Menu
Enable IIS option "loadUserProfile:true" for dedicated application pools. In Windows Server IIS, it is recommended to set loadUserProfile:true for dedicated application pools. Doing so guarantees better application isolation and security for web applications created with ASP.NET, . NET Core or PHP.
Application pools can contain one or more worker processes. Each worker process represents work being done for a Web site, Web application, or Web service. You can create a Web garden by enabling multiple worker processes to run in a single application pool. In IIS 7 and later, each application pool uses one of two .
This issue occurs when the IIS application pool Identity Parameter is not set to NetworkService. To resolve this issue, change the Identity parameter to NetworkService in the IIS Manager for Windows Server: Select the Advanced Settings for the DefaultAppPool.
I mean if it's a "good" thing then why it is not "on" by default and why is it there after all?
IIS 6 never loaded user profiles. I would assume this is off by default to keep the behavior consistent, and an administrator has to opt-in to it.
I tried to enable LoadUserProfile for the application pool and it works now.
This is most likely because the Windows Cryptographic Service Provider was trying to store or load a key for your certificate in the user store, and since a profile was not available, a cryptographic context was not available. Note that the Load User Profile setting only applies to user accounts. Service Accounts like NETWORK SERVICE and ApplicationPoolIdentity have special handling.
What exactly happens when I set LoadUserProfile in IIS pool
Well, the user profile is loaded. This includes their cryptographic store, environment variables such as %TEMP%, and other ones.
What it eventually boils down to is LoadUserProfile is called by IIS when the AppPool starts.
what negative consequences can it have?
It may break backwards compatibility with an app that ran on IIS 6, which didn't load the user profile. The environment variables are loaded. For example, when Load User Profile is true, the %TEMP% environment variable is C:\Users\AccountName\AppData\Local\Temp (for example). When false, it's C:\WINDOWS\Temp.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With