Errors in Best Practises Analyzer

I have this error at Best Practises Analyzer in IIS section. May I ignore it?
1/ Issue:
Application pool is set to run as an administrator, as local system, or to 'Act as part of the operating system'.

The application pool can execute high-privileged code, including potentially malicious code that can negatively affect your server.

Set the application pool to run as the application pool identity.

When I solve this error, I must type my credentials for access for example OWA login screen.

2/ Issue:
Basic authentication is enabled for configuration path 'MACHINE/WEBROOT/APPHOST' but it lacks a required SSL binding.

If you use Basic authentication without SSL, credentials will be sent in clear text that might be intercepted by malicious code.

Use Basic authentication with an SSL binding, and make sure that the site or application is set to require SSL. Alternatively, use a different method of authentication.

I have already set require SSL to all, but this error is still here.
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

pospichalalesConnect With a Mentor Author Commented:
These errors are only for information and they are not unsafe at this case. I can choose if I set basic authentication or ignore it.

These two issues are indicating the security compromize.  However, Its all depened upon the application running on IIS.  Some applications requires application pools to run with administrator previligeous.  Its looks like improper File system permissions   Usually, to overcome file systems permissions issues, administrator account would be used for applications pools.

If your application is not exposed to internet you can ignore these alerts.

pospichalalesAuthor Commented:
This applications such OWA, Autodiscover are available from internet.
But they cannot require credentials when opening.
All Courses

From novice to tech pro — start learning today.