Thursday 17 April 2008

Insufficient Permissions on web.config when delegating administration of a web site to remote users in IIS 7

****** Note: This post has been revisited with new, and better, advice here! ******

Preparing a talk I'm giving at NxtGenUG Southampton tomorrow evening on IIS 7s ability to allow the administration of aspects of web sites and web applications to be delegated to non-admins I started to get a really frustrating error.

"Error: Cannot write configuration file due to insufficient permissions"Delegating IIS 7 admin error

I looked into this for a little while, without finding anything of use, before I spotted that the WMSvc (Web Management Service I presume) had explicit read permissions on the applicationHost.config file. Now this user/principal/whatever was no where to be found when I tried to give it permissions to my web app's so I tried giving Service permissions instead, and bingo! It worked. My remote client could now set the permissions I was trying to set.

Now I'm only a Dev, and I'm sure that this is probably not the best (or even a good) solution, so I'm open to any better ideas. What it does strike me though is that this might be a not too bad example of why Admin's don't want to give Dev's like me access to their servers, let alone administrator privileges on them, and so why this facility, which is new in IIS 7, is so great.


Anonymous said...

Don't worry servers, Neil can't hurt you. You're safe :)

Thomas George DeMille said...

If you have it pointed at a working solution, perhaps you have your web.config checked in (thus read only), I checked out my web.config from VSS and it solved this issue.

Neil Robbins said...


I don't think that this would have been the issue in my situation as the website was not under source control. I imagine that if the file was readonly it would cause issues though if you're trying to delegate write access.

I'm not sure that this facility is aimed at development scenarios where sites are held under source control, most deployed sites under system administrator control aren't subject to SCM practices.

Manish Nagar said...

its good but dosent help me. i want to set the permission in the web.config in through IIS 5 any one help me

Anonymous said...

VSS sets the file to readonly BINGO! Dog why didn't I think of that?
Sure enough, checking out fixes that.