If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
WordPress is a powerful blogging system that serves as the backbone for countless websites and gives the user quite a bit of freedom to customize the look of the site without disrupting the operation. At my work, we installed it on our Windows Server web host. Everything was working great until I got a notification that a newer version of WordPress was available, but it would not update.
The screen capture below shows the error I kept getting:
I tried opening update-core.php to see if anything looked incorrect, but it was a huge file loaded with options and it looked like any modifications might break something else, so I left it alone. The key thing that stood out here is the mention of "inconsistent file permissions" and that's when I made some changes that allowed WordPress to update itself without me having to manually do it, which is an option but a tedious one.
Here's the fix:
On your server, open up IIS manager then click on Application Pools
Right-click on the one for WordPress, then click Advanced Settings
Under Process Model, change the Identity to LocalSystem and click OK
Click the + to expand Sites and then locate the folder used for WordPress
Right-click on the WordPress folder name, then click Edit Permissions
Click the Security tab then click the Edit button
Click the Add button and type "Authenticated Users" and click OK
Verify that Authenticated Users is now showing under the Group or user names list
Click OK two more times to close those windows
Try running the WordPress update again and it should work
What this minor change does is grant the application permission to modify files inside that folder by having it run as LocalSystem, which falls under Authenticated Users. It still keeps your site secure without leaving any gaping security holes, but always remember to use strong passwords on your WordPress site, as many spambots and hackers tend to look for WordPress sites for leaving spam comments and more.