Configuration GuidesFederation Security Services GuideFederation Web Services Application SetupDeploy Federation Web Services as a Web ApplicationConfigure ServletExec to Work with Federation Web Services › Enable ServletExec to Write to the IIS File System

Previous Topic: Modify the AffWebServices.properties File for ServletExec

Next Topic: Ensure the IIS Default Web Site Exists
Enable ServletExec to Write to the IIS File System

The IIS Web Server does not allow a plug-in to write to its file system, unless the server user account has proper rights. For ServletExec to write to the federation log files, the anonymous user account associated with ServletExec must have permissions to write to file system.

Enable the user account to write to the IIS file system

  1. Open the IIS Internet Information Services Manager on the system where ServletExec is installed.
  2. Navigate to Web Sites, Default Web Site.

    The set of applications is displayed in the right pane.

  3. Select ServletExec and right-click Properties.
  4. Select the Directory Security tab in the Properties dialog.
  5. Click Edit in the Authentication and access control section.

    The Authentication Methods dialog opens.

  6. Set the controls as follows.
    1. Select Enable Anonymous Access.

      For anonymous access, enter a name and password of a user account that has the permissions to right to the Windows file system. To grant this right to a user account, see Windows documentation. For example, you can use the IUSR Internet Guest account for anonymous access.

    2. Clear Basic authentication.
    3. Clear Integrated Windows authentication.
  7. If prompted, apply the security changes to all child components of the web server.
  8. Restart the web server.

The user account associated with ServletExec can now write to the IIS file system.

Give the anonymous user the right to act as part of the operating system.

Follow these steps:

  1. Open Control Panel, Administrative Tools, Local Security Policy, Local Policies, User Rights Assignment.

    The Local Security Settings dialog displays.

  2. Double-click Act as part of the operating system.

    The Act as part of the operating system Properties dialog opens.

  3. Add the anonymous user account to the Local Security Setting dialog.
  4. Click OK.
  5. Exit from the control panel.

Optionally, we strongly recommend that you look at the Agent Configuration Object for the Web Agent protecting the IIS Web Server. This object verifies that the SetRemoteUser parameter is set to yes to preventing any anonymous user from writing to the file system.