Microsoft KB Archive/926939

= Error message when you request an ASP page that connects to an Access database in IIS 7.0: &quot;Microsoft JET Database Engine error '80004005'&quot; =

Article ID: 926939

Article Last Modified on 7/3/2007

-

APPLIES TO


 * Microsoft Internet Information Services 7.0

-



Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.



SYMPTOMS
Consider the following scenario. On a Web server that is running Microsoft Internet Information Services (IIS) 7.0, you host an active server page (ASP) that connects to a database. The ASP page data provider is the Microsoft.Jet.OLEDB.4.0 data provider. The ASP page data source is a Microsoft Access database (.mdb) file. In this scenario, you may receive the following error message when you request the ASP page:

Microsoft JET Database Engine error '80004005'

Unspecified error



CAUSE
This problem may occur if IIS 7.0 is configured to load the current user profile for an application pool identity. This may cause compatibility issues with legacy ASP-based applications and ADO-based applications because the current user may not have sufficient permissions to write to the temporary directory.



RESOLUTION
To resolve this problem, you must add the correct access control entries to the temporary directory for the process identity. To do this, follow these steps.

Note By default, the process identity is NetworkService, and the temporary directory is %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp.  Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. When you are prompted for an administrator password or for a confirmation, type the password or click Continue. Type the following command, and then press ENTER:

icacls %windir%\serviceprofiles\networkservice\AppData\Local\Temp /grant Users:(CI)(S,WD,AD,X)

Note This command enables every user to create files and directories in the temporary directory. Type the following command, and then press ENTER:

icacls %windir%\serviceprofiles\networkservice\AppData\Local\Temp /grant &quot;CREATOR OWNER&quot;:(OI)(CI)(IO)(F)

Note The user who creates a file or a directory in the temporary directory is the CREATOR OWNER. The CREATOR OWNER access control entry grants a user complete control over the file or the directory. Other users cannot access these files and directories because they are not the CREATOR OWNER.



WORKAROUND
To resolve this problem, use the method that is described in the &quot;Resolution&quot; section. However, if you do not want to add access control entries to the temporary directory for the process identity, you can work around the problem by disabling the loadUserProfile property for the application pool. When this property is disabled, IIS 7.0 does not load the current user profile for the application pool.

Important If you disable this property, a security risk may be created. Make sure that you understand and evaluate the risks before you implement this workaround.

To disable the loadUserProfile property for the application pool, modify the ApplicationHost.config file. The following example demonstrates how to do this.  <processModel identityType=&quot;NetworkService&quot; loadUserProfile=&quot;false&quot; /> </applicationPoolDefaults>

<div class="references_section">