Directory permissions

For GeoAdministrator to work properly in an on-premises environment, you must set permissions on certain directories on the Web Services server.

• In the Web Services application directory, grant the Users group the Modify permission on the config directory.

  In addition to adding data to the Operations and Regulations database, GeoAdministrator must be able to modify some of the configuration files stored in this directory.

• Ensure that the account used for the Web Services application pool identity has the Modify permission on C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.

  GeoAdministrator must be able to add keys to the certificate store in the MachineKeys directory. The default account for the application pool identity, Network Service, has the correct access in an out-of-the-box installation. The installer grants the IIS group the Modify permission on the MachineKeys folder, and Network Service is a member of this group. If you change the application pool identity, you should ensure that the account you select is also a member of the IIS group.