Win10 Setup Website

2017-Oct-25

Quick Summary of Material That Follows:

Using an Application Pool

  1. Create folder where website is to be.

  2. Put website files into folder.

  3. In IIS, Add Website and get the Application pool (same as Site Name)

  4. In folder's Properties --> Security --> Advanced make Application pool owner of all folders/files - doing this automatically gives the Application pool Special Permissions

  5. IUSR: when I got the HTTP Error 500.0 - Internal Server Error ..... The FastCGI process exited unexpectedly - IUSR does need to be setup.

  6. In folder's Properties --> Security --> Edit and add IUSR as another user and add Modify to its 3 other default permissions.

  7. Done.

The following are the detailed steps to accomplish the above using as an example the folder: aaTestAppPool with a simple index.html file.

assumption: website is in folder under c:\inetpub\wwwroot

  1. create folder aaTestAppPool

  2. put index.html file in aaTestAppPool

  3. site name will be: TestAppPool

  4. go into: IIS Manager

  5. under Connections, if do not see Application Pools and Sites, click the > to the left of computer name as shown in the below image:

  6. right-click Sites for popup list

  7. click Add Site...

  8. and you see the Add Website window opened and you see the following:

    The following are blank:
    Site name
    Physical path
    Host name

    Note: under Application pool, "DefaultAppPool" appears - whatever you type in Site name should be automatically copied to the box under Application pool

  9. type TestAppPool into Site name - as you type you should see DefaultAppPool be replaced by TestAppPool as shown by:

    and when done:

  10. next - Physical path - use the box with the dots to the right to pick the path to the folder: c:\inetpub\wwwroot\aaTestAppPool

  11. for Host name since this is for local use - the same system as the website - only use TestAppPool (Note: you will put 127.0.0.1 TestAppPool in the c:\Windows\System32\drivers\etc\hosts file so it can be accessed by your browser locally)

  12. Add Website window completed:

  13. when you click OK the new TestAppPool application pool is created - at the same time that the website is added

  14. TestAppPool website added to Sites list:

  15. clicking Application Pools shows that the TestAppPool has been added to the list - TestAppPool is an application pool

  16. making TestAppPool the owner of aaTestAppPool folder and all its subfolders and files

  17. open Windows Explorer

  18. locate folder aaTestAppPool

  19. right-click on folder aaTestAppPool

  20. click Properties

  21. click Security tab

  22. click Advanced

  23. beside Owner you see TestAppPool has already been made the owner - this was done on a previous run-through. I had clicked Change previously.

  24. clicking Change brings up:

    you will type the application pool name in Enter the object name to select

  25. make sure From this location shows the computer that you are working on

  26. in my case I type IIS AppPool\TestAppPool

  27. click Check Names and IIS AppPool\TestAppPool changes to TestAppPool (Note: notice the underlined TestAppPool)

  28. when you click OK on Select User or group window you get back to the Advanced Security Settings window and notice the added checkbox Replace owner on subcontainers and objects - check this box to do so

  29. When you click Apply a small message window opens telling you that you have to close and reopen the object's properties before viewing/changing permissions

  30. when the small message window closes when you click OK, the checkbox is gone

  31. click OK to close Advanced Security Settings window

  32. click OK to close Properties window

  33. opening Properties again and going to the Security tab and looking under Group or user names shows that TestAppPool is not there but CREATOR OWNER is there with only Special Permissions checked - TestAppPool = CREATOR OWNER

    Special Permissions = Full Control

  34. At this point, I thought I need not worry about IUSR but when I got HTTP Error 500.0 - Internal Server Error ..... The FastCGI process exited unexpectedly - IUSR apparently does need to be acted upon.

The IUSR account needs Read/Write/traverse permissions for all directories

I have: IIS ver 10.0.15063.0

-In IIS 7.0 and later, a built-in account IUSR replaces the IUSR_MachineName account
-Additionally, a group that is named IIS_IUSRS replaces the IIS_WPG group
-Because the IUSR account is a built-in account, the IUSR account no longer requires a password.
-The IUSR account resembles a network or local service account
-The IUSR_MachineName account is created and used only when the FTP 6 server is installed.
-If the FTP 6 server is not installed, the account IUSR_MachineName is not created.

Add writing permission to PHP

Article from which the following came from: Add Write Permission to PHP on IIS

need to check a couple of things to be sure who needs these permissions

create a simple php file on the target website that contains the following line (each website can have a different setting):

<?php var_dump(ini_get('fastcgi.impersonate')); ?>

run the file in the browser

Case 1: if you get:

string(1) "1"

then in a command prompt with administrative privileges, run the following command:

%windir%\system32\inetsrv\appcmd.exe list config "Your Web Site" /section:anonymousAuthentication

%windir%\system32\inetsrv\appcmd.exe list config "TestAppPool" /section:anonymousAuthentication

to get the following:
<system.webServer>
  <security>
    <authentication>
      <anonymousAuthentication enabled="true" userName="IUSR" />
    </authentication>
   </security>
</system.webServer>

the userName attribute gives the user name to which you need to give write permissions, here it is IUSR

if userName is empty or missing, then give write permissions to IIS AppPool\application pool, for TestAppPool this would be IIS AppPool\TestAppPool

Case 1: if you get:

string(1) "0"

you need to give write permissions to IIS AppPool\application pool, for TestAppPool this would be IIS AppPool\TestAppPool

Giving IUSR Read/Write/traverse permissions

the following came from article:
How to give write access to files for IUSR

  1. open Windows Explorer

  2. locate folder: aaTestAppPool

  3. right-click on folder: aaTestAppPool

  4. click Properties

  5. click Security tab

  6. click Edit

  7. click Add

  8. you will be typing IUSR into box below Enter the object names to select using the server/machine name found below From this location: as part of the name

  9. for me I type DESKTOP-M9NG2C3\IUSR into the box below From this location:

  10. click Check Names and see DESKTOP-M9NG2C3\IUSR change to ISUR (Note: the underline)

  11. click OK and get back to Permissions window and note that IUSR already has the permissions: Read & execute, List folder contents, Read

  12. check Modify and keep the other permissions

  13. click Apply

  14. when Apply is clicked a small message opens with the title: Windows Security and the message: Setting security information on: and see it rapidly go through all folders and files

  15. click OK to close Permissions window

  16. click OK again to close Properties window

  17. Done.