How Do I Fix ASP 80004005 errors?

When you're working with ASP or ASP.NET applications and a Microsoft Access database, you're likely to run into an error like this:

Microsoft JET Database Engine error '80004005'

The Microsoft Jet database engine cannot open the file 'C:\Inetpub\wwwroot\YourSite\Databases\YourDatabase.mdb'. It is already opened exclusively by another user, or you need permission to view its data.

/YourSite/YourDataAccessPage.asp, line 15

Alternatively, you may get this error instead:

Microsoft JET Database Engine error '80004005'

Operation must use an updateable query.

/YourSite/YourDataAccessPage.asp, line 15

Both errors basically mean the same: the account that your Web server is running under does not have the necessary permissions to read from or write to the database.

This article will explain the steps you need to perform to fix this problem. First I will explain how you can find out the current account that the Web server is using to connect to the database. In the second part of the article I'll explain how to change the security settings so the Web server can successfully access the database.


This article will explain the steps you need to perform on Windows XP Professional. This OS comes with IIS 5.1. as the Web server. For other versions of Windows, like Windows 2000 or Windows Server 2003, the steps will roughly be the same, although the screens may look a little different and the account you need to configure may be different as well. The article also assumes that the hard disk where your Web site resides is formatted with NTFS. If you're using FAT or FAT32 this article does not apply, because these file systems don't support changing the security settings.

Find Out the Account that IIS Runs Under

Before you can change the security settings for your database, it's important to find out which account your Web server, IIS, is running under. By default, for a Web site that allows anonymous access and is running "classic ASP", this account is called IUSR_MachineName where MachineName is the name of your computer. However, when you are using a security mechanism in IIS other than Anonymous Access, you manually changed the account that IIS uses or you're running your Web site "Out Of Process", you're likely to encounter another user account. Also note that when you're running ASP.NET, the account is different as well. Refer to the FAQ that is listed below the following table for more info.
The following table lists the possible user accounts that IIS is using in various scenario's:

Scenario Account Used
The Web site or Virtual Directory / Application is configured for Anonymous Access

The Web site or Virtual Directory / Application is configured for Anonymous Access, but runs out of process (The Application Protection is set to High in the Home Directory or Virtual Directory tab of your Web application)

The Web site or Virtual Directory / Application is configured for Basic Authentication or Integrated Windows Authentication

The account you used to log on to your Web application
The Web site or Virtual Directory / Application is configured for Anonymous Access, but you manually changed the account used for anonymous access

The account you specified

For a detailed examination of the actual account used by the web server in ASP and ASP.NET check out the FAQ: How Do I Determine the Security Account that IIS Uses to Run My Web Site?

To find out how your system is configured, follow these steps:

  1. Start the Internet Information Services management console, which you'll find the under Administrative Tools which in turn you'll find either directly on the Start Menu, or in the Windows Control Panel.

    The IIS Management Console
    Figure 1 - The IIS Management Console

  2. Expand the tree in the left hand pane until you see Default Web Site. If you're configuring another Web site, or a Virtual Directory / Application, locate that one instead. This article assumes you're configuring the Default Web Site, so make sure you adjust any steps to match your situation if necessary.

  3. Right-click the Default Web Site in the tree at the left and choose Properties.

  4. Open the Directory Security tab and then click the Edit... button in the Anonymous access and authentication control section of the dialog. You'll see a screen similar to this one appear:

    Figure 2 - The Authentication Methods dialog in IIS for the Default Web Site

    If Anonymous access is checked (as in the screen shot above), the user name you see in the User name field is the account that IIS is using. If Anonymous access is not checked, and Basic and / or Integrated Windows authentication are checked, the account you use to log on to your Web site is used by IIS. Note that when Anonymous access is enabled, it doesn't really matter whether Basic and or Integrated authentication are checked as well; the account that IIS is using will still be the anonymous, or IUSR_MachineName, account for classic ASP and the ASPNET or Network Service account is used for ASP.NET.

  5. Finally you have to check whether your site is running Out of Process. To do so, close the Authentication Methods dialog, and switch to the Home Directory tab on the Default Web Site Properties dialog:

    Figure 3 - The Home Directory tab of the Default Web site Properties dialog

    If Application Protection is set to High (Isolated ) and you are using Anonymous Access, the account that IIS is using is the IWAM_MachineName account. In all other scenario's, IIS is using the account you determined in the previous step.

If you want to know the account that is used for an ASP.NET application read this FAQ. That article will explain the steps described above for both "classic" ASP as ASP.NET applications.

Changing the Security Settings

Now that you know which account is used to access your database, it's time to change the security permissions for this account. To be able to change the permissions, it's important that your system is set up to allow you to make these changes. You'll need to have a Security tab on the Properties dialog for a file or folder. By default, on a Windows XP computer that is not part of a network, this will not be the case, so you'll need to perform the following steps to make this tab visible:

  1. Open a Windows Explorer. To do that choose Start | Run..., type explorer and then hit enter.

  2. Choose Folder Options... from the Tools menu. Click the View tab and then scroll all the way down in the Advanced settings list. Make sure that Use simple file sharing (Recommended) is not checked.
    Although Microsoft recommends enabling simple sharing, in this case you can't use it as it prevents you from making fine-grained security changes. Click OK to apply the changes and close the dialog. Keep the Explorer window open because you'll need it in the next step.

With all the preparation taken care off, it's now time to change the security settings for the folder where your Microsoft Access database is stored. It's important to change the permissions for the folder, and not for just the database file. At run time, the Access driver will create temporary lock files (with an .lck extension) to keep track of who is making changes to the database. Without the right permissions on the folder, these lock files cannot be created and the database access will fail. To change these settings, perform the following 5 steps:

  1. Locate the folder where your database resides in. It's often a good idea to store the database in a special folder outside the Web scope like C:\Databases. This way, you can make sure that at run-time the database can be accessed, while the users of your Web site cannot download the database by typing in an address like http://www.YourSite.Com/Databases/YourDatabase.mdb. This way your database is safe from prying eyes. The rest of the article assumes you have stored your database in C:\Databases. If you decide to store the database within the scope of your Web site, you'll have to take extra precautions to prevent the database from being downloaded.

  2. Right click the folder Databases, choose Properties and switch to the Security tab. You'll see a screen similar to this:

    The Security tab of the Properties dialog of the Databases folder
    Figure 4 - The Security tab of the Properties dialog of the Databases folder

    On this screen, you'll see various accounts and groups listed that have access to this folder. For example, you'll see that, among other accounts, both the group Administrators and the account Imar are listed. It's good practice to limit access to your Databases folder as much as possible by removing permissions you don't really need. Evaluate each name in the group or user names list, and determine whether they need access or not. Usually, I remove all user names, except for my own name, the Administrators group, the Creator Owner account and the System account. Before you start removing all permissions, it's a good idea to read a bit in the Windows Help system about the implications of changing the security settings.
  3. Once you're done removing the user accounts you don't need, click the Add... button, and then type IUSR_MachineName in the text box at the bottom of the Select Users or Groups dialog. Don't forget to replace MachineName with the name of your computer:

    The Select Users or Groups dialog allows you to add individual user accounts or groups
    Figure 5 - The Select Users or Groups dialog allows you to add individual user accounts or groups

  4. Once you click the OK button, the IUSR account will be listed in the Group or user names box as Internet Guest Account (MachineName\IUSR_MachineName). Click the account, and then make sure that the account has at least Read and Write permissions:

    The IUSR account needs at least Read and Write permissions
    Figure 6 - The IUSR account needs at least Read and Write permissions

    Depending on the requirements for your application, you may need to give other permissions as well.

  5. Once you're done setting the individual security permissions for the Internet Guest Account, click the OK button to apply the changes to the folder and close the dialog.

Testing It Out

To test out whether the Web server can now successfully access and write to the database, it's best to create a page that performs a very simple INSERT or UPDATE statement. This way, you can focus on the security workings, so you're not bothered by the complexity of your application that may result in other errors.

  1. Create a new page and save it in the root of your Web site as TestDatabase.asp. Make sure the page has the skeleton required for a valid HTML page (the <html>, the <head> and <body> elements).

  2. Between the <body> tags, add the following ASP code:
    Dim MyConnection Dim MyConnectionString Dim MySQLStatement
    MyConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;" & _ "Data Source=C:\Databases\WebSite.mdb;User Id=admin;Password="
    MySQLStatement = "INSERT INTO Test (Description) Values('Test')"
    Set MyConnection = Server.CreateObject("ADODB.Connection")
    MyConnection.Open MyConnectionString MyConnection.Execute(MySQLStatement) MyConnection.Close()
    Response.Write("Record inserted successfully")
    Set MyConnection = Nothing %>
  3. After you have saved the page, make sure you have a database called WebSite.mdb located in the folder C:\Databases. This database should have a table called Test which contains at least a column called Description. The database in the code download for this article matches those criteria, so you can just copy that file from the zip archive to C:\Databases. Alternatively, you can use your own database. In that case, make sure you adjust both the path to and the name of the database, and the SQL statement in MySQLStatement.

  4. Finally, request the page in your browser. You should get a message indicating that the record was inserted successfully.
    If you get an ASP error instead, make sure you applied the security settings for the right account and for the right folder. Also, make sure you adjusted the connection string and the SQL statement in the code example.

Download Files

Where to Next?

Wonder where to go next? You can read existing comments below or you can post a comment yourself on this article .

Consider making a donation
Please consider making a donation using PayPal. Your donation helps me to pay the bills so I can keep running Imar.Spaanjaars.Com, providing fresh content as often as possible.

Feedback by Other Visitors of Imar.Spaanjaars.Com

On Thursday, November 18, 2004 6:08:03 PM james Blackmore said:
I have followed your steps and am still getting the same Operation must use an updateable query error. Any other suggestions would be recieved with many thanks
On Monday, November 22, 2004 8:04:50 AM yohans said:
here are some nice docs from M$ on various causes of the 80004005 error:

- "Unspecified Error" Returned when Using Jet
re: temp folder security

- "The Microsoft Jet Database Engine cannot open the file '(unknown)'"
lists a few different causes eg: db is locked, folder permissions, network drives, etc;EN-US;q306269

- INFO: Troubleshooting Guide for 80004005 Errors
long list of various 80004005 errors and their cause / resolution;en-us;306518
On Monday, December 20, 2004 12:23:37 PM Gary Lehan (Instate) said:
This was a great help , i'd been banging my head for a couple of days with this error and now it works.


On Thursday, December 23, 2004 11:54:17 PM Fredrik said:
Thanks verry much for your good explanation and resolving of my problem. Now I dont have the problem anymore. Tanks!!
On Thursday, January 6, 2005 7:55:14 AM Ree said:

I was following this article to allow the databases folder to become writable but somehow i managed to stupidly deny myself from access to the database folder! Please help I dont not know how to undo what I have done.

Sincere Regards and I look forward to your reply!
On Thursday, February 10, 2005 8:19:14 PM Jim Howie said:
Best I have ever, ever seen on the subject. Cleared up my problems in minutes (this after two days of major frustration and lots of well-meaning but unhelpful advice).
On Sunday, June 12, 2005 10:11:30 PM Stefano Baldini said:
Great article, it saved my life. I migrated from Win 2000 to XP PRO SP2 NTFS file system and suddenly my ASP scripts didn't work any more. You are a genius. A lot of greetings and thanks from Italy !!!
On Thursday, August 4, 2005 11:36:10 AM Edwin said:
I struggled find the solution .This site helped me.
I am very happy .Thanks
On Thursday, August 11, 2005 8:12:47 AM Steve C said:
I wish everybody took the time you did to make their web tutorials and explanations as clear and as thorough and as you have here. Fantastic job!
On Tuesday, October 11, 2005 5:11:06 AM Reetu Valecha said:
i tried the above given steps.
but i am still getting the error "Operation must use an updateable query" , when i am trying to insert any row.
On Tuesday, October 11, 2005 5:44:43 AM Imar Spaanjaars said:
Then you probably missed a step somewhere....

