Note:This was validated against NS 6.0 SP3
Question
What are the most common NTFS permissions (rights) for the Notification Server?
Answer
Local Security Policies
Security Policies are set by going to Administrative Tools > Local Security Policy. Browse down into the Local Security, and select User Rights Assignment. The account being used for the Application Identity and the ASP.NET account need the following rights:
NTFS Permissions
Verify that the security of the Documents and Settings folder as follows:
Verify that the Program Files\Common Files folder security as follows:
Verify that the Inetpub folder security as follows:
Verify that the Inetpub\wwwroot folder security:
Verify that the security of the %windir%\Microsoft.NET\Framework\v1.1.4322 folder:
Verify that the %windir%\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll file security as follows:
Verify that the security of the %windir%\Help, %windir%\Assembly, and %windir%\Fonts folders as follows (use the Ctrl key to select all three folders at once. Click Properties on Help or Fonts, not Assembly.)
Verify that the security of the %windir%\WinSxS folder:
Verify that the security of the %windir%\Temp, %systemroot%\temp, %systemroot%\tmp, %windir%\Registration, and %windir%\Debug folders (use the Ctrl key to select all folders at once) as follows:
Verify that the %windir%\IIS Temporary Compressed Files folder security:
Verify that the security of the %windir%\System32 folder as follows:
Verify that the %windir%\System32\MsDtc folder as follows
Verify that the %windir%\System32\Inetsrv folder security:
Verify that the security of the %windir%\Help\iisHelp\common folder as follows:
Verify that the security of the %NSinstallpath%\Altiris folder:
Verify the %NSinstallpath%\Altiris\Altiris Web folder security as follows:
Verify the security of the %NSinstallpath%\Notification Server\Logs folder:
Verify the security of the %NSinstallpath%\Notification Server\NScap\Bin, and Notification Server\NScap\Help folders as follows (use Ctrl key to select both folders at once):
Verify that the security of the %NSinstallpath%\Notification Server\NScap\EvtInbox folder:
Verify that the security of the %NSinstallpath%\Notification Server\NScap\EvtQFast, Notification Server\NScap\EvtQLarge, Notification Server\NScap\EvtQSlow, Notification Server\NScap\EvtQueue, and Notification Server\NScap\Temp folders (use the Ctrl key to select all three folders at once) as follows:
Verify that the security of the %NSinstallpath%\Notification Server\Agent folder:
Verify that the security of the %NSinstallpath%\Notification Server\Bin\Aexloglib.dll, and Notification Server\Bin\AeXNSEventRouter.dll files as follows:
Verify that the %NSinstallpath%\Notification Server\Bin\Isapi folder security:
Note: Items 1 and 2 should be run after any NTFS permissions change.
Note: Permissions on the %NSInstallPath%\Altiris folders and files will be reset back to their defaults if a Notification Server repair is ran.