Windows – File upload permissions issue on Windows Server 2008 R2 IIS 7.5 PHP 5.3 with Drupal v.7.26

drupal7iisPHPwindows

I have website on Drupal version: 7.26
OS on server is Windows Server 2008 R2
Web server $_SERVER["SERVER_SOFTWARE"]: Microsoft-IIS/7.5
Server API: CGI/FastCGI

Core

PHP Version: 5.3.28
file_uploads: On
post_max_size: 75M
upload_max_filesize: 50M
upload_tmp_dir: C:\inetpub\wwwroot\tmp
memory_limit: 128M
open_basedir: C:\inetpub\wwwroot;C:\inetpub\wwwroot\tmp

When I go to /admin/config/media/file-system

I see error messages:

The directory sites\default\files exists but is not writable and could not be made writable.
The directory tmp exists but is not writable and could not be made writable.

Public file system path: sites\default\files
Temporary directory: tmp

I have set permissions on folders

C:\inetpub\wwwroot\tmp : IIS_IUSRS : Full control
C:\inetpub\wwwroot\sites\default\files : IIS_IUSRS : Full control

I am working as Administrator user:
C:\Users\Administrator\Downloads>echo %username%
Administrator

I can`t change Read Only Attributes for these folders.
Every time I do this change and press Apply button
and
Apply changes to this folder, subfolders and files
is checked and press OK button it displays Applying attributes… dialog
when it finishing I press OK button on folder properties dialog closing it.
When I open Properties dialog once again I see Read-only is checked again.
How can I fix it?

Best Answer

I have found out cause of this problem.

To fix it:

Set correct permissions in IIS Manager in Anonymous Authentication. Instead of default IUSR built-in account choose Application pool identity, save new settings and restart web application.

Read detailed instructions at: http://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis

To grant an anonymous account rights on the network by using IIS Manager:

Click Start, type INetMgr.exe, and then click Enter. If prompted, click Continue to elevate your permissions.

In the Connections section, click the + button next to the name of your computer.

In IIS Manager, double-click the site that you want to administer.

In the Features View, double-click Authentication.

Select Anonymous Authentication, and then click Edit in the Actions pane.

In the Edit Anonymous Authentication Credentials dialog box, click the Specific user option, and then click Set.

In the Set Credentials dialog box, input the user name and password desired, and then click OK.

Also, set Full permissions for IIS AppPool\DefaultAppPool on folders which should be writable by Drupal web application. In my case it is two folders:

icacls "c:\inetpub\wwwroot\sites\default\files" /grant "IIS AppPool\DefaultAppPool":F
icacls "c:\inetpub\wwwroot\tmp" /grant "IIS AppPool\DefaultAppPool":F

Also, set correct paths in admin File system /admin/config/media/file-system:

Public file system path: sites\default\files

Temporary directory: tmp

Related Topic