The built-in Users group does not have the necessary permissions

  • Article

The information in this article applies to:

  • Visual Studio Team Foundation Server 2010

  • Windows Server 2003 and Windows Server 2008 

  • SQL Server 2008

  • Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007

  • Servers that host the application tier and SharePoint Products

  • Team Foundation Server Complete Health Check

  • SharePoint Products Health Check

The Best Practices Analyzer tool for Team Foundation Server checks the permissions that are assigned to the built-in group for users who can access Web sites and virtual directories for Team Foundation. An error appears if the group does not have Read, List Folder Contents, and Read & Execute permissions. The error contains the name of the server and the directory path of the Web site or virtual directory.

Without Read & Execute permissions, members of this group might receive unexpected logon challenges and be denied access to the Web site for Team Foundation. To resolve this issue, navigate to the directory that the error specifies, and change the permissions for the group.

Required Permissions

To perform this procedure, you must be a member of the Administrators security group on the server to which the error message refers.

To change the permissions for a directory in Windows Server 2003

  1. Log on to the server to which the error message refers.

  2. Open Windows Explorer, and locate the directory path that the error specifies.

  3. Right-click the directory, and click Properties.

  4. On the Security tab, click the built-in users group that is labeled Users (ServerName\Users).

  5. Under Permissions for Users, make sure that the Read & Execute, List folder contents, and Read check boxes are selected.

    If you cannot change the permissions, click Advanced to open the Advanced Security Settings dialog box.

    1. In the Permission entries list, click Users (ServerName\Users), and then click Edit.

    2. Clear the check box that propagates inheritable permissions from the parent.

    3. In the Security dialog box, click Copy.

    4. In the Advanced Security Settings for Services dialog box, click Edit.

    5. In Permission Entry for Service, select the following check boxes: Traverse Folder / Execute File, List Folder / Read Data, Read Attributes, Read Extended Attributes, and Read Permissions.

    6. Select the Apply these permissions to objects and/or containers within this container only check box.

    7. Click OK to close the dialog box.

    8. Click Apply, and then click Yes.

    9. Click OK twice.

To change the permissions for a directory in Windows Server 2008

  1. Log on to the server to which the error message refers.

  2. Open the Start menu, point to Administrative Tools, right-click Internet Information Services (IIS) Manager, and then click Run as administrator.

    Internet Information Services (IIS) Manager opens.

  3. In the Connections pane, expand ComputerName (Local Computer), and then expand Sites.

  4. Expand the name of the Web site that the error specifies.

  5. Click the name of the Web site or virtual directory that the error specifies.

  6. In the Actions pane, click Edit Permissions.

    The Web Services Properties or Services Properties dialog box opens.

  7. On the Security tab, click the built-in users group that is labeled Users (ServerName\Users).

  8. Under Permissions for Users, make sure that the Read & Execute, List folder contents, and Read check boxes are selected.

    If you cannot change the permissions, click Advanced to open the Advanced Security Settings dialog box.

    1. In the Permission entries list, click Users (ServerName\Users), and then click Edit.

    2. Clear the check box that propagates inheritable permissions from the parent.

    3. In the Security dialog box, click Copy.

    4. In the Advanced Security Settings for Services dialog box, click Users (ServerName\Users), and then click Edit.

    5. In Permission Entry for Services, select the following check boxes: Traverse folder / execute file, List folder / read data, Read attributes, Read extended attributes, and Read permissions.

    6. Select the Apply these permissions to objects and/or containers within this container only check box.

    7. Click OK to close the dialog box.

    8. Click Apply, and then click OK.

    9. Click OK twice.

See Also

Other Resources

Web Services Issues