November 26, 2014
Setting up an IIS6 Application Pool Identity
Setting up an IIS6 Application Pool Identity
Often times it’s necessary to run an ASP.NET application under a different user account than Network Service. Usually this is the case when Network Service doesn’t have enough rights to access necessary application resources like a database or a file share on a different server.
Here’s how to configure a different account (local account or domain account) so it has sufficient permissions to run an IIS6 Application Pool for ASP.NET applications:
- Add the account to the local IIS_WPG security group.
- Open the Group Policy Editor for the local computer (gpedit.msc)
- Drill down to: Local Computer Policy/Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignments
- Add the new identity account to the following polices:
– Adjust memory quotas for a process
– Logon as a service
– Replace a process level token - If your web application is going to host any web services, you need to also give your account Delete access to the C:\WINDOWS\Temp directory. Note: this is done via the Advanced dialog in the Security page of the Explorer folder properties dialog box.
Reference:http://beyondthispoint.blogspot.ca/
Microsoft Windows 2012 Server Microsoft Certified Solutions Associate (MCSA) and Microsoft Certified Solutions Expert (MCSE) certification exams completed successfully.
Domain User Local User SID Convert
Lync User Disable Script with Scheduled Task
About Author
