November 14, 2018
  • What we have here, is a failure to communicate…

<rant>IIS & Security</rant>

Well, if I can’t complain on my own blog, where can i?

I HATE how IIS handles security. I know, hate is a strong word, but that is the truth. I have spent the last 10 days trying to work out a solution that would allow users to browse files (scanned documents in TIFF format), as well as rename those files, that are stored on another server  (IIS server is Server 2008 and network share is on Server 2003.) It just can’t be done (I’d love for someone to prove me wrong.) I’ve even tried to make it work in some very unsecure configurations, but nothing works. The one that gets me the most is if it run IIS under another account, one that has permissions to access that share, but logging tells me that IIS is still using the anonymous account (I’ve even given the anonymous account permissions, but that doesn’t work either.)

I understand if my server is on the Internet or exposed in some fashion, but this is purely an intranet server. Why will Microsoft not provide some facility for internally used IIS servers?? I’ve read tons of forum posts and technet documents.