Are you sure you set the permissions for the correct account? Are you using ASP.NET instead of ASP? Then look here: http://Imar.Spaanjaars.Com/QuickDocId.aspx?QUICKDOC=287

On Tuesday, November 1, 2005 4:45:39 PM Jobet de Lima said:
Thank You!  I think everyone could benefit from more helpful pages with clear instructions like this one :-)
On Friday, November 4, 2005 3:18:24 PM Prob said:
This should help. Thanks a lot
On Saturday, November 12, 2005 10:26:12 AM chrismas said:
Don't work for me. I've tried also to set everyone users with the fullcontroll option, but still i'me getting the same error.
On Saturday, November 12, 2005 10:36:27 AM chrismas said:
OPS. I've configured the wrong folder in webconfig.
Sorry. Thanks for the superb article.
On Tuesday, November 15, 2005 5:48:15 PM Mike Tompkins (rudefish) said:
Just like on the wrox site you have helped me again!!

Thank you!
On Friday, November 18, 2005 1:23:50 AM lucy bathie said:
ok if this doesn't work how do i go about getting my outlook(explorer0 account.... i did one along time ago and have forgot most of everything i did .... plz help  ty
On Friday, November 18, 2005 7:37:22 AM bobo said:
Greate job! your work deserves lot of credits.

Keep up the good work!!
On Saturday, November 26, 2005 7:13:12 PM nilesh vaknalli said:
this project was perfectly working on a 2000 server machine. But when i migrated this project to a Windows xp machine the project is not working correctly and is giving me the following error whenever i am accessing the database the error is as follows.

Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Microsoft Access Driver] The Microsoft Jet database engine cannot open the file '(unknown)'. It is already opened exclusively by another user, or you need permission to view its data.

/nileshv/connection.asp, line 24

I dont know what is wrong with the permissions i followed all the steps mentioned in the QuickDocID.aspx document then also i have failed to overcome the error please help me with the error.
On Saturday, November 26, 2005 8:26:24 PM Imar Spaanjaars said:
Hi nilesh,

For what account did you change the security settings? Did you use the "Scenario" table at the beginning of this article to determine the right account?

On Tuesday, December 6, 2005 11:53:00 PM Nuno Silva said:
I'm trying to connect a Access DB with a c# WebService with IIS and i cannot make inserts. possibly is a permission error, but even after this article it's not working. Here is the given error:
System.Data.Odbc.OdbcException: ERROR [HY000] [Microsoft][Controlador Microsoft Access de ODBC] A operação tem que utilizar uma consulta actualizável. at System.Data.Odbc.OdbcConnection.HandleError(HandleRef hrHandle, SQL_HANDLE hType, RETCODE retcode) at System.Data.Odbc.OdbcCommand.ExecuteReaderObject(CommandBehavior behavior, String method) at System.Data.Odbc.OdbcCommand.ExecuteNonQuery() at judoWS.createComp()</string>

"the operation as to use an updatable query"

Thank's in advance

On Tuesday, December 6, 2005 11:58:40 PM Imar Spaanjaars said:
Hi Nuno,

Same applies to you as it did to nilesh.

For what account did you change the security settings?

This FAQ will help you to find the right account:


On Monday, January 2, 2006 5:41:47 AM Adrian said:
Hi, thank you for the great article. I follow your steps but still have the same "Operation must use an updateable query" error. But later I found that I also need to add an ASPNET user on the MDB file itself. Here's how:

In properties of the MDB file > Security > Add > Advance > Find Now > Click on ASPNET > OK > OK.

Then an ASP.NET Machine Account will be added. Set the permission to allow Read, Wrtie.

This works for me, hope can be useful for the others.
On Saturday, January 21, 2006 12:47:07 AM itay gofer said:
u r the best man.
saved me long weeks of despair.
On Thursday, February 2, 2006 11:40:59 AM Zonash said:
i m also getting the same error when trying to connect to the access db. it's almost three days now that i m looking for a solution. i've checked all the permissions that were poined out in this article but nothing helped. Plz tell me wht to do now.

Note: i m running Win 2003 server with Access 2000.
On Thursday, February 2, 2006 11:42:38 AM Imar Spaanjaars said:
Hi Zonash,

Are you running ASP or ASP.NET? Where is the database stored and to what account did you give permissions?

Also, did you give permissions on the folder rather than on the .mdb file itself?

On Thursday, February 2, 2006 12:18:25 PM Zonash said:

i m running asp. The db is stored in the same folder where the asp files are residing. I've also tried it by moving the db to a separate folder but no results this time even.

Secondly, i've assigned permissions to IUSR_machine name account.

And, thirdly, yes.... i've checked it by assigning permissions to the folder itself as well as to the .mdb file. But still m getting the same error message. Plz help me out.
On Thursday, February 2, 2006 12:21:57 PM Imar Spaanjaars said:
Are you sure that IUSR_MachineName is the actual account used? Are you not using integrated security with anonymous access disabled?

Otherwise, I don't know how to help you. The way you described things is exactly how it is supposed to be....

On Thursday, February 2, 2006 12:27:58 PM Zonash said:
yes.....i m sure that IUSR_MachineName is the actual account that is being used. But i couldn't get what do u mean by "Are you not using integrated security with anonymous access disabled?" can u plz ellaborte it?

i really don't know wht's wrong with it.....when i run it on another machine running Win XP, everthing works fine. The problem arises when i try to run it on Win 2003.
On Thursday, February 2, 2006 12:35:20 PM Imar Spaanjaars said:
Check out the section "Find Out the Account that IIS Runs Under" bullet 4....

