ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER Deploying w/TFS
Scenario:
The TFS deploy Agent is setup to use built in account Network Service as the identity to conduct actions on server. Using Web Deploy to update the web site using a batch file and Web Deploy package to update a website folder.
Error Encountered:
Upon execution of the batch file, the following error occurs:
2018-05-09T00:24:30.2375370Z Info: Adding directory (Default Web Site/BIO_POC\bin).
2018-05-09T00:24:30.2531618Z Error Code: ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER
2018-05-09T00:24:30.2531618Z More Information: Unable to perform the operation ("Create Directory") for the specified directory ("C:\inetpub\wwwroot\BIO_POC\bin"). This can occur if the server administrator has not authorized this operation for the user credentials you are using. Learn more at: https://go.microsoft.com/fwlink/?LinkId=221672#ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER.
Problem:
The TFS build/deploy agent is using the credential of the server's built-in Network Service account and the agent is setup to run as a server. The Network Service account did not have Full control permissions on the folder where the website is located to add/delete files and folders as needed.
Resolution:
One of the following
- Change the identity of the account the agent is using to a local account with membership in the Local Admin group on the server
- Change the identity of the account the agent is using to a Domain account with membership in the Local Admin group on the server
- Add the NT AUTHORITY\NETWORK SERVICE account to the C:\Inetpub\wwwroot\DefaultWebSite\<site> folder with FULL PERMISSIONS