The built-in Users group does not have the necessary permissions
The information in this article applies to:
Visual Studio 2005 Team Foundation Server
Visual Studio Team System 2008 Team Foundation Server
Application-tier server
Health check
The Best Practices Analyzer tool for Team Foundation Server checks the permissions that are assigned to the built-in group for users who can access Web sites and virtual directories for Team Foundation. An error appears if the group does not have Read, List Folder Contents, and Read & Execute permissions. The error contains the name of the server and the directory path of the Web site or virtual directory.
Without Read & Execute permissions, members of this group might receive unexpected logon challenges and be denied access to the Web site for Team Foundation. To resolve this issue, navigate to the directory that the error specifies, and change the permissions for the group.
Required Permissions
To perform this procedure, you must be a member of the Administrators security group on the application-tier server for Team Foundation.
To change the permissions for a directory in Windows Server 2003
Log on to the application-tier server.
Open Windows Explorer, and locate the directory path that the error specifies.
Right-click the directory, and click Properties.
On the Security tab, click the built-in users group that is labeled Users (ServerName\Users).
Under Permissions for Users, make sure that the Read & Execute, List folder contents, and Read check boxes are selected.
If you cannot change the permissions, click Advanced to open the Advanced Security Settings dialog box.
In the Permission entries list, click Users (ServerName\Users), and then click Edit.
Clear the check box that propagates inheritable permissions from the parent.
In the Security dialog box, click Copy.
In the Advanced Security Settings for Services dialog box, click Edit.
In Permission Entry for Service, select the following check boxes: Traverse Folder / Execute File, List Folder / Read Data, Read Attributes, Read Extended Attributes, and Read Permissions.
Select the Apply these permissions to objects and/or containers within this container only check box.
Click OK to close the dialog box.
Click Apply, and then click Yes.
Click OK twice.
To change the permissions for a directory in Windows Server 2008
Log on to the application-tier server.
Open the Start menu, point to Administrative Tools, right-click Internet Information Services (IIS) Manager, and then click Run as administrator.
Internet Information Services (IIS) Manager opens.
In the Connections pane, expand ComputerName (Local Computer), and then expand Sites.
Expand the name of the Web site that the error specifies.
Click the name of the Web site or virtual directory that the error specifies.
In the Actions pane, click Edit Permissions.
The Web Services Properties or Services Properties dialog box opens.
On the Security tab, click the built-in users group that is labeled Users (ServerName\Users).
Under Permissions for Users, make sure that the Read & Execute, List folder contents, and Read check boxes are selected.
If you cannot change the permissions, click Advanced to open the Advanced Security Settings dialog box.
In the Permission entries list, click Users (ServerName\Users), and then click Edit.
Clear the check box that propagates inheritable permissions from the parent.
In the Security dialog box, click Copy.
In the Advanced Security Settings for Services dialog box, click Users (ServerName\Users), and then click Edit.
In Permission Entry for Services, select the following check boxes: Traverse folder / execute file, List folder / read data, Read attributes, Read extended attributes, and Read permissions.
Select the Apply these permissions to objects and/or containers within this container only check box.
Click OK to close the dialog box.
Click Apply, and then click OK.
Click OK twice.