Permissions Issues | IIS 6: The Complete Reference

Setting the wrong NT File System (NTFS) permissions can wreak havoc with your web site. Not only do you have to be concerned about the permissions on the site, but you must ensure that any COM objects that are used are also accessible. The permissions on the site are straightforward enough, but most dynamic link libraries (DLLs) are in the System32 directory. That's where it can get tricky.

If you have an ISAPI DLL with an ACL on it that the IIS worker process identity can't access, all requests for that DLL will receive a '503 Service Unavailable' error. It's important that you make sure that the worker process identity can load all the DLLs that you use on your site.

When troubleshooting permissions issues-and especially when you're not even sure it is a permission issue-the easiest way to determine the problem is to elevate the permissions. If you access the site using an account with Administrator credentials and the problem still exists, the problem is most likely not a permissions issue. If you can access it as an Administrator, but not as the Internet Guest Account, the problem must be permissions based.

Caution

Right now you're thinking, 'Haven't I heard at least 30 times in this book not to use elevated permissions?' True enough, but it is the quickest way to narrow down whether a problem is a permissions issue. Elevated permissions do need to be strictly controlled. You definitely don't want to do this when the site is in production. Instead, make the site inaccessible to everyone else, and then test it. When you're done, you need to set the permissions back to their appropriate settings. You don't want to run everything as Administrator.