Required File System Permissions on Windows With IIS

Overview

When running Sugar on IIS, you need to make all of the files and sub-directories within your Sugar installation writable by the system user that IIS is running under. You do not need to do this when running Apache, because Apache does not respect Windows file system permission settings.

Steps to Complete

Enabling the Security Tab

First, in the Windows File Explorer, enable the Security tab:

1. Open Windows File Explorer.
2. Click on Tools > Folder Options.
3. Click the View tab then scroll to the bottom.
4. Uncheck "Use simple file sharing (Recommended)".

Setting the File System Permissions in Sugar

Next, set the file system permissions in your Sugar installation:

1. In Windows Explorer, right click and view the properties of your Sugar installation directory (e.g. C:\Inetpub\wwwroot\sugar).
2. Click on the newly enabled Security tab.
3. Add full control for the user under which IIS runs. The IIS user is typically IUSR. For more information on the IUSR account, please refer to this Microsoft documentation. 
4. Be sure to click the Advanced button and apply this new permission to all sub-directories by clicking "Replace permission entries on all child objects with entries shown here that apply to child objects".

When locking down file and folder permissions, it can be helpful to move Sugar log files to their own folder. Please refer to the Moving Log Files to Their Own Folders article for more information.