a couple articles that explain that on a fresh install of
IIS
: > 6,
: > : "NETWORK SERVICE" should be a member of IIS_WPG.  Well, on my new
install,
: > it
: > : is not.
: > : So, I opened up the DefaultAppPools node of IIS Mgr and opened the
IIS_WPG
: > : Properties and at the "Members" tab, no "NETWORK SERVICE" in the list.
: > There
: > : is IWAM_machinename, and "SharePoint...bla.bla.".  I attempt to add
: > "NETWORK
: > : SERVICE", but it does not appear to be a user that can be selected
from
: > : Active Directory.
: > : I am stuck at this point because either the OS has a bug, SBS 2003 is
: > : "different again" from vanilla servers, the MSDN article is wrong, or
I'm
: > : seeing things.
: > : I will be greatly appreciative if someone can tell me which is the
case
: > and
: > : set me straight.
: > : Regards,
: > : Larry
: >
: >
: >

: > I am asking you to locate the relevent Web App
: > Pool in your IIS Manager, right-click choose Properties, and go to the
: > "Identity" tab. In the "Preconfigured" drop-down list, what options are
: > available?
:
: Yes, I was aware of this and I see what you are probably seeing -
:
: network service
: local service
: local system
:
: Currently, "network service" is selected and I believe was the default
since
: I never changed it.
: >
: > In terms of adding Network Service to IIS_WPG - that's not possible
AFAIK.
:
: It is possible (and the default I think) on Win2003 - non SBS.
: Also, what does AFAIK mean?

"Ken Schaefer" wrote:

> "Larry" <La***@discussions.microsoft.com> wrote in message
> news:DD42A1FD-86B7-4A28-AE59-5FB1426ECFF2@microsoft.com...
> : Thanks Ken, please read inline...
> :
> : > What are you talking about?
> :
> : Go to AD - Users & Computers
> : open IIS_WPG
> : click the "Members" tab.
> : ---->Can't add "NETWORK SERVICE"
> : I can do this in Win2003 - non SBS flavors.
>
>
> Can you do this on a Windows 2003 *Domain Controller*? I wasn't aware that
> you could. You should be able to do this on a Windows 2003 member server.
>
>

>
> : > I am asking you to locate the relevent Web App
> : > Pool in your IIS Manager, right-click choose Properties, and go to the
> : > "Identity" tab. In the "Preconfigured" drop-down list, what options are
> : > available?
> :
> : Yes, I was aware of this and I see what you are probably seeing -
> :
> : network service
> : local service
> : local system
> :
> : Currently, "network service" is selected and I believe was the default
> since
> : I never changed it.
> : >
> : > In terms of adding Network Service to IIS_WPG - that's not possible
> AFAIK.
> :
> : It is possible (and the default I think) on Win2003 - non SBS.
> : Also, what does AFAIK mean?
>
> AFAIK - As far as I know.
>
>
> : > That's got nothing to do with a security patch. It's because Network
> Service
> : > is treated as a foreign security principal from an external trusted
> domain,
> : > not from your AD domain.
> :
> : I wish I fully understood that statement...:)
> : Also, another network admin told me that on another install of SBS2003
> that
> : "network service" WAS a member of IIS_WPG, which is why I was wondering if
> : there was a change or he was seeing things.
>
> Network Service should be part of the IIS_WPG group - I checked on my
> SBS2003 box.
>

"Larry" <La***@discussions.microsoft.com> wrote in message
news:27A1CF63-815D-483D-AFAE-7236D8D1E9AA@microsoft.com...
:
: > "Larry" <La***@discussions.microsoft.com> wrote in message
: > news:DD42A1FD-86B7-4A28-AE59-5FB1426ECFF2@microsoft.com...
: > : Thanks Ken, please read inline...
: > :
: > : > What are you talking about?
: > :
: > : Go to AD - Users & Computers
: > : open IIS_WPG
: > : click the "Members" tab.
: > : ---->Can't add "NETWORK SERVICE"
: > : I can do this in Win2003 - non SBS flavors.
: >
: >
: > Can you do this on a Windows 2003 *Domain Controller*? I wasn't aware
that
: > you could. You should be able to do this on a Windows 2003 member
server.
: >
: >
:
: My test Win2003 box is not a domain controller.

: > Service
: > : > is treated as a foreign security principal from an external trusted
: > domain,
: > : > not from your AD domain.
: > :
: > : I wish I fully understood that statement...:)
: > : Also, another network admin told me that on another install of SBS2003
: > that
: > : "network service" WAS a member of IIS_WPG, which is why I was
wondering if
: > : there was a change or he was seeing things.
: >
: > Network Service should be part of the IIS_WPG group - I checked on my
: > SBS2003 box.
: >
:
: hmmm... it's not on this SBS2003 box...but it was on another, and it is on
: yours, and I can't add it...
: oh well, there seems to be no clear answer.
:
: Perhaps a Microsoft expert can explain why the variation exists, now that
: it's been proven I am not seeing things.

:
: Thanks,
: Larry