On Friday, February 3, 2006 4:14:05 AM Zonash said:
i just went thru bullet 4 n made sure that IUSR_MachineName is the actual account that is being used. Wht else could be wrong now?
On Friday, February 3, 2006 7:14:53 AM Imar Spaanjaars said:
I am almost out of ideas. If you determined the right account, and set the rght permissions for that account, things should work.

Where is the database located? On a *local* hard drive of the Windows Server? Can you describe what is stored where (web site, database and so on) and explain to what folder you gave the permissions?

On Friday, February 3, 2006 11:19:57 AM Zonash said:
ok let me explain:
All the files are residing on local hard drive of the server.

I have a folder say FolderA. All asp files are residing in it. Then i've sub-folder say DBFolder inside FolderA. DBFolder contains the .mdb file.

I've assigned Modify (i even tried Full Control) to IUSR_MachineName account on DBFolder folder. Same permissions were inherited on .mdb file. I even tried by removing the inherited permissions on the .mdb file and assigning IUSR_MachineName account fresh permissions (Modify n even Full Control even didn't work).

Any clues now.......i m abt to pull my hair's four days now and no results yet :(
On Saturday, February 4, 2006 9:25:18 AM Imar Spaanjaars said:
Try and give the Everyone group full control to the folder and try again. If it works, you know it's a security issue and you can remove the Everyone group again. In that case, it's likely a different account is used, possible because you're logged in autmatically in your browser using Integrated Security.

Otherwise, if granting Everyone the rights doesn't help, I don't know what to do....

On Wednesday, February 15, 2006 5:45:30 PM Victor Leonard said:
Cheers - you're after saving me some amount of time. I was trying to sort it on a new XP machine. I have had it working on a 2K machine for the last year but couldnt get it working...

Much appreciated for the time and effort put into doing up the above!!!
On Friday, March 3, 2006 12:53:56 AM vicky isaac said:
liked the article - it really helped me out.
the only problem was that it wouldn't print properly.
On Friday, March 3, 2006 7:13:43 AM Imar Spaanjaars said:
Hi Vicky,

Whooops, you're right.

I just upgraded my website from ASP.NET 1.1 to 2.0. In the process, I renamed a couple of items in the page. Apparently, I forgot to up date my print style sheet.

Will do so ASAP, and then the page is supposed to print as expected: that is, just the right content part. Thanks for mentioning this.

On Friday, March 3, 2006 8:47:58 AM Imar Spaanjaars said:
Hi Vicky,

The problem is solved now. Please let me know if you still have problems printing the page...

On Friday, April 7, 2006 2:27:37 PM Steve Raper said:
Fantastic! I looked at dozens of articles and figured the issue was something to do with security. I tried setting ASPNE and NETWORK SERVICE privs but that didn't do it. Your article was the only one that completely described all the possible accounts involved especially from the IS side. The screen shots were great. Thanks for posting this article - I really appreciate it.
I added to my Favorites!

On Friday, April 7, 2006 4:20:33 PM Imar Spaanjaars said:
Hi Steve,

Thank you for your kind words....

I hope you added Spaanjaars.Com, not to your favorites list, or you won't be seeing much.... ;-)

On Thursday, May 25, 2006 9:54:30 PM Joe said:
I agree, this is a great explanation, but I still can't get it to work.  
This is what I did: Control, Adm. Tools, IIS, Default Web, right clicked on IISHelp, and checked off read and write.  This was done for the folder in which I'm working in, as well as the database as well.  It still wont work.  Any sugestions?

On Thursday, May 25, 2006 10:00:32 PM Joe said:
I down-loaded the above file, and I get:

Operation must use an updateable query.

What am I doing wrong?

On Friday, May 26, 2006 6:08:53 AM Imar Spaanjaars said:
Hi Joe,

Sounds like you configured the application for the wrong account.

For what user did you change the security settings?

On Friday, May 26, 2006 12:41:21 PM Joe said:

I am the only user.
In IIS - properties = None Checked
Default web site opened.  IISHelp -Properties = read, right, log visit, and index this resource  are checked.
Intetpub is set to Ready only.  Can't change permanetly, always goes back to Read only.   Same with wwwroot and folders inside of wwwroot.
Thks for the help
On Friday, May 26, 2006 9:20:46 PM Imar Spaanjaars said:
It doesn't really matter whether you're the only user or not; there's a fair chance you need to configure a different account than your own: that of the IUSR_MachineName. Check this FAQ:

and then check the folder's Security tab and see if the account you found has the right permissions. What accounts do you see listed there?

And don't worry about the read only check box. I believe that's a Windows bug. I have seen it many times, yet the folder never appears to be read-only. Only when you see a true check mark (not the little square) is the folder read-only.


On Saturday, June 3, 2006 1:50:33 PM Jean said:
Thank you so much for your help. I have been battling this problem for 2 days and wasting alot of time. Taking the time to step through the entire process was what made the difference. Those of us who are not network/secruity guru's do not know how to set on options that have been set off by the initial install. Thank you for including explicit instructions rather than the generic "Check the security settings and make sure access is avaiable" Duh!!!

Thanks again!
On Thursday, June 8, 2006 5:47:37 AM wang said:
Thanks for your helpful and detailed explaination. I am a new hand in ASP .NET. I followed what you said, at beginning the problem seems the same, but when I assigned all the users account with the full control and then the error message disappeared. Now when I update the products information on my website, the program shows the action is done sucessfully but actually the database does not been updated. I don't know why, Can you help me with that?

Many thanks
On Thursday, June 8, 2006 5:25:43 PM Imar Spaanjaars said:
Hi wang,

This sounds like a coding error. Can you post your code at and send me the link to your post?

On Saturday, June 10, 2006 8:53:32 AM wang said:
Hi Imar,
I've already found the problem, by mistake I typted the wrong name for the database. So thanks for your kindly regards.

On Sunday, June 11, 2006 11:23:43 PM Jeffery Chi said:
Thank you so much for posting such useful article:  I had problem with hosting website on win 2003
                          C# + Access Databasse
I followed the instruction on this site: Add the account IUSR_computername  and add read/write permission to this account.

