Web Deploy operations may fail with a read access denied error on the System Volume Information
directory, even when executed as an administrator. This directory is a protected system folder in Windows, and its restricted permissions can block deployment processes that scan or interact with all directories on a drive. Resolving this issue allows Web Deploy to complete site or application transfers without interruption.
Grant Temporary Access via Command Prompt
Step 1: Open a Command Prompt window with administrative rights. To do this, search for cmd
in the Start menu, right-click the result, and select Run as administrator
. This ensures you have the necessary privileges to modify system folder permissions.

Step 2: Use the icacls
command to grant your user account or the SYSTEM
account read access to the System Volume Information
directory. Replace USERNAME
with your actual Windows username:
icacls "C:\System Volume Information" /grant USERNAME:R

This command grants read (R
) permissions. If Web Deploy runs under a specific service account, substitute that account name instead. After the operation, consider removing this permission to maintain system security.
Step 3: Re-run your Web Deploy operation. The permission change should allow the process to access the directory and proceed without errors.
Step 4: After deployment, revoke the granted permission to restore the original security posture. Use the following command:
icacls "C:\System Volume Information" /remove USERNAME

This step is important because the System Volume Information
directory stores sensitive system data, such as restore points and indexing information. Keeping permissions restricted helps protect your system from accidental modification or exposure.
Exclude the Directory from Web Deploy Operations
Step 1: Adjust your Web Deploy configuration to skip the System Volume Information
directory. If you are using the command line, add an exclusion rule to your deployment command. For example:
-skip:Directory="System Volume Information"
This instructs Web Deploy to ignore the directory, preventing permission errors during the operation. Consult the official Web Deploy documentation for advanced skip syntax if your deployment scenario is more complex.
Step 2: If using a graphical tool or deployment script, look for options to exclude specific folders. Add System Volume Information
to the exclusion list. This method avoids changing permissions on a sensitive system folder.
Run Web Deploy as SYSTEM Account
Step 1: The SYSTEM
account has default access to the System Volume Information
directory. Use a tool like PsExec to launch your deployment process under the SYSTEM context. Download PsExec from Microsoft Sysinternals if you don't already have it.
Step 2: Open an elevated Command Prompt and run:
psexec -i -s cmd.exe

This opens a new command prompt as the SYSTEM account. From this prompt, execute your Web Deploy command. This approach bypasses permission issues but should be used with caution, as SYSTEM-level operations can impact the entire machine.
Resolving read access denied errors on the System Volume Information directory streamlines your Web Deploy workflow and prevents deployment interruptions. Always revert temporary permission changes to maintain system security.
Member discussion