Giving write permissions to all IIS_USRS group is a bad idea from a security standpoint, and is not necessary. Instead, provide permissions only to system users running the application pool.

If you are using II7, follow these steps:

1.    Open IIS7.

2.    Select the website to modify permissions.

3.    Go to Basic Settings and see which application pool is in use.

4.    Go to application pools and find application pool from #3.

5.    Find system account used for running this application pool (Identity column).

6.    Navigate to your storage folder in IIS, select it and click on "Edit Permissions" (under the Actions sub menu on the right).

7.    Open security tab and add needed permissions only for user you identified in #3.

Note #1: if you see "ApplicationPoolIdentity" in #3, you need to reference this system user like the following: IIS AppPool{application_pool_name}. For example, IIS AppPool"DefaultAppPool

Note #2: when adding this user, make sure to set correct locations in the Select Users or Groups dialog. This needs to be set to a local machine, because this is a local account.
 
The below instructions resolve this issue when trying to download the new ini file:
 

  
 
It will also resolve a similar issue when trying to upload files for import. 

In case there are updates to the answer, here is the link to the original answer: 

In some cases, users may not be able to load the app pool name as indicated. If that is the case, they should add write permissions to the IIS_IUSRS to the APP_DATA folder.