**Late breaking news:
Set the ‘Everyone’ group with ‘Read’ permissions to the below folder:
C:\inetpub\wwwroot\wss\VirtualDirectories\80\_app_bin
Problem history as follows:
Intermittently certain ascx files used by Sharepoint need to be recreated in Temporary ASP.NET folders.
But the creation of these files by the worker process account fails with Access Denied.
userfieldeditor.ascx
lookupfieldeditor.ascx
and associated to these errors is the failure to load featureactivator.ascx and featuredependees.ascx.
After much investigation it appears as if the issue revolves around file level permissions within the web application folder in Temporary ASP.NET as all the folder level permissions for the worker process account are correct.
And the fix to date is to Replace all existing inheritable permissions on all descendants with inheritable permissions from this object. Where this object is the worker process account at the Temporary ASP.NET folder.
This can be achieved by a Powershell script as follows.
$Right=”FullControl”
$StartingDir=”C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\b519bb46″
$Principals=”LEGAL\svc_spdoclib”, “SSHPP03\ASPNET”
foreach($principal in $principals)
{
$rule=new-object System.Security.AccessControl.FileSystemAccessRule($principal,$Right,”Allow”)
foreach ($file in $(Get-ChildItem $StartingDir -recurse))
{
$acl=get-acl $file.FullName
$acl.SetAccessRule($rule)
set-acl $File.Fullname $acl
Write-Host “Set $Right on $File”
}
}
Though the cause remains unknown. Group policy was a candidate cause but gpupdate /force does not cause the problem.
