IIS and NTFS Permissions requirements for PlateSpin Migrate and Protect

  • 7920718
  • 16-Jun-2006
  • 22-Mar-2013

Environment

PlateSpin Migrate or Protect installed.

Situation

This article provides the recommended IIS and NTFS Security permissions in order to install and use PlateSpin Migrate or Protect.

Resolution

IIS Permissions:

OFXWEB Virtual Directory:
Anonymous Access: NO
Windows Integrated Authentication: YES

OFXWEB\packages Virtual Directory:
Anonymous Access: YES
Windows Integrated Authentication: NO

ControllerNotification.asmx, ControllerPackageDownload.aspx, and OfxInternal.asmx (under OFXWEB):
Anonymous Access: YES
Windows Integrated Authentication: NO

All other files under OFXWEB Virtual Directory:
Anonymous Access: NO
Windows Integrated Authentication: YES

PLATESPINMIGRATE Virtual Directory:

Anonymous Access: NO
Windows Integrated Authentication: YES

ConfigServiceNotification.asmx and ConfigServiceNotificationData.asmx (under PLATESPINMIGRATE):
Anonymous Access: YES
Windows Integrated Authentication: NO

All other files under PLATESPINMIGRATE Virtual Directory:
Anonymous Access: NO
Windows Integrated Authentication: YES


By default anonymous access is granted using the IUSR_<MACHINENAME> account which is typically part of the GUEST group.  Please verify that there are no domain or group policies that may reject remote logins using this account.


NTFS Security Permissions:

LOCATION

ACCOUNT

PERMISSIONS

*- Root of the drive containing the Inetpub folder and the PlateSpin Migrate installation

NETWORK SERVICE 

Read

Inetpub, *- Program Files, and *- Program Files (x86) (Program Files folder/s only require modification if PlateSpin Migrate will be installed to that directory)

NETWORK SERVICE

Read, List Folder Contents, Read & Execute

*- \Documents and Settings\Default User\Local Settings\Application Data

NETWORK SERVICE

Read, List Folder Contents, Read & Execute

\%WINDIR%\Temp

NETWORK SERVICE

Write, Read, List Folder Contents, Read & Execute, Modify

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files

And, if it exists:

C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files

NETWORK SERVICE

Write, Read, List Folder Contents, Read & Execute, Modify

 
Note: Any location preceded by "*-" cannot be modified in Windows 2008.
Note: If the Migrate server is a member of the domain, ensure that the location is set to the local machine instead of the domain when adding the NETWORK SERVICE account.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.