Do you ever get confused about which user to grant permission to on a specific folder?
What if you want to simply want to grant any access requests from another computer? (perhaps the other computer is a front end server - in web hosting, it's common practice to store your static files on another server).
One other reason to do this is so that you don't have to set up asp.net impersonation to give your asp.net website access to a network resource (the most common way of doing asp.net impersonation is storing cleartext passwords in web.config, which is kinda frowned upon).
Well, all you need to do to work around all the above issues is give the other computer itself permissions, then any user on the other computer will inherit the permissions (like the network service/aspnet user, for example):
- Open up the permissions/properties dialog for the folder (XP/2003 dialog shown below - in Vista/2008 you would right click and go to Sharing/Permissions).
- Click Add.
- By Default, the only "objects" you can share with are Users, Groups and Security Principals.
- Click on the "Object Types" button and check "Computers".
- Under "Enter the object names to select", type the other computer's name followed by a dollar ($) sign. For example "WEB$".
- Click "Check Names".
- Once the name is verified, click OK. You will now see something like this:
Now just set up your permission - this depends on what you want the other computer's users to be able to do (in my case any user on the WEB server). At the most, you should only need to give read and write access. Higher permissions like List Folder Contents, Modify and Full Control should only be granted to the Administrators group.
By the way, if you're running IIS7 remember to set the Application Pool to use the NETWORK SERVICE user, not the default IUSR, or this won't work. I'll detail how and why in a future post.