ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER Deploying w/TFS
The TFS deploy Agent is setup to use built in account Network Service as the identity to conduct actions on server. Using Web Deploy to update the web site using a batch file and Web Deploy package to update a website folder.
Upon execution of the batch file, the following error occurs:
2018-05-09T00:24:30.2375370Z Info: Adding directory (Default Web Site/BIO_POC\bin).
2018-05-09T00:24:30.2531618Z Error Code: ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER
2018-05-09T00:24:30.2531618Z More Information: Unable to perform the operation ("Create Directory") for the specified directory ("C:\inetpub\wwwroot\BIO_POC\bin"). This can occur if the server administrator has not authorized this operation for the user credentials you are using. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER.
The TFS build/deploy agent is using the credential of the server's built-in Network Service account and the agent is setup to run as a server. The Network Service account did not have Full control permissions on the folder where the website is located to add/delete files and folders as needed.
One of the following
- Change the identity of the account the agent is using to a local account with membership in the Local Admin group on the server
- Change the identity of the account the agent is using to a Domain account with membership in the Local Admin group on the server
- Add the NT AUTHORITY\NETWORK SERVICE account to the C:\Inetpub\wwwroot\DefaultWebSite\<site> folder with FULL PERMISSIONS