View Full Version : Giving IUSR_(user) and IWAM_(user)permissions on a folder

02-10-2006, 11:06 AM
:confused: i was wondering if it's now possible with IS 11.5 to retrieve IWAM and IUSR usernames, and giving an IWAM and/or IUSR permissions on a file or folder?!!! :confused:

02-13-2006, 07:32 PM
With ISMP this task looks highly unlikely. Could it be that you are targeting MSI/InstallScript? If not, then you would need to either use VBS/C# or JNI to change/access this information.

02-23-2006, 04:31 AM
With ISMP this task looks highly unlikely. Could it be that you are targeting MSI/InstallScript? If not, then you would need to either use VBS/C# or JNI to change/access this information.

Thanks for the help. I found the following script but i donno how to use(in InstallScript MSI project). I managed to add the script as a custom action but i donno what i possibly could do to get the variables out of this VBS and use it while i'm changing a folder's permission property?!
Could u plz help me with this!!???!!! :confused: :confused:

Dim IIsObject, IUSRUserName, IUSRUserPass, IWAMUserName, IWAMUserPass
Set IIsObject = GetObject ("IIS://localhost/w3svc")
IUSRUserName = IIsObject.Get("AnonymousUserName")
IUSRUserName = IIsObject.Get("AnonymousUserPass")
IWAMUserName = IIsObject.Get("WAMUserName")
IWAMUserPass = IIsObject.Get("WAMUserPass")

02-23-2006, 01:56 PM
To modify the directory permissions you'd need to run CACLS.EXE. That is what I do currently. Once you get the user name you can pass it to cacls.exe and be done with it. For more info on cacls.exe type cacls.exe /? from dos command prompt.

' call cacls routine
Call runCacls(enquotedDirPath, IUSRUserName)

Sub runCacls(baseDir, account)
Dim objShell
Set objShell = WScript.CreateObject("WScript.Shell")

Const SILENTMODE = 7 'do not open any windows
Const PERMS = ":C" ':C is read, write, execute permissions

Dim strCommand
strCommand = "cacls " & baseDir & " /T /E /P " & account & PERMS

Call objShell.Run(strCommand, SILENTMODE)
End Sub

02-24-2006, 04:05 AM
thaks for the quick reply, i've managed to put the IUSR/IWAM username info to a set of property values. the problem starts from there....I've tried to make property value from my VBS by using the folowing code line.

Property("IWAMUserName") = IIsObject.Get("WAMUserName")

During the installation i try to call on the property values by using the following code line:


The problem is now that while calling the property value i can put the data i got from the property into a messagebox(directy from the VBS) but cannot use it(or pass it elsewhere) while i'm setting folders permissions(via folder property window).

My property name is for example IWAMUserName and i punt [IWAMUserName] as a property value in the folder property manager window as a user that has permissions on the folder.
After the installation is completed, i check the user permissions of the folder and i see something like BUILTIN\BUILTIN\BUILTIN instead of IWAM_<UserName>.

The property value seem to the get lost somewhere during the installation process and the funny thing is, i don't get any error that indicates that the property value i'm using is an invalid windows username.....

that's actually what my problem is right now...

and another thing, is it possible to change permissions on certain files using CACLS.EXE?! cause i should change permissions on folders AND files.

thanks again for your quick reply,
and sorry for my bad english ;)

02-24-2006, 04:41 AM
I solved the problem...

first i made some properties for IWAM/IUSR user info. then i used the following VBS code(as immidiate action) to get IWAM/IUSR user info from the target System to set the property values i had made before. After doing that i'm able to use the IWAM/IUSR info enywhere i want during the installation process. :D :D

Dim IIsObject, IWAMUserName
Set IIsObject = GetObject ("IIS://localhost/w3svc")
Session.Property("IUSRUserName") = IIsObject.Get("AnonymousUserName")
Session.Property("IUSRUserPass") = IIsObject.Get("AnonymousUserPass")
Session.Property("IWAMUserName") = IIsObject.Get("WAMUserName")
Session.Property("IWAMUserPass") = IIsObject.Get("WAMUserPass")


02-24-2006, 12:57 PM

I usually get the information straight from the Virtual Directory itself.

'Get handle to an IIsWebVirtualDir IIS ADSI object
Dim website
' findweb code can be found at http://www.iisfaq.com/Default.aspx?tabid=2754
' computer and website are passed in as strings
Set website = findWeb(computer, websiteName)

if ((Not IsObject(website)) Or (Err <> 0)) Then
Call AppendFile(WScript.Arguments(6), ERR_VAL & "Unable to find " & WebsiteName & " on " & computer)
Exit Sub
End If

'Get handle to the virtual root directory
Dim vRoot
Set vRoot = website.GetObject("IIsWebVirtualDir", "Root")

if ((Not IsObject(vRoot)) Or (Err <> 0)) Then
Call AppendFile(WScript.Arguments(6), ERR_VAL & "Unable to access root for " & website.ADsPath)
Exit Sub
End If

'Create/Update the virtual directory named by the 2nd command line parameter to this script
Dim vDir
Set vDir = vRoot.GetObject("IIsWebVirtualDir", dirname)
WScript.Echo "Anonymous user " & vDir.AnonymousUserName

Anyway, I am glad you've solved the issue.

08-05-2009, 12:02 PM
I needed to add the Internet Guest Account so I created a new property, iisguestacct.
according to http://technet.microsoft.com/en-us/library/bb693984.aspx, guest acct is IUSR_<computername> so I created a custom action to set the new property using IUSR_ComputerName as the value.
Then went into the properties of the folder to set permissions and used my new property as the user and selected my permissions.
Seems to work.

08-07-2009, 10:06 AM
Ran into a problem with some of out VMs. They are clones and the account is the original computers name. Had to set the property using the code from this thread:
Dim IIsObject, IUSRUserName
On error resume next
Set IIsObject = GetObject ("IIS://localhost/w3svc")
IUSRUserName = IIsObject.Get("AnonymousUserName")
'MsgBox IUSRUserName
Session.property("IISGUESTACCT") = IUSRUserName