ISSUE: People are unable to login to the intranet after they have logged out or closed their session.
SYMPTOMS: A folder inside \inetpub\ was shared and now people are unable to access the intranet when they try. Sometimes a blank screen is seen. Sometimes it's a 500 error. Other times it's a 401 error. People who have not logged out of the intranet are still able to access and navigate the system; after they log out, the site will be inaccessible to them.
Nothing from the inetpub folder down should ever be shared.
Please start by unsharing the folder you shared. Then do the following to return to the default permissions for the wwwroot folder:
- right-click on the wwwroot folder and click Properties
- go to the Security tab and click the Advanced button
- click the "Change Permissions..." button and check the "Include inheritable permissions from this object's parent" checkbox
- remove all permission entries where the "Inherited From" column has a value of "<not inherited>"
- click Apply and verify that the following 5 permission entries are being inherited from the "C:\inetpub\" directory:
TrustedInstaller - Full control
SYSTEM - Full control
Administrators - Full control
Users - Read & execute
CREATOR OWNER - Special
- Once those permissions are verified, click the Add button and enter "IIS_IUSRS" (this is a local account on the web server) for the object name and click OK. Select "Traverse folder / execute file", "List folder / read data", "Read attributes", "Read extended attributes", and "Read permissions" from the permissions list and click OK.
The wwwroot folder should now be set back to the out of the box permissions that come with IIS7.