I'm facing a problem with IIS Pool Identity. I need to give right permissions to it user, but i cannot find the user that is setted to the IIS Pool Identity, that is ApplicationPoolIdentity. I find the user NetworkService that is a possible user to IIS Pool Identity. There is any problem or anything that i have to consider after change the IIS Pool Identity to NetworkService?
OBS: I'm using Windows 7 (IIS 7.5)
Best Answer
Don't if you can avoid it - using NetworkService means your app pool runs as an identity equivalent with many other services on the box.
ApplicationPoolIdentity is a virtual user account which maps to the Application Pool name. They're not visible in Local Users and Groups (except where you've made it a member of a group).
You can assign permissions in an Object Picker or other username-accepting place by specifying
IIS AppPool\AppPoolNameHere
(Note the spacing).
It's not something you can browse to directly, but it is an item with a SID, so can be used to secure any securable resource (files, folders, registry, etc).
Any IIS worker process is also a member of IIS_IUSRS by default, but if you want to be more precise and secure stuff so only one app pool can use it, use AppPoolIdentity to do that.