Is this an IIS permissions problem?

[Snappy2873]

I have an ASP application with the following security setup:

1. (3) global groups created at the domain level that are given full rights to all the web folders on my application server.

2. For the ASP application to work and groups to be validated, the individual logging in must be in the "local administrators" group on the application server. Being in this group obviously allows that individual access to the server and all the software. The idea is to allow access the web site and not have to add users to the "local administrators" group.

3. Does anyone have recommendations on how to setup web access without adding users to the "local administrators" group on the application server?

Thanks,
Snappy

 

[Niksen]

I tend to think that an asp app that require local admin rights, is not an acceptable asp app.

the app must be able to live inside the webservice context.

I would start there.

sorry don't have any better recommendations.

brgds Nicolai

 

[Snappy2873]

Update:
After many hours of troubleshooting the solution was right in front of my eyes.
In my case, my application was validating users by group membership from the domain level. For example, my group names are a, b, and c. For a, b, and c to work they must be added and have permissions at the following levels:

1. web content (inetpub\

http://wwwroot)

and all directories that are accessed by the web site.
2. SQL Server: All tables, stored procedures and any other objects that are accessed by the web site.

All this seems quite simple but when connecting through a connect string and not an ODBC dsn, you'd think this wouldnt matter but it does. Once my groups were given permission to access SQL, the system worked fine with no need to add anyone to the local admin group. Anyway, hope this saves someone a few hours of going crazy.

Snappy