Microsoft KB Archive/197964

= Cannot access remote files with the FileSystemObject =

Article ID: 197964

Article Last Modified on 3/22/2007

-

APPLIES TO


 * Microsoft Active Server Pages 4.0
 * Microsoft Internet Information Server 3.0
 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q197964



Important This article contains information about editing the metabase. Before you edit the metabase, verify that you have a backup copy that you can restore if a problem occurs. For information about how to do this, see the "Configuration Backup/Restore" Help topic in Microsoft Management Console (MMC).



SYMPTOMS
When you access remote resources with the FileSystemObject through Active Server Pages (ASP), one of the following errors occurs:

Microsoft VBScript runtime error '800a004c' Path not found

Microsoft VBScript runtime error '800a0046' Permission denied

Server object error 'ASP 0177 : 800a0046' Server.CreateObject Failed



RESOLUTION
Warning If you edit the metabase incorrectly, you can cause serious problems that may require you to reinstall any product that uses the metabase. Microsoft cannot guarantee that problems that result if you incorrectly edit the metabase can be solved. Edit the metabase at your own risk.

Note Always back up the metabase before you edit it.

Use the following steps to resolve this problem:  Open the User Manager for Domains on the remote computer and create an account named IUSR_ComputerName (of the Web server). Give that account the same password that is used on the IUSR_ComputerName on the Web server. If the Web site is running in a separate memory space, then you must use the IWAM_ComputerName account instead of the IUSR_ComputerName account.

Note: If you do not know the password of the IUSR_ComputerName, then you must assign a new password to this user. You must then use User Manager for Domains to change the password for the IUSR_ComputerName account on the Web server. You must also use the command line utility Adsutil.vbs to change the password in the metabase. To do so, open a command prompt and change directories into Winnt\System32\Inetsrv\Adminsamples (for Windows NT 4.0) or Inetpub\Adminscripts (for Windows 2000). Next, type the following to change the password for the IUSR_ComputerName account:

cscript adsutil.vbs set w3svc/anonymoususerpass "password"

Or, to get the password for the IWAM_ComputerName account type to following:

cscript.exe adsutil.vbs get w3svc/wamuserpass

Notes  If you are using a Windows 2000 domain controller or a Windows NT 4.0 primary domain controller (PDC), you must use a domain account instead of using the IUSR_ComputerName account. You may have to wait for the domain to synchronize before that account becomes available. When you try to obtain the password in Windows NT 4.0, the password appears as clear text. However, the password appears as asterisks in Windows 2000 and in Windows Server 2003. To obtain the password in clear text in Windows 2000 and in Windows Server 2003, you must modify the Adsutil.vbs file so that the file displays the unmasked password. To do this, follow these steps:  In Notepad, open Adsutil.vbs. On the Edit menu, click Find. Type IsSecureProperty = True, and then click Find Next.</li> Change "IsSecureProperty = True" to "IsSecureProperty = False".</li> Save the changes to the Adsutil.vbs file, and then exit Notepad.</li></ol> </li></ul> </li> Create a share on the remote server named "files" and assign Read/Write permissions to that share for the user you just created.</li> Use the Internet Service Manager of IIS 4.0 to change the authentication method to anonymous access and synchronize the password with the account you created in the previous step: <ul> Open the Internet Service Manager.</li> Right-click the Web Application, and select Properties.</li> Select the Directory Security tab.</li> Select Edit from the "Enable Anonymous Access and Authentication Control" section.</li> From the dialog box that appears, make sure that "Allow Anonymous Access" is selected, and then click Edit.</li> De-select the "Enable Automatic Password Synchronization" option and type in the username(IUSR_ComputerName) and the password.</li></ul> </li>  Created an ASP page in the Web Project to write to a text file like the following: <%  Set ScriptObject = Server.CreateObject("Scripting.FileSystemObject") Set MyFile = ScriptObject.OpenTextFile("\\<ComputerName>\files\myfile.txt", 8,true)

MyFile.WriteLine "*** Write file test ***" Myfile.writeline "    file was written to at: " & Now Myfile.writeline " " MyFile.Close %> </li> Save the page and preview it in the browser.</li>  The ASP code successfully created a text file located here: \\<ComputerName>\files\myfile.txt.

</li></ol>

<div class="status_section">

STATUS
This behavior is by design.

<div class="moreinformation_section">

MORE INFORMATION
The authenticating user needs to have the proper NTFS and share permissions to the resource that is being accessed. If using anonymous access, the authenticating user will be the IUSR_ComputerName account. If you need to access the resource using an authenticated user, you can only use Basic Authentication. NTLM and Windows Integrated Authentication (Windows 2000) cannot access remote resources because of a delegation problem. See the following article on the Microsoft Developer Network (MSDN) for more information:

http://msdn2.microsoft.com/en-us/library/ms954229.aspx

In a Windows 2000 environment, you can enable delegation and use Windows Integrated Authentication for your site. For more information on using delegation in Windows 2000, see the following article on the Microsoft Developer Network (MSDN):

http://msdn.microsoft.com/msdnmag/issues/0500/security/

<div class="references_section">