PRB: Required Permissions on Commerce Directories

• Microsoft Commerce Server, version 2.0

SYMPTOMS

Errors may occur if non-administrative users have access to certain folders within Commerce Server. For example, if full control is given to the Host Administrator folder for the Everyone group and the Allow Anonymous option is selected in Microsoft Internet Information Server (IIS), a list of stores will not be displayed in the Host Administrator and the Foundation Wizard. Furthermore, the Copy Store Wizard will give the following error:

   Couldn't get installed stores list.  Access is denied.

CAUSE

The Commerce Server Administrator objects require administrative permissions in order to run some of the objects' methods. When the anonymous user has access to the files and the Allow Anonymous option is selected in IIS, the files are viewed under the context of the anonymous user. Unless this user has administrative permissions, errors will occur.

WORKAROUND

For the Host Administrator, Store Wizard, and Pipeline Editor to work properly, you must access the pages as an administrator. If the Allow Anonymous option is selected in IIS, make sure that the anonymous user does not have permissions to the files in the Host Administrator folder or the Pipeline Configuration folder. This forces Windows NT Challenge/Response or Basic (Clear Text) authentication, thereby allowing an administrative user to be logged on.

NOTE: The anonymous user must have read permission to all Global.asa files.