Thursday, 24 December 2009

Windows 7 and Application Pool Identity Accounts

Creating a new Application Pool in IIS creates a new security identifier (SID), which is a virtal account. The new identity takes the same name as the AppPool, so a new AppPool with the name 'NewAppPool' creates a new security identifier with the name 'NewAppPool'. You can now use this virtual account so secure your files and folders. However, because the identity is a virtual account it will not show up as a user in the Windows User Management Console.

To use the identity to secure your folder, you need to do the following

  1. Open Windows Explorer

  2. Select the file or directory.

  3. Right click the file and select "Properties"

  4. Select the "Security" tab

  5. Click the "Edit" and then "Add" button

  6. Click the "Locations" button and make sure you select your machine.

  7. Enter "IIS AppPool\NewAppPool" in the "Enter the object names to select:" text box.

  8. Click the "Check Names" button and click "OK".
You can now configure the permissions for the "NewAppPool" identity.

A better article on this from learn.iis.net

No comments: