Thursday 17 April 2008

Insufficient Permissions on web.config when delegating administration of a web site to remote users in IIS 7

****** Note: This post has been revisited with new, and better, advice here! ******

Preparing a talk I'm giving at NxtGenUG Southampton tomorrow evening on IIS 7s ability to allow the administration of aspects of web sites and web applications to be delegated to non-admins I started to get a really frustrating error.

"Error: Cannot write configuration file due to insufficient permissions"Delegating IIS 7 admin error

I looked into this for a little while, without finding anything of use, before I spotted that the WMSvc (Web Management Service I presume) had explicit read permissions on the applicationHost.config file. Now this user/principal/whatever was no where to be found when I tried to give it permissions to my web app's so I tried giving Service permissions instead, and bingo! It worked. My remote client could now set the permissions I was trying to set.

Now I'm only a Dev, and I'm sure that this is probably not the best (or even a good) solution, so I'm open to any better ideas. What it does strike me though is that this might be a not too bad example of why Admin's don't want to give Dev's like me access to their servers, let alone administrator privileges on them, and so why this facility, which is new in IIS 7, is so great.