Update: The original question was for Windows Server 2008, but the solution is easier for Windows Server 2008 R2 and Windows Server 2012 (and Windows 7 and 8). You can add the user through the NTFS UI by typing it in directly. The name is in the format of IIS APPPOOL\{app pool name}. For example: IIS APPPOOL\DefaultAppPool.
IIS APPPOOL\{app pool name}
Note: Per comments below, there are two things to be aware of:
- Enter the string directly into the "Select User or Group" and not in the search field.
- In a domain environment you need to set the Location to your local computer first.
Reference to Microsoft Docs article: Application Pool Identities > Securing Resources
Original response: (for Windows Server 2008) This is a great feature, but as you mentioned it's not fully implemented yet. You can add the app pool identity from the command prompt with something like icacls, then you can manage it from the GUI. For example, run something like this from the command prompt:
icacls c:\inetpub\wwwroot /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)(RX)
Then, in Windows Explorer, go to the wwwroot folder and edit the security permissions. You will see what looks like a group (the group icon) called DefaultAppPool. You can now edit the permissions.
However, you don't need to use this at all. It's a bonus that you can use if you want. You can use the old way of creating a custom user per app pool and assigning the custom user to disk. That has full UI support.
This SID injection method is nice because it allows you to use a single user but fully isolate each site from each other without having to create unique users for each app pool. Pretty impressive, and it will be even better with UI support.
Note: If you are unable to find the application pool user, check to see if the Windows service called Application Host Helper Service is running. It's the service that maps application pool users to Windows accounts.
We've written quite a few of those Delphi 32-bits services ourselves, and the only thing that actually helps us "debug" the services running on servers (64-bit included) without the source code is Sysinternal's (now Microsoft Technet) Process Monitor.
In your specific case, I'd download Process Monitor (it's a simple executable) and run it and then set it up to filter only your service's .exe application. Look around for it's docs, but this is actually a very simple filter.
Keep Process Monitor running (filtered) on both machines while you start the service. Compare results from Process Monitor. I bet you have something like a missing registry key, or a missing directory or permission which causes the Delphi app to raise and Exception. This should be easy to spot on Process Monitor. Even more if you have a working machine to compare to.
Best Answer
I don't know about Windows 7, but the SC and SrvAny utilities from the Windows Server 2003 resource kit still worked on Server 2008 the last time I checked; I've used this technique myself to get PDFCreator running as a service on our file/print box:
Grab "srvany.exe" from the Server 2003 Resource Kit and copy it to your Server 2008 box.
Use "sc" to create a new service that launches "srvany":
sc create NewService binPath= C:\Windows\System32\srvany.exe DisplayName= "My Custom Service".
(Those spaces between the equal sign and the value are actually required by SC. No, I don't know why either.)
Use Regedit to create a key called "Parameters" in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NewService\Parameters). Inside that key, create a string value called "Application" and enter the full path to the application you are wanting to run as a service.
Cross fingers, start service.