Permission Issue with IIS7.5


I ran into this issue when trying to set up tm4tm. I tried to set up a new remote for


This command executes ok.



But here is the problem.



Sensing that it might be a permission issue, I set on a quest. After a while I hit on this blog post –


The ApplicationPoolIdentity is assigned membership of the Users group as well as theIIS_IUSRS group. On first glance this may look somewhat worrying, however the Users group has somewhat limited NTFS rights.

For example, if you try and create a folder in the C:\Windows folder then you’ll find that you can’t. TheApplicationPoolIdentity still needs to be able to read files from the windows system folders (otherwise how else would the worker process be able to dynamically load essential DLL’s).

With regard to your observations about being able to write to your c:\dump folder. If you take a look at the permissions in the Advanced Security Settings, you’ll see the following:


All of the sudden it makes sense. Checking the permissions on the .git directory


And there is no write or modify permission.

Fixing that:


And we have ignition




This raises an interesting security question, which I am not sure how to solve yet. I just gave the Users group write and modify permissions onto the .git folder. This means that anyone with user access to the box can manipulate TeamMentor content. Probably not the most desirable thing to do.



This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s