Environment
Situation
Overview
This article provides the recommended IIS and NTFS Security permissions required in order to install and use PowerRecon.
Details
SQL Permissions:
PowerRecon 2.x requires full rights to its databases (i.e. SQL user must have the db _owner role) due to the fact that PowerRecon makes changes to the database schema at run-time. If the SQL user does not have the db_owner role, the following errors may occur:
Invalid object name 'PR_SummaryData60_200702'.
Invalid object name 'PR_SummaryData60_200702'.
System.Data.SqlClient.SqlException: Invalid object name 'PR_SummaryData60_200702'.
Invalid object name 'PR_SummaryData60_200702'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
IIS Permissions:
PowerRecon_<version> Virtual Directory:
Anonymous Access: NO
Windows Integrated Authentication: YES
-> where <version> refers to the version of PowerRecon that being installed (i.e. PowerRecon_25)
By default anonymous access is granted using the IUSR_<MACHINENAME> account which is typically part of the GUEST group. Please verify that there are no domain or group policies that may reject remote logins using this account.
NTFS Security Permissions:
LOCATION | ACCOUNT(S) | PERMISSIONS |
Root of drive where Inetpub and the PlateSpin PowerRecon 2.x Server directory reside (i.e. C:\ ) | NETWORK SERVICE (or ASPNET) | READ |
\Inetpub and \Program Files | NETWORK SERVICE (or ASPNET) | READ & EXECUTE |
\Program Files\PlateSpin PowerRecon 2.x Server | NETWORK SERVICE (or ASPNET) and IUSR_<MACHINENAME> | READ & EXECUTE, List Folder Contents and READ |
\Documents and Settings\Default User\Local Settings\Application Data | NETWORK SERVICE (or ASPNET) | READ & EXECUTE, List Folder Contents and READ |
\%WINDIR%\Temp | NETWORK SERVICE (or ASPNET) | READ, READ & EXECUTE, WRITE, and List Folder Contents |