DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 821255 - Last Review: October 30, 2006 - Revision: 3.1

SYMPTOMS

When you create a Web application in Microsoft Visual Studio .NET and then press F5 to debug the application, you may receive the following error message:
Error while trying to run project: Unable to start debugging on the Web server. Access is denied.
Would you like to disable future attempts to debug ASP.NET pages for this project?

CAUSE

This issue occurs if the account that is used to run the ASP.NET Worker process (by default, the ASPNET user account) is not assigned the "Impersonate a client after authentication" user right in the Local Security Policy settings. This issue may occur when you install Microsoft Visual Studio .NET after you install Windows 2000 Service Pack 4 (SP4) on the computer. In this situation, the ASPNET account is not assigned the "Impersonate a client after authentication" user right in the Local Security Policy settings.

The "Impersonate a client after authentication" user right (also named SeImpersonatePrivilege) is a new Windows 2000 security setting that was first included in Windows 2000 SP4. For more information about the new security settings introduced in Windows 2000 SP4, including the "Impersonate a client after authentication" user right, see the "More Information" section later in this article.

WORKAROUND

To work around this issue, assign the "Impersonate a client after authentication" user right to the ASPNET account in the Local Security Policy settings:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
  2. Double-click Local Policies, and then click User Rights Assignment.
  3. In the right pane, double-click Impersonate a client after authentication.
  4. In the Local Security Policy Setting dialog box, click Add.
  5. In the Select Users or Group dialog box, click ASPNET, click Add, and then click OK.
  6. Click OK.

MORE INFORMATION

The "Impersonate a client after authentication" user right (also named SeImpersonatePrivilege) helps to increase security in Windows 2000. (This user right was first included in Windows 2000 SP4.) This security setting helps to prevent unauthorized servers from impersonating clients that connect to it through methods such as remote procedure calls (RPC) or named pipes. For additional information about the security settings that are introduced in Windows 2000 SP4, including the "Impersonate a client after authentication" user right, click the following article number to view the article in the Microsoft Knowledge Base:
821546  (http://support.microsoft.com/kb/821546/EN-US/ ) Overview of the "Impersonate a Client After Authentication" and the "Create Global Object" Security Settings
For additional information about how to obtain the latest service pack for Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:
260910  (http://support.microsoft.com/kb/260910/EN-US/ ) How to Obtain the Latest Windows 2000 Service Pack
For additional information about how to assign user rights in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:
220019  (http://support.microsoft.com/kb/220019/EN-US/ ) HOW TO: Set User Rights in Windows 2000

APPLIES TO
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
Keywords: 
kbnofix kbbug KB821255
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support