After made this change, I still have prblem of running this site, then I also change the permission on the account IIS_WPG, give it the right to read/write  as well. After all of that, it works ......

Just Wanna Ask You whether the account (IIS_WPG) is also another key account that we need to change to make the machine able to host website.....

Thanks for posing.... It really help......

On Tuesday, June 13, 2006 10:10:09 PM Imar Spaanjaars said:
Is IIS_WPG an account on your machine? AFAIK it's a group.

Check out for more details.

On a clean installation of IIS 6.0, the IIS_WPG group contains the Network Service, Local Service, LocalSystem, and IWAM_ComputerName accounts.

Depending on your situation, granting this group the necessary permissions may work for you, as you indirectly grant the accounts in that group the permissions.


On Monday, June 26, 2006 1:04:58 AM Thiago Menezes said:

Your tutorial is the only one that really explains its title!!! I've seen thousands of others trying to explain the same subject, but they didn't go so far as yours...
On Monday, June 26, 2006 4:37:26 PM Marella VeerapaNaidu said:
Thank you. I got cleared my doubts.
If you dont mind can you please help in attachments. i getting the same error when i am trying to attach any files. i am getting the error like "Access to the path [path]is denied"

Can you please help in this.
On Monday, June 26, 2006 9:33:14 PM Joe said:

When I right click on the Database file, the only views avaialbe are :
General and Summary.  The file icon shows a keylock on it.  How do I get the view you are discussing.  The Access application is from Office XP Pro.


On Saturday, July 1, 2006 6:03:03 PM Imar Spaanjaars said:
Hi Joe,

Did you look under the section "Changing the Security Settings" of this article? First two bullet points describe how to fix this...


On Wednesday, July 5, 2006 1:17:23 AM Chris Sumner said:
You are a god send! This problem was driving me crazy until I stumbled across your tutorial. I think I can sleep at night.

On Tuesday, July 11, 2006 3:35:41 PM Shahab Bokhari ( Digital Magazine Solution said:
This worked for me.

Locate the folder where your database resides in. It's often a good idea to store the database in a special folder outside the Web scope like C:\Databases.
On Friday, November 24, 2006 3:44:41 PM Erling Egholm said:
I had to grant access rights to both IUSR_MACHINENAME and NETWORK SERVICE (IIS6 on Win 2003). Below is a partly error message from ASP.NET 2 ...

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating.
On Friday, November 24, 2006 3:53:14 PM Erling Egholm said:
Sorry - it seems that only NETWORK SERVICE needs write access.
On Friday, November 24, 2006 3:56:15 PM Imar Spaanjaars said:
Hi Erling,

Yes, that's correct. This FAQ was originally written for classic ASP, so it uses accounts like MachineName\IUSR_MachineName. However, below the table that lists the different accounts you'll find a link to this FAQ: that explains the correct user accounts for ASP.NET as well.


On Tuesday, December 5, 2006 6:18:55 AM Reggie said:
hi there,

i've been rummaging the internet for this particular error and have read so many forum articles but obviously to no avail...  you have concisely discussed the problem and its "how-to"s

again, thank you very much for the help you've provided a beginner like me...  appreciate it a lot...
On Monday, January 8, 2007 6:31:31 PM Kamran said:
Hi. I'm getting this error. Any ideas as to whats wrong?

HTTP 500.100 - Internal Server Error - ASP error
Internet Information Services


Technical Information (for support personnel)

Error Type:
Microsoft JET Database Engine (0x80004005)
Could not find file 'C:\Databases\Website.mdb'.
/TheSoccerSite/TestDatabase.asp, line 17

Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

GET /TheSoccerSite/TestDatabase.asp

08 January 2007, 18:28:25

More information:
Microsoft Support
On Monday, January 8, 2007 6:52:56 PM Imar Spaanjaars said:
Hi Kamran,

Is the error message correct? Does C:\Databases\Website.mdb exist or not?

If it does exist, did you set the proper permissions?

On Monday, January 8, 2007 8:05:33 PM Kamran said:
Hi Imar. C:\Databases\Website.mdb certainly does exist and I have given the IUSR account read/write permission for that folder. But the TestDatabase.asp is throwing up that error message when I run it in the browser.
On Monday, January 8, 2007 8:11:46 PM Imar Spaanjaars said:
Hi Kamran,

This may be too obvious, but does the Databases folder exist on the server when you run the actual website? That is, does the site run on the same server where the database resides

What happens when you paste C:\Databases\Website.mdb in a Windows Explorer? Does it try to open the database?

I am asking these questions, because I can't see any other reason for this error message. Maybe you're overlooking something?

On Monday, January 8, 2007 8:27:45 PM Kamran said:
Hi Imar. You may be right. I only installed IIS a few days ago, I've never used it before so it is still all new to me. Are you suggesting I should place the database folder into the Inetpub/wwwroot folder?

Pasting C:\Databases\Website.mdb into a window explorer does open the website, you're right.
Can you suggest what I should do from here? Thanks.
On Monday, January 8, 2007 8:42:24 PM Imar Spaanjaars said:
Hi Kamran,

No, what I was suggesting was that maybe IIS was installed on a different server. So, your desktop may have a Databases folder in C:\, but not the web server.

If both IIS and the Databases folder are on the same server, check the following:

1. Security Settings: try temporarily granting full permissions to the Everyone group

2. See if the folder and / or the database are not marked as read-only, or hidden.

3. Spelling of the database folder and database.

I assume you mean "does open the database" where you said "does open the website", right?

On Monday, January 8, 2007 9:16:17 PM Kamran said:
Hi Imar. Sorry, you assume correctly, when I enter C:\Databases\Website.mdb into a windows explorer it opens the database (not the website!).

You've said "So, your desktop may have a Databases folder in C:\, but not the web server." How would I check to see if both IIS and the Databases folder are on the same server?

