Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Delete Windows user created by IIS ApplicationPoolIdentity?

I was having problems booting into my user profile in Windows 10 and was able to fix this by setting RefCount to 0 for my user profile in this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-xxx

I have several ASP.NET MVC and ASP.NET Core websites hosted in IIS (version 10 and not IIS Express) and I realized in C:\Users these websites have associated Windows users created for them.

Correct me if I'm wrong I believe these "Windows users" were created by the ApplicationPoolIdentity when each website was created.

The problem is that these "Windows users" also have the registry RefCount set to 0 so I think that's why I wasn't able to boot into my profile.

Now I want to delete these "Windows users" but when I delete the website and application pool in inetmgr these "Windows users" still exist in C:\Users.

The question is how can I delete them the proper way?

Thanks in advance.

like image 309
superfly71 Avatar asked Feb 15 '17 06:02

superfly71


People also ask

What user is ApplicationPoolIdentity?

An application pool identity allows you to run an application pool under a unique account without having to create and manage domain or local accounts. The name of the application pool account corresponds to the name of the application pool.

What is Iusr account used for?

What is IUSR in IIS? By default, a new site in IIS utilizes the IUSR account for accessing files. This account is a built-in shared account typically used by IIS to access file content. This means that it will use the application pool's identity (user) to access file content.


1 Answers

You are correct, starting from IIS 7, it creates new profile for each application pool, this can be disabled in "Advanced settings" / "Load User Profile".

The easiest and safest way to delete unused user profiles with their folder on drive with helps Microsoft control panel "User profiles":

  • Right click on "Computer", and select "Properties", then click on "Advanced system settings" (alternative way - just run "sysdm.cpl").
  • Go to tab "Advanced" and click button "Setting" in "User profiles" group.
  • Unused profiles that created by IIS pool will have name "Account Unknown", select it and click "Delete" button.

User profiles window

Profiles, which have references, cannot be deleted, them will have disabled "Delete" button.
Some reasons why profile is locked:

  • IIS application pool, which uses this profile, still exists.
  • SQL Server has "Logins" related to this profile (SQL management studio / Security / Logins).

After remove all references to profile need to reboot machine.

like image 139
Pavel K. Avatar answered Oct 21 '22 08:10

Pavel K.