IUSR account replication outside Active Directory

From: Fivos Adamidis (afivos_at_adamco.gr)
Date: 04/29/03 

Date: Wed, 30 Apr 2003 00:58:37 +0300

First of all, apologies in advance for any misconceptions due to my poor
knowledge.

My ASP pages, published in IIS 5.0 on MachineA (no AD), are trying to read
throught DSN an Access 2002 database stored on a network share in a win2000
server (Machine B with AD).

Despite my efforts I keep getting an 80004005 type error : [Microsoft][ODBC
Microsoft Access Driver] The Microsoft Jet database engine cannot open the
file '(unknown)'. It is already opened exclusively by another user, or you
need permission to view its data.

It seems that the problem is that IUSR_MachineA does not have access
permissions in the database path of MachineB. I know that I should replicate
the IUSR account in the file server of the database and give full
permissions in the folder. However, when I try to create an IUSR_MachineA
account in MachineB I cannot do it because MachineA is not in the Active
Directory.

In other words I can only have two accounts like this :
MachineA\IUSR_MachineA (in the web server)
CompanyDomain\IUSR_MachineA (in the file server)

1. Is it somehow possible to "see" the MachineA domain in AD and create the
account?

2. Can I change the web server's anonymous access account to one
CompanyDomain account?

3. Is it appropriate to include my web server in the Active Directory, or I
will compromise security?

4. Any other suggestions to solve this problem?

Relevant Pages

  • "\ip is not accessible"
    ... administrative user account instead). ... Let's call it MachineA. ... It should be prompting me for ... a a domain user or local user account, ...
    (microsoft.public.windowsxp.general)
  • SQL Server soon to switch...how to change ODBC paths?
    ... Server 2000 database using a built-in account in SQL Server. ... and name the new server the existing name (e.g., MachineA is the name ...
    (microsoft.public.data.odbc)
  • Re: "\ip is not accessible"
    ... What you should do is make sure that there is a domain group in the local group of MachineA that contains the accounts of the users on the domain that will be accessing the machine. ... So if you have a domain group called Domain Users, that all users of the domain are members of, then you need to add this group to the local group of MachineA (whether it be the administrator group or some other group) ... All should be well once you do that and then setup your shares to allow those persons to access them. ... administrative user account instead). ...
    (microsoft.public.windowsxp.general)
  • Re: SQL Server soon to switch...how to change ODBC paths?
    ... Server 2000 database using a built-in account in SQL Server. ... and name the new server the existing name (e.g., MachineA is the name ... Rename MachineA to ...
    (microsoft.public.data.odbc)
  • Re: SQL Server soon to switch...how to change ODBC paths?
    ... Server 2000 database using a built-in account in SQL Server. ... Would it be sufficient to just rename the old server something else ... and name the new server the existing name (e.g., MachineA is the name ...
    (microsoft.public.data.odbc)