Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What user account does IIS 8.5 use when the app pool is using 'ApplicationPoolIdentity'?

I am working with a new Windows 2012 R2 server, running IIS 8.5. I have PHP and a Joomla site installed in the default wwwroot folder for testing purposes (C:\inetpub\wwwroot).

Right now, the default web site is using the 'Default Web Site' application pool which in turn is using the 'ApplicationPoolIdentity' identity.

The Joomla site loads without issue, but problems start appearing when it needs to write to the file system (i.e. new modules, changes to the configuration file, etc.). The logs indicate that the system does not have permission to write to the file system.

I have applied various different combinations of write / modify / full permissions for different user accounts including the 'IIS AppPool\Default Web Site' , 'IUSR', and 'IIS_IUSRS' group. None of these correct the issue. However, if I have assign full access to the wwwroot folder to 'Everyone', all of the functionality works as expected.

Now, obviously that is less than ideal, so what user account is IIS / PHP using in this case that I can grant specific NTFS permissions to rather than opening the file system up to the world?

Thanks!

like image 275
Jeff Avatar asked Apr 10 '14 14:04

Jeff


People also ask

What is applicationpoolidentity under IIS 7+?

The ApplicationPoolIdentity under IIS 7+ is a local machine account named the same name as the application pool itself and resides under a special domain called IIS AppPool. For example given the application pool name MyAppPool your application pool identity user would be IIS AppPool\MyAppPool.

What is application pool identity in Windows Server?

This feature was introduced in Service Pack 2 (SP2) of Windows Server 2008 and Windows Vista. An application pool identity allows you to run an application pool under a unique account without having to create and manage domain or local accounts. The name of the application pool account corresponds to the name of the application pool.

Do IIS application pools have user profiles?

Only the standard application pools (DefaultAppPool and Classic .NET AppPool) have user profiles on disk. No user profile is created if the Administrator creates a new application pool. However, if you want, you can configure IIS application pools to load the user profile by setting the LoadUserProfile attribute to "true".

How to configure application pool recycling in IIS?

Expand the server and the “Application Pools” Group. Right-click the Application Pool you wish to configure and select “Properties”. In the first tab you will find the recycling settings. Go to Start -> Administrative Tools -> Internet Information Services (IIS) Manager. Expand the server and click on “Application Pools”.


1 Answers

When adding the name, be sure to select your local server's name, not the domain name. I couldn't figure out why the name wasn't resolving and this was why: enter image description here

like image 153
James Toomey Avatar answered Sep 21 '22 00:09

James Toomey