Missing IUSR account on Windows Server 2008 R2 / IIS7.5
Asked Answered
A

3

17

I've been given the job of installing PHP5.4 on this machine. One of the manual installation steps is to configure the IUSR account to have specific permissions. The problem is, I see the IIS_IUSRS group, but no IUSR account. The only users listed are the Admin user, a Guest account, and a user for the security software. I'm not really the Windows server type, more of a *NIX guy - so this is getting a little frustrating. I've searched everywhere and haven't found a suitable answer, but I have learned a lot about IIS7.5 - so it hasn't been a total waste of time. I've tried several recommendations and found several similar problems, but nothing has worked so far. I've also just tried making the IUSR account myself, but to no avail. If anyone knows how to get this going, I will be ever so grateful.

Ashy answered 5/4, 2012 at 17:25 Comment(0)
A
53

After several hours of trying to figure this one out, I finally did. So, for anyone who may come across this same issue, here is the answer.

This is where, and how, I found the IUSR.

First, let me explain that I'm not sure what the particular settings and/or setup is which caused the IUSR to be hard to find on my system. However, I DID find it, so here it is: I right clicked on the folders/files of which I needed to give access to IUSR, and selected 'Properties'.

Click on the 'Security' tab => 'Edit' (under groups and users) => 'Add' (under groups and users)

This brings you to the 'Select Users, Computers, Service Accounts, or Groups' window.

Click on the 'Object Types...' button and just select everything and hit 'OK'.

Next, click on 'Locations ...' and select the parent-most option (this will most likely be the server itself) and hit 'OK'

next, click on the 'Advanced' button and select the 'Find Now' button.

You will see several search results. Some will be groups and others will be actual users.

Within this list, you will find the IUSR username. Select it, and hit 'OK'.

And there you have it.

I'm not sure why this happens, however, I suspect (remember, I'm not too savvy with Windows as a server) I suspect it has something to do with using an Active Directory server across all of our servers for authentication and security. The reason I believe this is because the IUSR user is not indicated with the name of the server I am working with even though most, but not all, of the other groups and user names are which were in the Search Results list after hitting 'Find Now'. And that is that. :)

Ashy answered 6/4, 2012 at 17:21 Comment(2)
A user "TrustedInstaller" was owner of cmd.exe. I had to take ownership of the file before I could change the permissions.Debutant
You are God send for me. Thank you so much <3 <3Jargon
T
13

That's because IUSR is not user account but "built-in security principal" - when granting rights to a file or folder, the built in security principal is one of the category of users that can be specified, but it doesn't visible in lusrmgr.msc and can't be added to a group.

And about naming - some old docs still mention account IUSR_MACHINENAME which was in use with IIS 6, but starting from IIS 7 this account renamed to IUSR and no longer tied to machine...

For more details see article "IIS 6 vs. IIS 7 IUSR Accounts" which explain it thoroughly.

Trillion answered 10/10, 2012 at 7:18 Comment(1)
FYI, that link no longer works. I'm going to update it with a link from archive.org.Lenzi
R
1

another trick i found, add the IUSR (which is not visiable in local server users, nether in group), just add IUSR to your IIS root folder and the folder where database is. this works for me.

Ranunculaceous answered 19/6, 2012 at 14:23 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.