Removing Everyone Account Stops PERL Sync Script

We're using a perl script to fetch images from the inhouse server & pump them to a remote server with much higher bandwidth.

I want to remove the Everyone account from the target folder on the remote server, so users may only access it with username & password. When I do this, the perl script stops working. I can only assume the perl script is operating under the Everyone account.

How do I change the functionality so that the Everyone account is removed & yet the perl sync script still works?... or perhaps there's a better solution?

Using ActivePerl-5.8.8.816. on Win2k Server running IIS 5.
Server is strictly an image repository, no pages are served from it.
User accounts have already been assigned to target folder.
Under IIS, PerlEx currently has Anonymous access checked, using IUSR_MACHINE-NAME for user account, Allow IIS to control password checked.

Perl sync script was written years ago by a contractor, & they work perfectly on public access servers. Not so well for private servers until I get this resolved. Script is invoked when inhouse renderers finish job & fire off url to perl script with params to fetch the updated imagery.

Please forgive my naivety, I have no experience with perl, bare minimum experience with IIS... only graphics rendering automation. Don't even know where to begin. Any help much appreciated - KD

re: Removing Everyone Account Stops PERL Sync Script

This is a server issues, not a perl issue. I suggest you ask on a IIS server forum. If I knew the answer I would post it but I never use that server.

re: Removing Everyone Account Stops PERL Sync Script

Moving to IIS Forum

--Kevin

re: Removing Everyone Account Stops PERL Sync Script

I believe that you need to understand what you are trying to achieve with authentication (IIS), as well as permissions (directory). How remote is this server?

If you are pushing info, perhaps highest privilege is better?

Here is a support article in case you are having probs with set up:
HOW TO: Configure and Test a PERL Script with IIS 4.0, 5.0, 5.1, and 6.0. HTH.

re: Removing Everyone Account Stops PERL Sync Script

We are trying to get the functionality to work as it does for inhouse servers, in which the image repository folder on the server uses simple directory security.

This folder is under the default IIS Home Directory location... C:\InetPub\wwwroot\FolderX structure, in which FolderX is the image repository folder.

For inhouse source servers- the inherited permissions were removed for this folder using Windows Explorer\Folder Properties\Security Tab\Uncheck "Allow inheritable permissions...". The Administrator account was added with full control, then each user account was added with the following permissions: Read & Execute, List Folder Contents, & Read.

This works fine for the inhouse servers. But... for the big pipe external servers in which the PERL Sync Script is required to PULL imagery from the inhouse source servers, & write them to the equivalent remote folder, this setup does not work.

With inherited permissions enabled on the target folder on the external server, the PERL Sync Script works fine. Once you remove inherited permissions, then add in the administrator accounts, then add in all the user accounts, the PERL Sync Script stops working.

I've tried adding the Local System account, & all other accounts to see if the PERL Sync Script would start working. It is not until you add the Everyone account back in that the PERL Sync Script starts working again.

How can I change the PERL or IIS functionality/permissions/or whatever else it might be so that the PERL Sync Script does not use the Everyone account to work?

I'm not sure if I can make this any clearer. The PERL Sync Script needs to operate on the target folder on the remote server in the absence of the Everyone account, using simple directory security. The remote server is a 1.5 hour drive away from here. Remote Desktop is used to access it.

Any help much appreciated - KD

re: Removing Everyone Account Stops PERL Sync Script

Please confirm that you have read the article and have IIS set up correctly. Thanks.

re: Removing Everyone Account Stops PERL Sync Script

Yes... checked the article, info was irrelevant. As I said previously, the perl script was already working.

I could not find how to permit the script to work without having the Everyone account on the remote server target folder.

I ended up setting IIS\Directory Security\IP address and domain name restrictions to only allow access to the perl script folder from inhouse IPs, as the script is not for public use.

Then I unchecked Anonymous Access for the image repository folder in IIS\Directory Security\Anonymous access and authentication control.

Not a perfect solution, and I'm paranoid about IP spoofing and the Everyone account with modify/write access, but the perl sync script is working fine & content retrieval requires username & password. - KD