And for "Security Settings: try temporarily granting full permissions to the Everyone group", are you referring to the security settings of the Database folder? There is not a Everyone group that I can see, but giving full permission to the users listed does not make a difference.
On Tuesday, January 9, 2007 6:53:27 AM Imar Spaanjaars said:
Hi Kamran,

If you have two physical machines, you have two different servers.... ;-)

There should be an everyone group.

How do you browse to the TestDatabase.asp file? (E.g. what does the address bar of the browser say) Where did you save it? It looks like you put it in the SoccerSite folder? Why?

On Tuesday, January 9, 2007 12:57:47 PM Kamran said:
I only have one machine. :)

I downloaded from the Wrox website the soccersite you developed in the Beginning Dreamweaver MX book. I was having trouble with adding/editing records to the site's database, and that led me to this article. :)
Since I was already experimenting with theSoccerSite when I came across your article, I just created the TestDatabase.asp file in theSoccerSite directory.
So to browse to the file, I put in the address bar http://localhost/TheSoccerSite/TestDatabase.asp
On Tuesday, January 9, 2007 6:03:13 PM Imar Spaanjaars said:
Hi Kamran,

Right, I see. That all makes perfect sense.

In that case, I don't know what to say. If you copied my code example as is, and you have the database with the right name in the right folder and that folder has no odd attributes like hidden and that folder has the right security settings, then I don't know what's going on. It's supposed to work...

Maybe you have software on your machine that blocks access to the folder or database? Encryption or compression or security software maybe?

On Wednesday, January 10, 2007 1:27:11 PM Kamran said:
I'll try to retrace my steps, maybe I've overlooked something very obvious. Thanks for your help all the same, Imar. :)
On Thursday, January 11, 2007 11:06:43 AM Harshal said:
I am developing one application in ASP.Net using VB.Net 2003
In this I have created a mdb file at runtime then created one table into it and inserted some into it. Here is the code -
Dim Catalog
Dim cAdoConnNew As New ADODB.Connection
Dim sConnectString As String, sError As String
Catalog = CreateObject("ADOX.Catalog")
Catalog.Create("Provider=Microsoft.Jet.OLEDB.4.0;" & _
               "Jet OLEDB:Engine Type=" & Format & _
              ";Data Source=" & FileName & "\SLV2.mdb")
hiddenDBPath.Value = Trim(hiddenDBPath.Value) & "\SLV2.mdb"
sConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &   Trim(hiddenDBPath.Value) & ";Persist Security Info=False"
If cAdoConnNew.State <> 1 Then
cAdoConnNew.CursorLocation = ADODB.CursorLocationEnum.adUseClient
End If
If cAdoConnNew.State = 1 Then cAdoConnNew.Close()
Catalog = Nothing
cAdoConnNew = Nothing

This code executes properly and gives no error at any where. But that newly created database file remains open after the application is closed, also code hits cAdoConnNew.Close() properly.
I want to close that mdb file.
So what to do?
On Thursday, January 11, 2007 11:11:06 AM Imar Spaanjaars said:
Hi Harshal,

How is this related to the original topic - Fixing 80004005 errors??

On Thursday, January 11, 2007 4:44:38 PM Kamran said:
Hi Imar.

Just wanted to let you know that I've sorted this problem out. :)

The problem was actually with dreamweaver MX itself, I was unable to make any sort of DSN(less) connections and kept getting a message saying "An unidentified error has occurred". I googled the problem and discovered a few people had similar problems when trying to connect to an Access database using IIS, and some solved the problem by reinstalling dreamweaver.

I had a copy of Dreamweaver 8 lying around so I installed, tried it all out again and it worked with no problems at all!

Thanks for all your help. :)
On Thursday, January 11, 2007 4:53:05 PM Imar Spaanjaars said:
Hi Kamran,

Great! and you're welcome. Glad it's working now.

On Saturday, February 24, 2007 8:07:12 PM John Barnicle said:
Dude - thanks a million for this article.  I had been running into this error repeatedly and unable to solve it.  Turning off the recommend simple file sharing option was the key - enabling the ability to add the IUSR_Machinename to the group / user names.
On Thursday, March 15, 2007 12:55:25 PM tommy low said:
Dear Imar,

I follwed the instructions but now i keep getting this error:

Server Application Unavailable

What could be the problem? The server been started and runnign.
On Thursday, March 15, 2007 1:46:52 PM Imar Spaanjaars said:
Hi tommy,

Hard to tell from such a distance.

May I suggest you post this on a forum like

On Tuesday, April 17, 2007 11:42:47 AM Sigit said:
Great explanation on user account but it did not work in my case. I found elsewhere ( by changing security right on the file (mdb) itself solves the problem. And that's exactly what I did and worked. Thanks anyway for pointing that it's of security/permission issue.
On Tuesday, April 17, 2007 5:46:06 PM Imar Spaanjaars said:
Hi Sigit,

Well it may not work in all cases. When the database is opened, an additional file may be created (a .lck file that keeps track of table locks). If the account can only write to the database, but not to the folder it resides in, you still get an error.

If you make the change to the folder, you have to make sure that the changes are propagated to child objects as well. If the database has different settings than its parent folder it may still not work correctly.


On Sunday, April 22, 2007 2:11:07 PM Kunal Shah said:
heyu dude!! this article rox. i've been scratching my head for solving this error. your detailed explanation really helped me alot .Thanx again!!
keep putting such articles it really helps a lot for beginners like me...
On Friday, May 11, 2007 11:26:34 AM Muhammad Liaquat said:
Error:Could not delete from specified tables.
Query:Delete From Table1 where ID=1
Database:Microsoft Access 2000
         DBPath=request.ServerVariables("APPL_PHYSICAL_PATH") &_
         Set Conn = Server.CreateObject("ADODB.Connection")
         Conn.Mode = 3      '3 = adModeReadWrite
         Conn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;" &_
                  "Data Source=" & DBPath

         '         Conn.BeginTrans
         Conn.Execute StrQuery
         '         Conn.CommitTrans
On Monday, June 4, 2007 11:52:56 AM Mike said:
Hello Imar,
Thanks for this great tutorial. It's certainly what I've been looking for.
I have a question though. I uploaded the pages to a website.
The architecture of the website is as follows, under the domain folder, there's the db folder where all databases should reside. And then there's the wwwroot folder where all the pages go.

