IIS7 give ApplicationPoolIdentity access to a network location

security iis active-directory windows-server-2008
kralco626 picture kralco626 · Sep 11, 2013 · Viewed 12.2k times · Source

I have a site in IIS7 that runs under ApplicationPoolIdentity.

Is it possible to give the ApplicationPoolIdentity access to network files?

I know that I can give access to local files by giving rights to the user: iisapppool\{apppoolname} but is there a way to give this ID access to files on the network?

Answer

Brock Hensley picture Brock Hensley · Sep 12, 2013

ApplicationPoolIdentity is a LOCAL user (generated by IIS, its identity is not known until runtime) thus any attempt to access anything on the network would result in it using the COMPUTER$ account.

Using ActiveDirectory you should then be able to grant the COMPUTER$ account access to the files you want.

Alternatively, using ActiveDirectory you could create a Domain User account, configure the application pool identity to use that domain user, and grant that user access to the network files.

Read more here about Application Pool Identities.

Related questions

How to create .pfx file from certificate and private key?

I need .pfx file to install https on website on IIS. I have two separate files: certificate (.cer or pem) and private key (.crt) but IIS accepts only .pfx files. I obviously installed certificate and it is available in certificate …

Read More
What are all the user accounts for IIS/ASP.NET and how do they differ?

Under Windows Server 2008 with ASP.NET 4.0 installed there is a whole slew of related user accounts, and I can't understand which one is which, how to they differ, and which one is REALLY the one that my app runs under. …

Read More
applicationHost.config Error: Cannot write configuration file due to insufficient permissions with IIS shared configuration

I use the Microsoft.Web.Administration.ServerManager class to manage a web site in a windows service. I use impersonation in my code, with an admin user, the user has the right to modify my applicationHost.config but I always …

Read More