Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

IIS7 Permissions Overview - ApplicationPoolIdentity

Tags:

permissions

iis-7

We have recently upgraded to IIS7 as a core web server and I need an overview in terms of the permissions. Previously, when needing to write to the file system I would have give the AppPool user (Network Service) access to the directory or file.

In IIS7 I see, as default, the AppPool user is set to ApplicationPoolIdentity. So when I check the task-manager, I see that a user account called 'WebSite.com' is running the IIS Process ('Website.com' being the name of the website in IIS)

However this user account doesn't exist if I try to use that to give permissions. So, how do I determine which user to give the permissions too?

Edit ==============================================================================

See below for the problem in screen shot. Our website (www.silverchip.co.uk) runs on the username SilverChip.co.uk. However when I add pemissions, this user doenst exist!

enter image description here

=================================See AppPool Image

enter image description here

like image 532
LiamB Avatar asked Sep 07 '11 12:09

LiamB

People also ask

What's default permissions for IIS_IUSRS?

Applying Modify/Write Permissions to the Correct User Account. Under the Security tab, you will see MACHINE_NAME\IIS_IUSRS is listed. This means that IIS automatically has read-only permission on the directory (e.g. to run ASP.Net in the site). You do not need to edit this entry.

What is ApplicationPoolIdentity account?

ApplicationPoolIdentity: When a new application pool is created, IIS creates a virtual account that has the name of the new application pool and that runs the application pool worker process under this account. This is also a least-privileged account.

2 Answers

ApplicationPoolIdentity is actually the best practice to use in IIS7+. It is a dynamically created, unprivileged account. To add file system security for a particular application pool see IIS.net's "Application Pool Identities". The quick version:

If the application pool is named "DefaultAppPool" (just replace this text below if it is named differently)

  1. Open Windows Explorer
  2. Select a file or directory.
  3. Right click the file and select "Properties"
  4. Select the "Security" tab
  5. Click the "Edit" and then "Add" button
  6. Click the "Locations" button and make sure you select the local machine. (Not the Windows domain if the server belongs to one.)
  7. Enter "IIS AppPool\DefaultAppPool" in the "Enter the object names to select:" text box. (Don't forget to change "DefaultAppPool" here to whatever you named your application pool.)
  8. Click the "Check Names" button and click "OK".
like image 77
Jon Adams Avatar answered Oct 23 '22 13:10

Jon Adams

Remember to use the server's local name, not the domain name, when resolving the name 

IIS AppPool\DefaultAppPool

(just a reminder because this tripped me up for a bit):enter image description here

like image 45
James Toomey Avatar answered Oct 23 '22 13:10

James Toomey
Sign in to Comment

Related questions

Is Enabling Double Escaping Dangerous?
IIS7: HTTP->HTTPS Cleanly
How to configure static content cache per folder and extension in IIS7?
How to disable the application pool idle time-out in IIS7?
Turn off Visual Studio Attach security warning when debugging IIS
How to increase request timeout in IIS?
Avoid web.config inheritance in child web application using inheritInChildApplications
IIS does not list a website that matches the launch url
WebApi's {"message":"an error has occurred"} on IIS7, not in IIS Express
HTTP Error 503. The service is unavailable. App pool stops on accessing website
System.Security.SecurityException when writing to Event Log
Asp.net 4.0 has not been registered
Difference between <system.web> and <system.webServer>?
IIS7 deployment - duplicate 'system.web.extensions/scripting/scriptResourceHandler' section
How do I resolve "HTTP Error 500.19 - Internal Server Error" on IIS7.0 [closed]
Enable IIS7 gzip
Add IIS 7 AppPool Identities as SQL Server Logons
Dots in URL causes 404 with ASP.NET mvc and IIS
Using Custom Domains With IIS Express
IIS: Where can I find the IIS logs?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!