ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER Deploying w/TFS


Scenario:

The TFS deploy Agent is setup to use built in account Network Service as the identity to conduct actions on server. Using Web Deploy to update the web site using a batch file and Web Deploy package to update a website folder.

Error Encountered:

Upon execution of the batch file, the following error occurs:

2018-05-09T00:24:30.2375370Z Info: Adding directory (Default Web Site/BIO_POC\bin).

2018-05-09T00:24:30.2531618Z Error Code: ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER

2018-05-09T00:24:30.2531618Z More Information: Unable to perform the operation ("Create Directory") for the specified directory ("C:\inetpub\wwwroot\BIO_POC\bin"). This can occur if the server administrator has not authorized this operation for the user credentials you are using. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER.

Problem:

The TFS build/deploy agent is using the credential of the server's built-in Network Service account and the agent is setup to run as a server. The Network Service account did not have Full control permissions on the folder where the website is located to add/delete files and folders as needed.

Resolution:

One of the following

  1. Change the identity of the account the agent is using to a local account with membership in the Local Admin group on the server
  2. Change the identity of the account the agent is using to a Domain account with membership in the Local Admin group on the server
  3. Add the NT AUTHORITY\NETWORK SERVICE account to the C:\Inetpub\wwwroot\DefaultWebSite\<site> folder with FULL PERMISSIONS

Comments (0)

Skip to main content