Access denied for writing to registry - Event 6588 (SharePoint 2010 Products)

  • Article

 

Applies to: SharePoint Server 2010, SharePoint Foundation 2010

Alert Name:   Access denied for writing to registry

Event ID:   6588

Summary:   This error occurs when an Internet Information Services application pool that is used by Microsoft SharePoint Foundation 2010 attempts to update a registry key and is denied access because the service account that is used by the application pool has inadequate permissions.

Symptoms:   The following symptoms might appear:

  • Registry keys might not be updated correctly to reflect configured settings.

  • This event appears in the event log: Event ID: 6588 Description: The application pool account <Account Name> cannot write registry key <Key Name> at <Key Location>. Additional information is below.

Cause:   The service account for the IIS application pool that SharePoint Foundation 2010 does not have appropriate access permissions to write to a registry key.

Resolution:   Grant correct permissions to the application pool account

  • The Web application pool account does not have sufficient permissions to write to the registry or to a file on disk. First, try to fix SharePoint Foundation 2010 permissions by using the Psconfig command-line tool. If that does not solve the problem, use the following procedures in order. First determine which account is used for the Web application.

    Note

    You must be a member of the Farm Administrators SharePoint group to perform the following procedures.

    To fix SharePoint Foundation 2010 permissions:

    1. Open a Command Prompt window and at the command prompt, type:

      cd /d %commonprogramfiles%\Microsoft Shared\Web server extensions\14\BIN

    2. Fix the permissions on the server by entering the following command:

      psconfig -cmd secureresources

    3. Restart IIS and make the changes by entering the following command at the command prompt:iisreset /noforce

    To determine the account for the Web application:

    1. In the IIS Manager, in the Connections pane, expand the server node and then click Application Pools.

    2. In the reading pane, in Features View, in the Identity column, note the account for the application pool that you identified.

    To manually set the required group account for the Web application pool account on the computer:

    1. Click Start, click Administrative Tools, and then click Computer Management.

    2. In the tree view, expand Local Users and Groups, and then click the Groups folder.

    3. In the reading pane list, right-click WSS_WPG and click Add to Group.

    4. In the WSS_WPG Properties dialog box, add the Web application pool account by clicking Add.

    To grant required permissions for the Web application pool account to a folder:

    1. On the SharePoint Foundation computer, locate the folder identified in event 6588 or 6589.

    2. Right-click the folder and select Properties.

    3. In the Properties dialog box, on the Security tab, in the Group or user names section, select Everyone, and then click Edit.

      Note

      Incorrectly editing the registry might severely damage the system. Before making changes to the registry, back up any valued data on the computer.

    4. In the Permissions for <foldername> dialog box, click Add to add the Web application pool account. The account requires Write permission.

    To grant the required permissions for the Web application pool account to a registry key:

    1. Click the Start button, click All Programs, click Accessories, and then click Run.

    2. Type regedit, and then click OK.

    3. In the Registry Editor, in the tree view, locate the registry key that is identified in event 6588 or 6589.

    4. Right-click the registry key and select Permissions.

    5. In the Permissions dialog box, click Add to add the Web application pool account. The account will require Write permission.

    To verify:

    • Retry the operation that previously failed.