Hi all, need help -
As part of a ASP-based AD account creation tool, I need to
set file permissions on the newly-created user's home
folders. I'm using CACLS to do this and calling it from
within the ASP page. The page is used by instructors who
do not have admin rights (OU that they work in has been
delegated to them and they have "Modify" and
various "Special" NTFS permissions on the home share,
including "Change Permissions". I'm running in Integrated
Windows Authentication mode with Anonymous Access disabled.
This has worked fine under W2K for over a year and almost
1400 accounts. However, I rebuilt my server w/ Windows
2003 last week and now it only works for admins. The non-
admins can still create accounts, but they are getting
a "permission denied" on the line of code in the ASP page
that runs the CACLS command.
I've tried a couple of things, including changing the
Application Pool Identity to LocalSystem and ensuring that
Scripts/Executables are selected on the Home Directory
page. I even went as far as invoking IIS5 Isolation Mode
and turning the Process Isolation Level down to Low (what
I had to do in W2K for it to work) but still no success.
Again, it works for anyone w/ admin rights, but thats not
an option. Any thoughts out there? I really need this to
work again - we add 40-80 users a week and its putting me
way behind having to set these permissions, even with a
script.
Thanks as always, please feel free to email me at
we********@gcflearnfree.org if you have any questions or
ideas.
