How do I stop Microsoft Web Deploy / Web Publishing from editing my websites ACL permissions?

By default Web Deploy sets the ACL of the sites anonymous user to read only. To prevent this from causing problems when you publish your application, you will need to update your Visual Studio project configuration file to not manage or control your sites ACL permissions. This can be done by executing the following command…

msbuild PROJECTNAME.csproj /p:IncludeSetAclProviderOnDestination=False

Or for Visual Basic

msbuild PROJECTNAME.vbproj /p:IncludeSetAclProviderOnDestination=False

You can also manually update the project configuration file with a text editor such as notepad and editing the following lines…

Find the line below

and add the follow tag / setting to the propertygroup list


Once completed your project configuration file should look something similar to this example below…


You may also edit your MSBuild’s Microsoft.Web.Publishing.targets file to prevent all ASP.NET projects from editing ACL permissions…

  • Open Microsoft Notepad as an Administrator
    • Navigate to Start / All Programs / Accessories
    • Right click on Notepad
    • Choose “Run as Administrator”
  • In Notepad select File / Open and navigate to “C:Program Files (x86)MSBuildMicrosoftVisualStudiov10.0Web” | If you run the 64-bit version of MSBuild you will need to navigate to “C:Program FilesMSBuildMicrosoftVisualStudiov10.0Web”
  • Open Microsoft.Web.Publishing.targets
  • Find the “includesetaclproviderondestination” element and change it from True to False.
  • Select File / Save – you may now close Notepad

By default the “includesetaclproviderondestination” element is set to True, setting it to False prevents all ASP.NET projects from editing your sites ACL permissions.

If you have already published your website without this setting and you are facing permission issues, errors related to permissions please contact our support department and ask to have your permissions reset.