Menu
I have a site in IIS7 that runs under ApplicationPoolIdentity.
Is it possible to give the ApplicationPoolIdentity access to network files?
I know that I can give access to local files by giving rights to the user: iisapppool\{apppoolname} but is there a way to give this ID access to files on the network?
505
Go to IIS Manager > Application Pools > Your domain's specific Application Pool > Advanced Settings. In Identity: click to change > Custom Account > Set > Enter User credentials from step 2, click OK and exit all.
By default, IIS (inetinfo.exe) is configured to run in the System account context, but you can use the Services console to change the identity of various services so that they run in a user account rather than the System account.
ApplicationPoolIdentity is a LOCAL user (generated by IIS, its identity is not known until runtime) thus any attempt to access anything on the network would result in it using the COMPUTER$ account.
Using ActiveDirectory you should then be able to grant the COMPUTER$ account access to the files you want.
Alternatively, using ActiveDirectory you could create a Domain User account, configure the application pool identity to use that domain user, and grant that user access to the network files.
Read more here about Application Pool Identities.
180
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
