it:ad:iis:howto:provide_file_access_to_applicationpoolidentity

IT:AD:Infrastructure:IIS:HowTo:Provide File Access To ApplicationPoolIdentity

Summary

  • ApplicationPoolIdentity is a default Identity given to AppPools created in IIS7+
  • It is a pseudo identity that you won't find in the local usrs of the computer.

Process

As it is a Psuedo identity, you can't exactly select the folder and assign rights to the identity.

In WS2008, Use the command line tools to grant access to specific folders. 

icacls c:\inetpub\wwwroot /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)(RX)

In WS2008 R2, you can also use the folder rights, you can add the user through the NTFS GUI by typing it in directly. The name is in the format of “IIS APPPOOL\{app pool name}”. For example: “IIS APPPOOL\DefaultAppPool” or “IIS APPPOOL\MyAppPool”.

Tip:If you can't add the new user...just check your source (that you are refering to the local computer accounts rather than to the default enterprise AD where the AppPool identity doesn't exist...)

## Resources ##

  • /home/skysigal/public_html/data/pages/it/ad/iis/howto/provide_file_access_to_applicationpoolidentity.txt
  • Last modified: 2023/11/04 01:45
  • by 127.0.0.1