Problem: Non-administrator users encounter errors in the Security sections of ArcGIS Server Manager


At ArcGIS Server 9.3 (.NET), users who are not Administrators on the server may log in to Manager, as long as they are members of the agsadmin group. However, these non-administrator users encounter errors when attempting to access Manager's Security sections (Users, Roles or Settings). The error may resemble the following:

"An error has occurred on the server. For details please check the Event (Application) log on the web server.
Error accessing web site on <server name>: Access is denied."


The Security sections of Manager require access to the Internet Information Server (IIS) Web server metabase and directories. Non-administrators may not have access to these areas by default.

Solution or Workaround

In order to access the Security sections of Manager successfully, the user must be granted access to the IIS metabase and directories. One of the following approaches should be used.

  • Log in to Manager with an account that is a member of the Administrators group on the server, as well as a member of the agsadmin group.

    - Or -

  • After adding the user to the agsadmin group, grant the user access to the IIS metabase and directories on the server. To do this:

    1) Log in to the Web server computer with an administrator account.

    2) Open a .NET command prompt from Start > (All) Programs > Microsoft .NET Framework SDK vX.X > SDK Command Prompt.

    If this start menu item does not exist on the machine, open a regular command prompt from Start > Run..., type 'cmd' in the 'Open:' text field and click OK. At the prompt change the directory to C:\Windows\Microsoft.NET\Framework\vX.X.

    vX.X refers to the .NET framework version. For the .NET 2.0 framework, the paths above would be C:\Windows\Microsoft.NET\Framework\v2.0.50727.

    3) In the command prompt, enter the following command, substituting the user name for <username>:

    aspnet_regiis -ga <username>

    Include the domain name if the user is a domain user account, for example, mydomain\myuser.

    4) Press the <Enter> key. A message displays that the user is being granted access to the IIS metabase and other directories used by ASP.NET. After a minute or so, a message should appear that the process is finished.

    5) Close the command prompt by typing 'exit' and then press the <Enter> key.

    6) The user should now be able to access the Security sections of Manager.
    The user may need additional permissions for other operations. For example, in the Security Settings wizard, configuring the user or role store to SQL Server requires that the user have permissions to create and administer databases on the SQL Server.