I'm getting the "The Microsoft Jet database engine cannot open the file XXX.  It is already opened exclusively by another user, or you need permission to view its data" ERROR.
I have other databases in the same folder and reading from them works fine. I even tried the TestDatabase.asp example successfully.
I can't do most of the steps described above since this is hosted on an ISP.
What do you suggest?

Thanks in advance,

On Monday, June 4, 2007 12:21:42 PM Imar Spaanjaars said:
Hi Mike,

You should talk to your ISP; they have to configure the db folder.


On Sunday, June 24, 2007 11:05:06 AM Knobul said:
You are the BEST !
On Saturday, July 7, 2007 1:27:11 PM Madhava said:
Question: Does the same rules apply to Remote database ?
I am trying to insert a record into remote mdb file using OleDB connection.
I am using ASP.NET & a Remote MS Access 2000. My connection string is:

"Provider=Microsoft.Jet.OLEDB.4.0;" &_
                  "Data Source=\\" & ip & DBPath
where ip contains the IP of the remote machine & DBPath is a remote share that contains the mdb file (Eg: \Database\my.mdb in C Drive)

The connection fails with

"It is already opened exclusively by another user, or you need permission to view its data"

On Thursday, July 26, 2007 10:43:42 PM Caryna said:
Excellent article, very well written. Really helped me out.
Thanks Imar :-)
On Sunday, July 29, 2007 12:11:20 AM Nneka said:
Great Article!!  Tried the first solution and that didn't work so I had to allow ASPNET permissions  for the Access database.  BINGO!!  So excited I got up and did the "programmer happy" dance. :)  Great help text.  Very easy to follow.  I have bookmarked this page, so I'll definitely be back to visit.

Thanks so much!!
On Sunday, July 29, 2007 12:22:36 AM Imar Spaanjaars said:
Hi Nneka,

Doing the "programmer happy dance" is always a good thing. Glad my article got you in the dancing mood..... ;-)


On Tuesday, August 28, 2007 6:47:18 PM Web Guy said:
Please note while this may fix your problem you wouldn't want to do this on a production or publicly available PC. By applying read and write to IUSR you are granting any web IIS visitor access to write and read directly to that file.
On Tuesday, August 28, 2007 7:22:40 PM Imar Spaanjaars said:
Hi Web Guy,

This is absolutely NOT true. It's a common misconception that granting IUSR write permissions opens up your web server to anonynous visitors.

True, the IUSR does have write permissions but that doesn't mean users can upload arbitrarily files or change them. You cannot, I repeat, CANNOT just upload files to the location where the IUSR account has write permissions. In order to do that, you need to have a mechanism for users to upload files. For example, through an <input type="file" /> on your server side page. With these kind of pages, users can indeed upload files to your system, so you should always carefully consider whether it's worth allowing that.

However, in the scenario I am describing here, allowing write access for IUSR to the database folder, you are completely safe. The database is stored outside the web root so users cannot download it. Since there is no way to access the database, or the actual database file other than *by your own code*, users cannot, I repeat CANNOT download, alter or overwrite the database file.

Hope this clarifies some confusion.


On Wednesday, September 19, 2007 9:29:22 PM Lio Chun Mun said:
Thank you very much!!
On Saturday, January 26, 2008 8:40:49 PM Sar said:
Hi Imar many thanks for this fantastic comments it solved part of my problem , your code worked fine in on my system...

God Bless you

Thanks to Karman , i have re-installed the Dreamweaver 8 one more time and it works perfectly

On Wednesday, April 23, 2008 9:55:59 PM Stevan said:
Great article
Thank yuo !!!!!!!!
On Tuesday, May 27, 2008 5:24:25 PM Tong said:
This article helps me to finish my project..   Thanks much
On Friday, June 27, 2008 1:04:58 PM Arthur said:
I try to follow the steps on Windows Vista, but everything is different. I am running ISS 7.0. Can I try this steps on Vista and ISS7.0?
On Sunday, June 29, 2008 8:51:24 AM Imar Spaanjaars said:
Hi Arthur,

Yes, the same principles apply. However, your screens will look slightly different on Vista, and if you have UAC turned on, you may need to click Add and Edit a few more times.

On Thursday, July 10, 2008 7:52:24 PM Cordell Cameron said:
QUICKDOC=263. Thank you for spelling things out so clearly. Your explanations are comprehensive, which is rare to find. I couldn't update my database until I added the Security Tab and changed the permissions there. Moreover, I learned a little more about the connection between functions in the IIS management console that I haven't found elsewhere. Great writing!

Here's a simple question--why does my IUSR_MachineName contain an old machinename when my current Computer Name is different? (example: NewMachineName\IUSR_OldMachineName). Why don't they match? It took me a while to remember what "IUSR_OldMachineName" was when looking through the existing users because I knew the machinename was something else. Can I safely change it?
On Thursday, July 10, 2008 9:02:51 PM Imar Spaanjaars said:
Hi Cordell,

When the IUSR account is created, it's named after the machine. However, the account is not aware of the machine name and vice versa, so when you rename the machine, the account name is not updated. I guess that's why the account is now simply called IUSR on Vista....

I wouldn't rename the acount just like that; it's being used in several places. Depending on your installation, you may have a couple of .vbs files under your inetpub folder that allow you to rename the account. Not completely sure; it's been a while since I used them....


On Wednesday, September 24, 2008 3:58:10 PM Julia said:
I have done everything you have listed and still get this error.  I had to change the name of my computer (work IT did this) and must be missing somewhere the new name but I cannot find where.  Is this something I can find or do I need to format the hard drive and start over with the setup.  I even removed IIS and re-installed it....

