[Important note, 9 March 2012. I wrote the following blog post some time ago with mainly IIS6 and Windows Server 2003 in mind and as I state – for non-production scenarios. For later versions of IIS the folder permissions I reassert using XCACLS are incomplete. Specifically they do not include BUILTIN\IIS_IUSRS. I also do not discuss the fact that on 64-bit operating systems there will be a Framework64 folder as well as a Framework folder. The suggestion by Christopher Lewis in the blog comments is a good one.]

When I am testing out issues with ASP.NET dynamic compilation and shadow copying, I frequently need to ensure the contents of the "temporary asp.net files" folder have been removed so that I get a clean and consistent repro each time.

Normally I just do an IISRESET /STOP, delete the files manually and then do an IISRESET /START.

But I got bored of that so thought I would try to automate it with a command file.

First thought was to do a DEL /S "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\*.*"

This worked, but left the directory structure in place.

So my next thought was to do an RMDIR /S /Q "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" and then just recreate the directory.

That certainly left me with an empty directory, BUT, the "NETWORK SERVICE" account under which my application pools usually run had no permissions to the newly created folder, so I got an "access denied" error as soon as I tried to browse an ASP.NET page.

Then I thougt I'd get clever and use the built in command line tool CACLS.EXE to give full control permissions to the built in IIS_WPG local group of which NETWORK SERVICE is a paid up member. (Any account you use as the identity for an application pool should be added to IIS_WPG rather than trying to give the account all the needed permissions directly. It's much simpler and more maintainable.)

What I didn't like about that was that CACLS.EXE does not appear to support a way of suppressing the "are you sure (Y/N)?" prompts.

So finally I grabbed a copy of XCACLS.VBS and got the following command file working:


iisreset /stop
rmdir /q /s "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files"
rmdir /q /s "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files"
md "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files"
md "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files"
xcacls "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" /E /G MYMACHINE\IIS_WPG:F /Q
xcacls "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /E /G MYMACHINE\IIS_WPG:F /Q
iisreset /start