Skip to main content
Kofax

Copitrak default folder permissions

Article # 3047552 - Page views: 32

Issue

When the folder permissions are not correct on various Copitrak system folders, the modules that run under then can have unpredicted results and behavior irregularly.

 

Solution

Copitrak Tier 2 can supply a routine that would re-apply the folder permissions set during the main CSS installation.

NOTE: Folder ownership also plays a vital part in folder permissions. You want to make sure the correct user has ownership on the root Copitrak folders prior to running the permissions routine. Eg C:\ERS & C:\inetpub\wwwroot\CopitrakDFI. Details of the routine is as follows;

 

Breakdown of permissions.bat

NOTE:

Codes used in the below

  • (OI) - Object inherit. Objects in this container will inherit this ACE. Applies only to directories.
  • (CI) - Container inherit. Containers in this parent container will inherit this ACE. Applies only to directories.
  • F - Full access
  • M - Modify access

 

This just prompts user to input the Copitrak root…

ECHO Configuring File and Folder Permissions for CSS

ECHO Folder Permissions >>%ERS%\Install\Permissions.log

cls

@@ECHO OFF

set /p ERS=Enter Root Directory of ERS (Eg: C:\ERS):

 

This applies owner to the ERS root of the local computer based on user who ran the batch;

takeown /S %computername% /F %ERS% /R /D Y >>%ERS%\Install\Permissions.log

 

This grants user specific user running the batch access rights to ERS folder and sub-folders and files

icacls %ers%\*.* /grant %username%:(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls %ers% /grant %username%:(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (Network Service) access rights to ERS\ers.net\Data folder and sub-folder/files

icacls %ers%\ers.net\Data /grant "network service":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls %ers%\ers.net\Data\*.* /grant "network service":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (Network) access rights to ERS\ers.net\Data folder and sub-folder/files

icacls %ers%\ers.net\Data /grant "network":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls %ers%\ers.net\Data\*.* /grant "network":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (ASPNET) access rights to ERS\ers.net\Data folder and sub-folder/files

icacls %ers%\ers.net\Data /grant "aspnet":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls %ers%\ers.net\Data\*.* /grant "aspnet":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (IUSR_) access rights to ERS\ers.net\Data folder and sub-folder/files

icacls %ers%\ers.net\Data /grant "IUSR_%COMPUTERNAME%":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls %ers%\ers.net\Data\*.* /grant "IUSR_%COMPUTERNAME%":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (IIS_IUSRS) access rights to ERS\ers.net\Data folder and sub-folder/files

icacls %ers%\ers.net\Data /grant "IIS_IUSRS":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls %ers%\ers.net\Data\*.* /grant "IIS_IUSRS":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (IUSER) access rights to ERS\ers.net\Data folder and sub-folder/files

icacls %ers%\ers.net\Data /grant "IUSR":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls %ers%\ers.net\Data\*.* /grant "IUSR":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (IIS_IUSRS) access rights to ERS\winers\services folder and sub-folder/files

icacls %ers%\winers\services\ /grant "IIS_IUSRS":(OI)(CI)M >>%ERS%\Install\Permissions.log

icacls %ers%\winers\services\*.* /grant "IIS_IUSRS":(OI)(CI)M >>%ERS%\Install\Permissions.log

 

This grants user specific user (IIS_IUSRS) access rights to ERS\ers.net\Web\Apps\AdminPortal\Chartimages folder and sub-folder/files

icacls %ers%\ers.net\Web\apps\adminportal\chartimages\ /grant "IIS_IUSRS":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls %ers%\ers.net\Web\apps\adminportal\chartimages\*.* /grant "IIS_IUSRS":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (Network Service) access rights to c:\inetpub\wwwroot folder and sub-folder/files

icacls c:\inetpub\wwwroot /grant "network service":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls c:\inetpub\wwwroot\*.* /grant "network service":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (Network) access rights to c:\inetpub\wwwroot folder and sub-folder/files

icacls c:\inetpub\wwwroot /grant "network":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls c:\inetpub\wwwroot\*.* /grant "network":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (ASPNET) access rights to c:\inetpub\wwwroot folder and sub-folder/files

icacls c:\inetpub\wwwroot /grant "aspnet":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls c:\inetpub\wwwroot\*.* /grant "aspnet":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (IUSER_) access rights to c:\inetpub\wwwroot folder and sub-folder/files

icacls c:\inetpub\wwwroot /grant "IUSR_%COMPUTERNAME%":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls c:\inetpub\wwwroot\*.* /grant "IUSR_%COMPUTERNAME%":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (IIS_IUSRS) access rights to c:\inetpub\wwwroot folder and sub-folder/files

icacls c:\inetpub\wwwroot /grant "IIS_IUSRS":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls c:\inetpub\wwwroot\*.* /grant "IIS_IUSRS":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (IIS_IUSRS) access rights to c:\inetpub\wwwroot folder and sub-folder/files

icacls c:\inetpub\wwwroot /grant "IUSR":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls c:\inetpub\wwwroot\*.* /grant "IUSR":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (IIS_IUSRS) access rights to c:\windows\temp folder and sub-folder/files

icacls c:\windows\temp /grant "IIS_WPG":(OI)(CI)F >>%ERS%\Install\Permissions.log

icacls c:\windows\temp\*.* /grant "IIS_WPG":(OI)(CI)F >>%ERS%\Install\Permissions.log

 

This grants user specific user (IIS_IUSRS) access rights to ERS\serverfolder and sub-folder/files

icacls %ers%\server\ /grant "IIS_IUSRS":(OI)(CI)M >>%ERS%\Install\Permissions.log

icacls %ers%\server\*.* /grant "IIS_IUSRS":(OI)(CI)M >>%ERS%\Install\Permissions.log

 

This grants user specific user access rights to c:\windows\winers.ini file

icacls %windir%\winers.ini /grant %username%:(OI)(CI)F>>%ERS%\Install\Permissions.log

 

This grants specific user access to IIS metabase and other directories used by ASP.NET

%WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe /ga ASPNET >>%ERS%\Install\Permissions.log

 

Level of Complexity 

High

 

Applies to  

Product Version Build Environment Hardware
CSS 3.2      

References

Add any references to other internal or external articles

 

Article # 3047552