Thanks for your replys, the problem was with my permission. article below may help others with permission problems Mark ----------------------------------------------------------------------- The information in this article applies to: - Microsoft Internet Information Services version 5.0 ----------------------------------------------------------------------- SYMPTOMS ======== This article lists the minimum NTFS access permissions needed for an IIS 5.0 Web Site. When IIS is installed, it should already have the proper NTFS access permissions for the Default Web Site and Default FTP Site. There are a number of different directories that need the correct NTFS permissions so incorrect settings on any one of these can cause some of the following errors: Displayed in Web Browser: You are not authorized to view this page You do not have permission to view this directory or page using the credentials you supplied. HTTP 401.3 - Access denied by ACL on resource Internet Information Services --OR-- Displayed in Web Browser: Server Application Error The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detailed information. Please contact the server administrator for assistance. Displayed in System Log: Event Type: Warning Event Source: W3SVC Event Category: None Event ID: 36 Date: 3/5/2001 Time: 9:59:40 AM User: N/A Computer: MACHINE-NAME Description: The server failed to load application '/LM/W3SVC/5/Root'. The error was 'General access denied error'. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. Event Type: Error Event Source: DCOM Event Category: None Event ID: 10001 Date: 3/5/2001 Time: 9:59:40 AM User: NT AUTHORITY\SYSTEM Computer: MACHINE-NAME Description: Unable to start a DCOM Server: {99169CB1-A707-11D0-989D-00C04FD919C1} as ./IWAM_MACHINE-NAME. The error: "Access is denied. " Happened while starting this command: C:\WINNT\System32\dllhost.exe /Processid:{3D14228D-FBE1-11D0-995D-00C04FD919C1} --OR-- Displayed in Web Browser: Error: Access is Denied. Displayed in System Log: Event Type: Warning Event Source: W3SVC Event Category: None Event ID: 30 Date: 3/5/2001 Time: 10:01:13 AM User: N/A Computer: MACHINE-NAME Description: The server was unable to read the file C:\WINNT\help\iisHelp\common\401-3.htm. The file does not exist. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. CAUSE ===== NTFS permissions have been changed from the defaults and are no longer sufficient for IIS 5.0 to run properly. RESOLUTION ========== NOTE: Following this article will restrict permissions so that only Administrators will be able to install or run software on the IIS 5.0 machine. It will also be necessary to perform a "Check Server Extensions" for each web site through Internet Service Manager in order for FrontPage clients to be able to connect via the HTTP protocol. Using Windows Explorer do the following: 1. Reset the entire hard drive to: SYSTEM - Full Control ADMINISTRATORS - Full Control This includes clicking "Advanced" and checking "Reset permissions on all child objects and enable propagation of inheritable permissions." You will receive an error while trying to apply permissions to pagefile.sys. Press continue on this and any other similar errors. 2. For "Program Files\Common Files" Add: Everyone - Read and Execute, List Folder Contents, Read (Leave "Allow inheritable permissions from parent to propagate to this object" checked) 3. For "Inetpub\Wwwroot" Add: IUSR_MACHINE - Read and Execute, List Folder Contents, Read (Leave "Allow inheritable permissions from parent to propagate to this object" checked) 4. Inside the "WinNT\System32" directory select: All FOLDERS (except INETSRV and CERTSRV if present). Open "Properties" for these folders and uncheck "Allow inheritable permissions from parent to propagate to this object." When Windows asks whether to "[Copy] [Remove] [Cancel]" click "COPY." Click "Okay" to exit the properties. 5. Inside the "WinNT" directory select: All FOLDERS (except Downloaded Program Files, Help, IIS Temporary Compressed Files, Offline Web Pages, System32, Tasks, Temp, Web). Open "Properties" for these folders and uncheck "Allow inheritable permissions from parent to propagate to this object." When Windows asks whether to "[Copy] [Remove] [Cancel]" click "COPY." Click "Okay" to exit the properties. 6. For "WinNT" Add: Everyone - Read and Execute, List Folder Contents, Read (Leave "Allow inheritable permissions from parent to propagate to this object" checked) 7. For "WinNT\Temp" (This allows Access databases to be viewed on ASP pages): Highlight the "Everyone" group. (This group should already be present by inheriting from the "WinNT" directory.) Check "Modify" MORE INFORMATION ================ Why you should use the EVERYONE group instead of the IUSR_MACHINE account: The everyone group encompasses the Users group, the IUSR_MACHINE account, and the IWAM_MACHINE account. IIS 5.0 uses two separate accounts to execute web pages. When anonymous authentication is used IIS uses the IUSR_MACHINE account to view those pages. However, IWAM_MACHINE is used to start up a separate process called DLLHOST.EXE. All ASP, COM components, or other ISAPI extensions (ASP is considered an ISAPI extension) are run inside this DLLHOST.EXE. This is primarily for stability purposes. If a custom COM component called from an ASP page crashes (Access Violates thus shutting down the process) it will not effect INETINFO.EXE. This means the web service will continue to run. There are two protection levels in IIS 4.0: Default - IIS 4.0 runs all "Applications" In-Process meaning inside the INETINFO.EXE process, which gets started up by the SYSTEM account. When web pages are viewed the particular thread that is serving the page is run under the context of the IUSR_MACHINE account. HTM, ASP and any other ISAPI extensions are run inside the INETINFO.EXE process. Run in Separate Memory Space (Isolated Process) - This is also knows as Out-Of-Process. This uses the IWAM_MACHINE account to spawn a separate MTX.EXE process that runs ASP and other ISAPI extensions. There are three protection levels in IIS 5.0: Low (IIS Process) - This setting is similar to the default setting under IIS 4.0. All web pages whether HTM or ASP are run inside the INETINFO.EXE process. Medium (Pooled) - This is the default. As with IIS 4.0 this setting starts a separate process called DLLHOST.EXE where all ASP and COM components are run. This process is started by the IWAM_MACHINE account just as in IIS 4.0. Also, this setting is known as pooled because even if there are 5000 different web sites running in IIS, they will all share this single DLLHOST.EXE for executing ASP pages (Windows 2000 replaces MTX.EXE with DLLHOST.EXE). High (Isolated) - This setting starts a dedicated DLLHOST.EXE for that particular web site or application. If you had 5 web sites each set on High protection you would see five DLLHOST.EXE processes plus one additional DLLHOST.EXE that COM+ starts under the "System Application" for a total of six DLLHOST.EXE's To restore default NTFS permissions for Windows 2000 please see: Q266118 How to Restore the Default NTFS Permissions for Windows 2000 Additional query words: iis 5 NTFS permission *** Sent via Developersdex http://www.developersdex.com *** Don't just participate in USENET...get rewarded for it!