Files and permissions for Windows SharePoint Services 3.0
Applies To: Windows SharePoint Services 3.0
Topic Last Modified: 2009-03-17
In this article:
Installation directory
Web site content area
Windows Directory
This article lists the detailed minimum file permission settings for folders and files created when you install Windows SharePoint Services 3.0. These minimum file permission settings must be in place for Windows SharePoint Services 3.0 to perform as designed.
Installation directory
The following table lists the files and folders in the installation directory for Windows SharePoint Services 3.0. By default, the installation directory is located at the <installation drive>\%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\12.
| Installation directory | User | Permission | Inherit | Description |
|---|---|---|---|---|
\ADMISAPI |
Users Administrators SYSTEM WSS_WPG WSS_ADMIN_WPG |
Read, Execute Full Control Full Control Read Full Control |
Yes Yes Yes Yes |
Contains the soap services for the SharePoint Central Administration Web site. If this directory is altered, remote site creation and other methods exposed in the service will not function correctly. |
\BIN |
Users Administrators SYSTEM |
Read, Execute Full Control Full Control |
||
\CONFIG |
Users Administrators SYSTEM WSS_WPG WSS_ADMIN_WPG |
Read, Execute Full Control Full Control Read Full Control |
Yes Yes Yes Yes |
Contains files used to extend Internet Information Services (IIS) Web sites with SharePoint. If this directory or its contents are altered, Web application provisioning will not function correctly. |
\Data |
Users Administrators SYSTEM WSS_ADMIN_WPG |
Read, Execute Full Control Full Control Full Control |
Yes |
|
\HCCab |
Users Administrators SYSTEM |
Read, Execute Full Control Full Control |
||
\Help |
Users Administrators SYSTEM |
Read, Execute Full Control Full Control |
||
\ISAPI |
Users Administrators SYSTEM |
Read, Execute Full Control Full Control |
||
\LOGS |
Users Administrators SYSTEM WSS_WPG WSS_ADMIN_WPG <All SharePoint Service Accounts> LOCAL SERVICE |
Read, Execute Full Control Full Control Modify Full Control Modify Modify |
No No No No No No No |
Contains setup and run-time tracing logs. If the directory is altered, diagnostic logging will not function correctly. |
\Resources |
Users Administrators SYSTEM |
Read, Execute Full Control Full Control |
||
\TEMPLATE |
Users Administrators SYSTEM |
Read, Execute Full Control Full Control |
The following table lists the folders for which Windows SharePoint Services 3.0 changes permissions in the Documents and Settings folder of the installation drive (%AllUsersProfile%\Application Data\Microsoft\SharePoint).
| Installation directory | User | Permission | Inherit | Description |
|---|---|---|---|---|
%AllUsersProfile%\Application Data\Microsoft\SharePoint |
Administrators SYSTEM WSS_WPG WSS_ADMIN_WPG |
Full Control Full Control Read Full Control |
No No No No |
Contains the file system-backed cache of the farm configuration. Processes might fail to start, and the administrative actions might fail if this directory is altered or deleted. |
Web site content area
The following table lists the files and folders in the Web site content area. The Web site content area is located at <installation drive>\Inetpub\wwwroot.
| Web site content area | User | Permission | Inherit | Description |
|---|---|---|---|---|
\Inetpub Note All directories enclosing the content root will grant LIST permissions to these accounts. |
||||
\Inetpub\wwwroot\_vti_pvt |
Users Administrators SYSTEM IIS_WPG Internet Guest Account (IUSR_*) |
Read, Execute Full Control Full Control Read, Execute Special Permissions |
||
\Inetpub\wwwroot\wss |
Administrators SYSTEM WSS_WPG WSS_ADMIN_WPG |
Full Control Full Control Read, Execute Full Control |
No No No |
This directory (or the corresponding directory under the Inetpub root on the server) is used as the default location for IIS Web sites. SharePoint sites will be unavailable and administrative actions might fail if this directory is altered or deleted unless custom IIS Web site paths are provided for all IIS Web sites extended with SharePoint. |
Web.config |
Users Administrators SYSTEM IIS_WPG Internet Guest Account (IUSR_*) |
Read, Execute Full Control Full Control Read, Execute, Special Permissions Special Permissions |
||
wpresources\web.config |
Users Administrators SYSTEM IIS_WPG Internet Guest Account (IUSR_*) |
Read, Execute Full Control Full Control Read, Execute, Special Permissions Special Permissions |
Windows Directory
The following table lists the files and folders for which Windows SharePoint Services 3.0 changes permissions in the Windows directory (%WinDir%).
| Windows directory | User | Permission | Inherit | Description |
|---|---|---|---|---|
%temp% |
Administrators WSS_ADMIN_WPG SYSTEM WSS_WPG Network Service (for a domain controller only) |
Full Control Full Control Full Control Read Read, Write |
Yes Yes Yes |
This directory is used by platform components on which SharePoint depends. If this access control list is modified, Web Part rendering and other deserialization operations might fail. |
%WinDir%\Tasks |
WSS_ADMIN_WPG |
Full Control |
||
%WinDir%\System32\Logfiles\SharePoint |
Administrators WSS_ADMIN_WPG SYSTEM WSS_WPG Network Service (for a domain controller only) |
Full Control Read, Write Full Control Read Read, Write |
No No No |
This directory is used by SharePoint usage logging. If this directory is modified, usage logging will not function correctly. |
%WinDir%\System32\Drivers\Etc\HOSTS |
WSS_ADMIN_WPG |
Read, Write |