IIS and NTFS Permissions required for PowerRecon

  • 7920830
  • 11-Dec-2006
  • 26-Apr-2012

Environment

Applies to:  PowerRecon 2.x and higher

Situation

Overview

This article provides the recommended IIS and NTFS Security permissions required in order to install and use PowerRecon.

Details

SQL Permissions:

PowerRecon 2.x requires full rights to its databases (i.e. SQL user must have the db _owner role) due to the fact that PowerRecon makes changes to the database schema at run-time.  If the SQL user does not have the db_owner role, the following errors may occur:


Invalid object name 'PR_SummaryData60_200702'.
Invalid object name 'PR_SummaryData60_200702'.

System.Data.SqlClient.SqlException: Invalid object name 'PR_SummaryData60_200702'.
Invalid object name 'PR_SummaryData60_200702'.
  at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
  at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
  at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
  at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)


 

IIS Permissions:

PowerRecon_<version> Virtual Directory:
Anonymous Access: NO
Windows Integrated Authentication: YES

-> where <version> refers to the version of PowerRecon that being installed (i.e.  PowerRecon_25)


By default anonymous access is granted using the IUSR_<MACHINENAME> account which is typically part of the GUEST group.  Please verify that there are no domain or group policies that may reject remote logins using this account.


NTFS Security Permissions:

 

LOCATION

ACCOUNT(S)

PERMISSIONS

 

 

 

Root of drive where Inetpub and the PlateSpin PowerRecon 2.x Server directory reside (i.e. C:\ )

NETWORK SERVICE (or ASPNET)

READ

\Inetpub and \Program Files

NETWORK SERVICE (or ASPNET)

READ & EXECUTE

\Program Files\PlateSpin PowerRecon 2.x Server

NETWORK SERVICE (or ASPNET) and

IUSR_<MACHINENAME>

READ & EXECUTE, List Folder Contents and READ

\Documents and Settings\Default User\Local Settings\Application Data

NETWORK SERVICE (or ASPNET)

READ & EXECUTE, List Folder Contents and READ

\%WINDIR%\Temp

NETWORK SERVICE (or ASPNET)

READ, READ & EXECUTE, WRITE, and List Folder Contents