Any help would be greatly appreciated.

On Wednesday, September 24, 2008 9:32:38 PM Imar Spaanjaars said:
Hi Julia,

It depends. Even if the name of the machine is changed, you can still configure the OldName_IUSR acocunt.

However, it's almost impossible to recommend something as I don't know exactly what you're doing (e.g. whether your're using ASP versus ASP.NET, what folder / files you are configuring).

Usually, a reformat sounds like overkill to me, so I'd suggest you try a few things more before giving up.


On Thursday, September 25, 2008 1:25:56 PM Julia said:
I am configuring my system as follows:
c:inetpub folder with subfolders of 'wwwroot' and then all asp files (that part is fine) but the 'db' subfolder that holds all my access databases is what I'm not getting permission to read to.  I've checked the folder permissions and the actual .mdb files themselves.  What else can I tell you in order to help me troubleshoot?  

I can look at my .asp files (index and so forth) but anytime I want to access my data tables that is when I get this error.  

On Thursday, September 25, 2008 9:41:02 PM Imar Spaanjaars said:
Hi Julia,

>>What else can I tell you in order to help me troubleshoot?

Not much, I am afraid. That's pretty much what you should have done.

Have you tried to temporarily assign Full Control to the "Everyone" account?

On Tuesday, December 2, 2008 12:20:51 PM xavier said:
very good useful article

dear sir

my case is like mr. madhav's
through php connecting a remote MS Access datbase replied with the same error 'need permissions to view data'
On Tuesday, December 2, 2008 1:07:36 PM Imar Spaanjaars said:
Hi xavier,

Depends on what define by remote.

If the database is on the same network, accessible like \\ServerName\ShareName\DatabaseName.mdb, it should work, provided you have an account on the web server that is allowed to access the share and database file.


On Tuesday, December 2, 2008 3:22:51 PM Ray said:
Great article!
You saved my day!
Thank you.
On Friday, July 17, 2009 8:35:15 AM Mike said:

This has always beaten me and I have got someone else to fix permissions for a database.

On Thursday, July 30, 2009 4:51:36 PM Madhuri said:
You are the savior! Thank you so much
On Thursday, August 18, 2011 8:10:26 PM Syed Nisar said:
Hi Imar

cannot find the security tab on the properties dialog after a right click on the folder ...
On Thursday, August 18, 2011 8:41:48 PM Syed Nisar said:
Thanks Imar...the issue is fixed now ..This problem was driving me crazy until I stumbled across this article...
On Friday, August 19, 2011 8:10:28 AM Imar Spaanjaars said:
Maybe this helps?

On Saturday, August 20, 2011 10:22:37 AM Syed Nisar said:
Thanks Imar for uick works
On Monday, December 12, 2011 10:56:03 AM hans said:
What if the application contents are placed on network share or DFS ? Then how can we add IUSR account ?
On Monday, December 12, 2011 11:35:09 AM Imar Spaanjaars said:
Hi hans,

The IUSR account is a local account, so you can't use it directly. There are a few solutions such as a domain account that has access to both machines or synchronized accounts where both machines share the same local account with an identical password. You'll find more information here:


On Monday, March 5, 2012 7:14:51 AM Makhotso Letele said:
This is soooooooo brilliant, thank you a million times!!! I was just about ready to pull my hairs out not knowing how to solve this error!! You are an absolute star.
On Friday, December 21, 2012 1:12:00 AM Amador said:
Thanks for addressing this problem, I face this error sometimes!!! I gave IIS account read/write/modify on database folder & windows/temp folder and using IIS7 I disabled anonymous and impersonate and allowed windows authenticated. Everything works fine, however, sometimes I get error the OleDbException (0x80004005): Unspecified error. To fix it, I go to IIS and disable then enable windows authentication option and the problem is solved. I use the application at work network and in a day I fix this problem three to five times! I hope you can help me on this one.
On Friday, December 21, 2012 1:46:42 PM Imar Spaanjaars said:
Hi Amador,

Sounds like another permissions issue to me where the changes you make are lost when the Application Pool recycles. It is, however, hard for me to say what the problem is. I would suggest you add some logging code (using NLog for example) to figure out when the code breaks, where, and in which user context.


On Friday, December 21, 2012 3:38:19 PM Amador said:
Thanks Imar for your feedback, just a quick thing to add to my previous post, when the problem occurs and I don't do anything for ten to twenty minutes the problem goes by itself and the application works fine. I'll get more detail from the server logs soon. Thanks again.
On Wednesday, August 27, 2014 7:34:16 AM nicholas said:
Hey i am also facing the same issue but i resolved the issue with the help of this link
On Tuesday, September 8, 2015 11:37:48 AM Kyl Federer said:
While working on the ms access database you might get an 80004005 error when you try to insert data or update data in your access database. I had faced this problem this problem and I had fixed this error by using MS Access repair Tool. By using this software I was able to fix this error. More importantly it is very user friendly.
For more information:

Talk Back! Comment on Imar.Spaanjaars.Com

I am interested in what you have to say about this article. Feel free to post any comments, remarks or questions you may have about this article. The Talk Back feature is not meant for technical questions that are not directly related to this article. So, a post like "Hey, can you tell me how I can upload files to a MySQL database in PHP?" is likely to be removed. Also spam and unrealistic job offers will be deleted immediately.

When you post a comment, you have to provide your name and the comment. Your e-mail address is optional and you only need to provide it if you want me to contact you. It will not be displayed along with your comment. I got sick and tired of the comment spam I was receiving, so I have protected this page with a simple calculation exercise. This means that if you want to leave a comment, you'll need to complete the calculation before you hit the Post Comment button.

If you want to object to a comment made by another visitor, be sure to contact me and I'll look into it ASAP. Don't forget to mention the page link, or the QuickDocId of the document.

For more information about the Talk Back feature, check out this news item.