We have recently upgraded to IIS7 as a core web server and I need an overview in terms of the permissions. Previously, when needing to write to the file system I would have give the AppPool user (Network Service) access to the directory or file. In IIS7 I see, as default, the AppPool user is set to <code>ApplicationPoolIdentity</code>. So when I check the task-manager, I see that a user account called 'WebSite.com' is running the IIS Process ('Website.com' being the name of the website in IIS) However this user account doesn't exist if I try to use that to give permissions. So, how do I determine which user to give the permissions too? Edit ============================================================================== See below for the problem in screen shot. Our website (www.silverchip.co.uk) runs on the username SilverChip.co.uk. However when I add pemissions, this user doenst exist! <img src="https://i.stack.imgur.com/K89uH.png" alt="enter image description here"> =================================See AppPool Image <img src="https://i.stack.imgur.com/70AHp.png" alt="enter image description here">

ApplicationPoolIdentity is actually the best practice to use in IIS7+. It is a dynamically created, unprivileged account. To add file system security for a particular application pool see IIS.net's "Application Pool Identities". The quick version: If the application pool is named "DefaultAppPool" (just replace this text below if it is named differently) <ol> <li>Open Windows Explorer</li> <li>Select a file or directory.</li> <li>Right click the file and select "Properties"</li> <li>Select the "Security" tab</li> <li>Click the "Edit" and then "Add" button</li> <li>Click the "Locations" button and make sure you select the local machine. (Not the Windows domain if the server belongs to one.)</li> <li>Enter "IIS AppPool\DefaultAppPool" in the "Enter the object names to select:" text box. (Don't forget to change "DefaultAppPool" here to whatever you named your application pool.)</li> <li>Click the "Check Names" button and click "OK". </li> </ol>

Remember to use the server's local name, not the domain name, when resolving the name <pre class="prettyprint"><code>IIS AppPool\DefaultAppPool </code></pre> (just a reminder because this tripped me up for a bit):<img src="https://i.stack.imgur.com/eTsyl.png" alt="enter image description here">

IIS7 Permissions Overview - ApplicationPoolIdentity

Tags:

permissions

iis-7

We have recently upgraded to IIS7 as a core web server and I need an overview in terms of the permissions. Previously, when needing to write to the file system I would have give the AppPool user (Network Service) access to the directory or file.

In IIS7 I see, as default, the AppPool user is set to ApplicationPoolIdentity. So when I check the task-manager, I see that a user account called 'WebSite.com' is running the IIS Process ('Website.com' being the name of the website in IIS)

However this user account doesn't exist if I try to use that to give permissions. So, how do I determine which user to give the permissions too?

Edit ==============================================================================

See below for the problem in screen shot. Our website (www.silverchip.co.uk) runs on the username SilverChip.co.uk. However when I add pemissions, this user doenst exist!

enter image description here

=================================See AppPool Image

enter image description here

532

asked Sep 07 '11 12:09

LiamB

2 Answers

ApplicationPoolIdentity is actually the best practice to use in IIS7+. It is a dynamically created, unprivileged account. To add file system security for a particular application pool see IIS.net's "Application Pool Identities". The quick version:

If the application pool is named "DefaultAppPool" (just replace this text below if it is named differently)

Open Windows Explorer
Select a file or directory.
Right click the file and select "Properties"
Select the "Security" tab
Click the "Edit" and then "Add" button
Click the "Locations" button and make sure you select the local machine. (Not the Windows domain if the server belongs to one.)
Enter "IIS AppPool\DefaultAppPool" in the "Enter the object names to select:" text box. (Don't forget to change "DefaultAppPool" here to whatever you named your application pool.)
Click the "Check Names" button and click "OK".

answered Oct 23 '22 13:10

Jon Adams

Remember to use the server's local name, not the domain name, when resolving the name

IIS AppPool\DefaultAppPool

(just a reminder because this tripped me up for a bit): enter image description here

answered Oct 23 '22 13:10

James Toomey

Related questions
                            
                                Is Enabling Double Escaping Dangerous?
                            
                                IIS7: HTTP->HTTPS Cleanly
                            
                                How to configure static content cache per folder and extension in IIS7?
                            
                                How to disable the application pool idle time-out in IIS7?
                            
                                Turn off Visual Studio Attach security warning when debugging IIS
                            
                                How to increase request timeout in IIS?
                            
                                Avoid web.config inheritance in child web application using inheritInChildApplications
                            
                                IIS does not list a website that matches the launch url
                            
                                WebApi's {"message":"an error has occurred"} on IIS7, not in IIS Express
                            
                                HTTP Error 503. The service is unavailable. App pool stops on accessing website
                            
                                System.Security.SecurityException when writing to Event Log
                            
                                Asp.net 4.0 has not been registered
                            
                                Difference between <system.web> and <system.webServer>?
                            
                                IIS7 deployment - duplicate 'system.web.extensions/scripting/scriptResourceHandler' section
                            
                                How do I resolve "HTTP Error 500.19 - Internal Server Error" on IIS7.0 [closed]
                            
                                Enable IIS7 gzip
                            
                                Add IIS 7 AppPool Identities as SQL Server Logons
                            
                                Dots in URL causes 404 with ASP.NET mvc and IIS
                            
                                Using Custom Domains With IIS Express
                            
                                IIS: Where can I find the IIS logs?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With