Preparing for the migration of asp-application with Windows 2000 (web1) on Windows 2003 (web2). On the old server has a folder to share documents, use for imports and exports (\ \ web1 \ folder). I want to provide access to the same folder access asp-application with the new server. Configuration IIS: anonymous access is allowed, including checking windows. Pool started under the Network Service. But there is no access. And there is an interesting fact: if handled locally with the new server as http://localhost, you have access (impersonation works), if handled as http://web2, then there is no access. Error:
Microsoft VBScript runtime error Error '800a0046 ' Permission denied
We some changed security settings, local IE 6 - earned through http://web2 too, but in other browsers (like Opera) does not work. On other machines does not work either.
Put utility procmon from SysInternal. It shows that in both cases is an appeal to the resource, in both cases is impersonation, all the same, but in one case, SUCCESS, and the other ACCESS DENIED.
The entire security system of this application is based on the rights of NTFS, so you can not disable impersonation.
I'm newby in classic asp. I can not understand this case.
Classic ASP does not run under Application Pool account, credentials provided in IIS Anonimous Authenctication tab used instead, usually it is IUSR_MACHINENAME.
Looks like the anonymous authentication fails and Windows authentication used, this is the reason it works locally and in IE which supports Windows authentication by default.
UPDATE: Check this article: How to troubleshoot Kerberos-related issues in IIS
UPDATE 2: Also this can help you diagnose what's going on on IIS side: Authentication and Access Control Diagnostics
I guess the simplest way to access share is to add read permission to Guests group.