Question
- How to customize permissions allowing access to additional files and directories for Plesk on Windows users through Disk Security?
- How can I make additional software installed on my Windows server accessible to Plesk websites and users?
Answer
For example, there is an application installed into the folder C:Program FilesAppName (or any other directory that is generally not accessible to Plesk-related users on your Windows server). The contents of that directory need to be accessed by some of the website on your Windows server, in order for the websites to run as expected and avoid 500 Internal Server Error or similar messages.
The Plesk panel's default security rules prohibit customers from accessing arbitrary folders on the disk and limit them from only accessing certain files and directories that are related to Plesk.
To customize disk security and allow access to the Plesk users to certain additional files and directories on your Windows Server, you should create an additional file with the .xml extension in the %plesk_dir%etcDiskSecurity directory and specify additional security rules in the file.
This will track changes and manipulate sets of security metadata easily.
For example, if the full path of the main directory of the software that you want to make available to Plesk users is C:Program FilesPersits SoftwareAspJpeg, you should do the following:
- Connect to the server via RDP
-
Create a new file called
permissions.xmlin%plesk_dir%etcDiskSecurity(rename the old one if necessary) and put the following contents within it:<?xml version="1.0" encoding="utf-8" ?>
<Entries>
<Entry AccounType="1" Account="Psacln" Path="C:Program FilesPersits Software" SubPath="AspJpeg" AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="FullAccess" EntryFlags="0" />
<Entry AccounType="1" Account="Psaadm" Path="C:Program FilesPersits Software" SubPath="AspJpeg" AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="FullAccess" EntryFlags="0" />
</Entries> - Start Command Prompt as the Administrator
-
Run the ApplySecurity.exe utility of Plesk in order to apply the permission changes by executing the following command:
C:> "%plesk_bin64%"ApplySecurity.exe --apply-to-directory --directory="C:Program FilesPersits SoftwareAspJpeg"
Note: This file will be read during the reapplying of permissions by the Plesk repair utility when it is invoked either via the Plesk Reconfigurator utility or called directly from CLI
-
Run the following plesk repair command in order to make absolutely sure that the permissions of the newly mentioned software directory are correct:
C:> plesk repair --directory-permissions -directory "C:Program FilesPersits SoftwareAspJpeg
-
(Optional) If you are getting a 500 external Server Error while opening the related website resource at this point, in most cases it can be resolved by going to Plesk > Domains > example.com > Hosting & DNS > Dedicated IIS Application Pool for Website, checking the Enable 32-bit applications box, pressing Apply and pressing Recycle for the application pool: