I am trying to install Moodle 3.8.1 on a Windows 2016 server with IIS 10. PHP is working.
I have installed all of the prerequisites, and have copied the Moodle files to my directory, and browse to the website to install.
I have set the permissions for the IIS user for the app pool running the website to have "full control" over the moodle, moodle\moodle, and moodle\moodledata directories.
I need some advice on what to do now ...
I don't do windows either, but ... I made a new year's resolution 1st year of retirement to: a) never use Windows again. b) never work for a 'lunatic' ... for any amount less than 1 Mil. (that ought to put me out of any running for the job!)
Error screen shared does show conditions of data directory.
They have not been met - does say '... will attempt to create ..'.
So how about, before you begin the install:
1. get a cert for the server/domain.
2. manually create E:\moodle\moodle and grant ownerships/permissions to read/write to the user of web service.
3. **Strongly consider** E:\moodledata\data for moodledata ... ie, don't put moodle's data directory in moodle code directory and grant the globe read/write.
'SoS', Ken
Can't resist ... so government IT decisions are 'infoulable'? :|
Ok ... moving forward ...
"Is there somewhere that Moodle specifies another user? Is there a configuration file for that?"
None of which am aware ... not in Moodle. It's nothing more than an application running under web service. How the web service is configured sits atop of apps.
Internal only ... ok, no cert ... but consider site to be development only. Moving content from dev to production I would imagine needs to be backups of courses.
https://docs.moodle.org/38/en/Windows_installation
https://docs.moodle.org/38/en/Internet_Information_Services
Best of luck!
'SoS', Ken
The IIS site user account needs modify permissions to the Moodledata directory: here are some steps to do this.
From what others said:
Joseph, please refer to the video HERE, you'll get sorted
You don't want the IIS user to have full permission to the source directory for security reasons. This is the reason for the suggestion that Moodledata should be a separate location to the source code directory and not within it.
Are you still having trouble or did the walkthrough that Usman posted get the site running?
I've just realised that the original error you posted said "Data directory (E:\moodle\moodledata) cannot be created by the installer". But you've presumably created the Moodledata directory now so presumably you're at least getting a different error because the installer should no longer be trying to create the directory if it already exists.
An update to the instructions I posted on granting permission to write to the Moodledata directory: this is a little different if the IIS website's Anonymous Authentication has been set to use the application pool identity.
Determine if a specific user is being used for the Moodle website (where "Moodle site" is the name of the website in the left hand pane of the IIS Manager manager console:
C:\inetpub>%windir%\system32\inetsrv\appcmd.exe list config "Moodle site" ^
More? /section:anonymousAuthentication
⋮
<anonymousAuthentication enabled="true" userName="IUSR" />
⋮
If userName is not empty then this is the user that should have modify permissions to the Moodledata directory, e.g.:
C:\inetpub>icacls C:\inetpub\moodledata /grant IUSR:(OI)(CI)(M)
The above is the default setting for IIS. However, if userName is empty, i.e.:
<anonymousAuthentication enabled="true" userName="" />
Then you need to grant modify permissions to the application pool identity for that website. The application pool is shown under Basic Settings... for the site in the IIS Manager console – by default the identity has the same name as the website but you may need to check the application pool settings to confirm this. E.g. for a website called Moodle site using an application pool identity also called Moodle site:
C:\inetpub>icacls C:\inetpub\moodledata /grant "Moodle site":(OI)(CI)(M)You may find that the application pool identity isn't created until the website is first accessed. If the above command fails, try again after starting the Moodle install process.
There's no correct way as such, it's just a case of determining which user account/identity IIS will use to access files and thus which account/identity you need to grant modify access to on the Moodledata directory.
That said application pool identities allow more granular access controls: if all websites on an IIS server were using IUSR then one website could access the files of another website, but with the application pool identities you can have one identity per website and grant file access only for the corresponding website. So this latter approach sounds better to me.
