Hi Ken
I wanted to verify your steps. I totally reinstalled IIS on my spare 2008 server. I carefully went through the steps to get a simple default web site working out of the box. The only thing I do that is a bit odd is that I redirect the Default Web Site to a folder of my choice. I never use the C:\inetpub folder. The steps are: I ran aspnet_regiis -i on 32 and 64 bit Framework 4 to create the pools. Only Anonymous Authentication is installed and enabled. The default IIS welcome htm page displays okay. I redirect the default web site to C:\webs\default (I always do this) and I get this: 500.19 insufficient permission for the IIS APPPOOL\DefaultAppPool to read C:\webs\default\web.config. Confused, I look at the permissions to C:\inetpub\wwwroot and based upon what I see I give my folder RX permission to IIS_IUSRS and I get this: 401.3 Unauthorised for C:\webs\default Impersonating: NT AUTHORITY\IUSR, IIS APPPOOL\DefaultAppPool I give IUSR RX permission to my folder. Web page is okay locally and remotely. ****** So I have to give RX permission to both IIS_IUSRS and IUSR to allow the simple web site to work. I have not changed any pools or other permissions. These two file permissions seem to be the minimum required to make the redirected web site work. It's strange that two different errors are produced as I permit the two accounts, and in the second one we see an impersonation taking place. I've never previously need to change file permission like this to get a simple web site to work. I'm quite surprised by this on 2008. Greg
