How to: Change the Access Control List Permissions for a Directory

  • Article

If users are being denied access to a Web site or are receiving unexpected logon challenges, the security permissions that are assigned to the built-in users group might not be correctly configured. This group must have Read, List Folder Contents, and Read & Execute permissions for each Web site directory and virtual directory in Team Foundation.

The following table lists the default path for each Web site:

Web site

Default directory (Local path)

Default Web Site

..\Inetpub\wwwroot

   Reports

..\Program Files\Microsoft SQL Server\MSSQL.n\Reporting Services\ReportManager

NoteNote:
The number that is assigned to the MSSQL directory varies depending on the SQL Server instance.

   ReportServer

..\Program Files\Microsoft SQL Server\MSSQL.n\Reporting Services\ReportServer

NoteNote:
The number that is assigned to the MSSQL directory varies depending on the SQL Server instance.

Team Foundation Server

..\Program Files\Microsoft Visual Studio 2008 Team Foundation Server\Web Services

   Build

..\Program Files\Microsoft Visual Studio 2008 Team Foundation Server\Web Services\Build

   Services

..\Program Files\Microsoft Visual Studio 2008 Team Foundation Server\Web Services\Services

   VersionControl

..\Program Files\Microsoft Visual Studio 2008 Team Foundation Server\Web Services\VersionControl

   Warehouse

..\Program Files\Microsoft Visual Studio 2008 Team Foundation Server\Web Services\Warehouse

   WorkItemTracking

..\Program Files\Microsoft Visual Studio 2008 Team Foundation Server\Web Services\WorkItemTracking

SharePoint Central Administration (Windows SharePoint Services 2.0)

..\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\template\admin\1033

SharePoint Central Administration V3 (Windows SharePoint Services 3.0) and Microsoft Office SharePoint Server 2007)

..\Inetpub\wwwroot\wss\VirtualDirectories\nnnnn

Required Permissions

To perform these procedures, you must be a member of the Administrators security group on the application-tier server for Team Foundation.

To verify or correct the access control list permissions for a directory in Windows Server 2003

  1. Log on to the application-tier server.

  2. Open Windows Explorer, and locate the directory path of each Web site directory and virtual directory in Team Foundation.

  3. Right-click the directory, and click Properties.

  4. On the Security tab, click the name of the built-in users group.

    This group is labeled as Users(ServerName\Users).

  5. Review the settings under Permissions for Users. Under the Allow column, the following check boxes should be selected :

    • Read & Execute

    • List folder contents

    • Read

    If you cannot change the permissions, click Advanced to open the Advanced Security Settings dialog box.

    1. In the Permission entries list, click Users (ServerName\Users), and then click Edit.

    2. Clear the check box that propagates inheritable permissions from the parent.

    3. In the Security dialog box, click Copy.

    4. In the Advanced Security Settings for Services dialog box, click Edit.

    5. In Permission Entry for Service, select the following check boxes: Traverse Folder / Execute File, List Folder / Read Data, Read Attributes, Read Extended Attributes, and Read Permissions.

    6. Select the Apply these permissions to objects and/or containers within this container only check box.

    7. Click OK to close the dialog box.

    8. Click Apply, and then click Yes.

    9. Click OK twice.

To verify or correct the access control list permissions for a directory in Windows Server 2008

  1. Log on to the application-tier server.

  2. Open the Start menu, point to Administrative Tools, right-click Internet Information Services (IIS) Manager, and then click Run as administrator.

    Internet Information Services (IIS) Manager opens.

  3. In the tree pane, expand ComputerName (Local Computer), and then expand Sites.

  4. Expand each Web site.

  5. Click the name of the Web site or virtual directory that you want to verify or correct.

  6. In the Actions pane, click Edit Permissions.

    The Web Services Properties or Services Properties dialog box opens.

  7. On the Security tab, click the built-in users group that is labeled Users (ServerName\Users).

  8. Under Permissions for Users, make sure that the Read & Execute, List folder contents, and Read check boxes are selected.

    If you cannot change the permissions, click Advanced to open the Advanced Security Settings dialog box.

    1. In the Permission entries list, click Users (ServerName\Users), and then click Edit.

    2. Clear the check box that propagates inheritable permissions from the parent.

    3. In the Security dialog box, click Copy.

    4. In the Advanced Security Settings for Services dialog box, click Users (ServerName\Users), and then click Edit.

    5. In Permission Entry for Services, select the following check boxes: Traverse folder / execute file, List folder / read data, Read attributes, Read extended attributes, and Read permissions.

    6. Select the Apply these permissions to objects and/or containers within this container only check box.

    7. Click OK to close the dialog box.

    8. Click Apply, and then click OK.

    9. Click OK twice.

See Also

Tasks

Resolving Problems Accessing Web Services

Other Resources

Correcting Connection and Configuration Procedures