I can't figure this IIS_IUSRS group. As far as the asp.net worker process in IIS 7.5 don't you have to give that group write permission to whatever (web.config, etc.)?
Or is IIS_IUSRS the group that runs an app pool by default and I simply need to add some user to that group?
I'm trying to get rid of a permission issue over UNC path where IIS can't read the web.config and tried to add IIS_IUSRS to the security tab of the web.config file but it has no idea what IIS_IUSRS is...when I try to search for users to add to the security list on that file in windows explorer in Win 7.
The IIS_IUSRS group should have permissions to Read, Read&Execute, and List folder contents to the following locations: C:\inetpub\wwwroot\ares. This is typically covered by the fact that c:\inetpub\wwwroot includes these permissions for IIS_IUSRS by default. C:\ares\webplatform\ folder.
I figured a solution for this, just go to app pool and right click for edit permissions, in sharing options just type IIS_IUSRS and select your machine name and it automatically creates a group.
IIS_IUSRS
is analogous to the old IIS6 IIS_WPG
group. It's a built-in group with it's security configured such that any member of this group can act as an application pool identity.
For more information see:
Understanding Built-In User and Group Accounts in IIS 7
Yes it is the pool accounts' group and yes, you are supposed to ACL IIS_IUSRS. But not write access, for your application code and web.config, you only need to assign it read access.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With