Menu
I am working with a new Windows 2012 R2 server, running IIS 8.5. I have PHP and a Joomla site installed in the default wwwroot folder for testing purposes (C:\inetpub\wwwroot).
Right now, the default web site is using the 'Default Web Site' application pool which in turn is using the 'ApplicationPoolIdentity' identity.
The Joomla site loads without issue, but problems start appearing when it needs to write to the file system (i.e. new modules, changes to the configuration file, etc.). The logs indicate that the system does not have permission to write to the file system.
I have applied various different combinations of write / modify / full permissions for different user accounts including the 'IIS AppPool\Default Web Site' , 'IUSR', and 'IIS_IUSRS' group. None of these correct the issue. However, if I have assign full access to the wwwroot folder to 'Everyone', all of the functionality works as expected.
Now, obviously that is less than ideal, so what user account is IIS / PHP using in this case that I can grant specific NTFS permissions to rather than opening the file system up to the world?
Thanks!
275
The ApplicationPoolIdentity under IIS 7+ is a local machine account named the same name as the application pool itself and resides under a special domain called IIS AppPool. For example given the application pool name MyAppPool your application pool identity user would be IIS AppPool\MyAppPool.
This feature was introduced in Service Pack 2 (SP2) of Windows Server 2008 and Windows Vista. An application pool identity allows you to run an application pool under a unique account without having to create and manage domain or local accounts. The name of the application pool account corresponds to the name of the application pool.
Only the standard application pools (DefaultAppPool and Classic .NET AppPool) have user profiles on disk. No user profile is created if the Administrator creates a new application pool. However, if you want, you can configure IIS application pools to load the user profile by setting the LoadUserProfile attribute to "true".
Expand the server and the “Application Pools” Group. Right-click the Application Pool you wish to configure and select “Properties”. In the first tab you will find the recycling settings. Go to Start -> Administrative Tools -> Internet Information Services (IIS) Manager. Expand the server and click on “Application Pools”.
When adding the name, be sure to select your local server's name, not the domain name. I couldn't figure out why the name wasn't resolving and this was why:
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
