I am trying to set up FTP Publishing for a Site in IIS 8.5 (Windows Server 2012 R2) with a IISManagerAuth user. Unfortunately, I'm getting the dreaded Error 530-User cannot log in. It works perfectly with a Windows user, however. On further inspection, I got these messages:
530-User cannot log in.
Win32 error: Access is denied.
Error details: Filename: \\?\C:\Windows\system32\inetsrv\config\redirection.config
Error: Cannot read configuration file due to insufficient permissions
This seems to be the same problem detailed here: IIS 7.5, on Windows 7, IIS User can't log in, "Cannot read configuration file due to insufficient permissions"
The solution there is to grant Read Permission for the config folder and two files to Network Service:
ICACLS "%SystemDrive%\Windows\System32\inetsrv\config" /Grant "Network Service":R /T
ICACLS "%SystemDrive%\Windows\System32\inetsrv\config\administration.config" /Grant "Network Service":R
ICACLS "%SystemDrive%\Windows\System32\inetsrv\config\redirection.config" /Grant "Network Service":R
However, to the best of my knowledge this user is dead and gone in IIS 8 and upwards, replaced with ApplicationPoolIdentity.
This is all pretty straightforward when setting permissions for the physical folders of a site: IIS APPPOOL\Poolname
As an experiment I have tried to grant read access on the folder and files mentioned above to this user, but that did not do the trick.
So I'm pretty much stumped, does anybody know which user is used to read these config files for IISManagerAuth? Which user needs permissions here? Or am I doing it completely wrong and the problem is completely different?
Thanks for your help!
Best Answer
I figured it out!
You need to add permissions on %SystemDrive%\Windows\System32\inetsrv\config
Add "Network Service" and give it Read permissions for the folder. I got an error about a subfolder when I did this... but it worked anyways.