Consider the following scenario. On a Web server that is running Microsoft Internet Information Services (IIS) 7.0, you host an active server page (ASP) that connects to a database. The ASP page data provider is the Microsoft.Jet.OLEDB.4.0 data provider. The ASP page data source is a Microsoft Access database (.mdb) file. In this scenario, you may receive the following error message when you request the ASP page: Note You will encounter a similar error message when you use both of the following:

•	A Microsoft Access database in the Access 2007 file format (.accdb)
•	The Microsoft.ACE.OLEDB.12.0 data provider

Back to the top

This problem may occur if IIS 7.0 is configured to load the current user profile for an application pool identity. This may cause compatibility issues with legacy ASP-based applications and ADO-based applications because the current user may not have sufficient permissions to write to the temporary directory.

Back to the top

To resolve this problem, you must add the correct access control entries to the temporary directory for the process identity. To do this, follow these steps.

Note By default, the process identity is NetworkService, and the temporary directory is %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp.

1.	Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
2.	When you are prompted for an administrator password or for a confirmation, type the password or click Continue.
3.	Type the following command, and then press ENTER: icacls %windir%\serviceprofiles\networkservice\AppData\Local\Temp /grant Users:(CI)(S,WD,AD,X) Note This command enables every user to create files and directories in the temporary directory.
4.	Type the following command, and then press ENTER: icacls %windir%\serviceprofiles\networkservice\AppData\Local\Temp /grant "CREATOR OWNER":(OI)(CI)(IO)(F) Note The user who creates a file or a directory in the temporary directory is the CREATOR OWNER. The CREATOR OWNER access control entry grants a user complete control over the file or the directory. Other users cannot access these files and directories because they are not the CREATOR OWNER.

Back to the top

To resolve this problem, use the method that is described in the "Resolution" section. However, if you do not want to add access control entries to the temporary directory for the process identity, you can work around the problem by disabling the loadUserProfile property for the application pool. When this property is disabled, IIS 7.0 does not load the current user profile for the application pool.

Important If you disable this property, a security risk may be created. Make sure that you understand and evaluate the risks before you implement this workaround.

To disable the loadUserProfile property for the application pool, modify the ApplicationHost.config file. The following example demonstrates how to do this.

<applicationPoolDefaults>
    <processModel identityType="NetworkService" loadUserProfile="false" />
</applicationPoolDefaults> 

Back to the top

For more information about temporary directory permissions when you run a database query in an ASP page, click the following article number to view the article in the Microsoft Knowledge Base:

Back to the top