I have an important question in regard to security and my web app. So I have a web app that I am using the Global.asax to encrypt via DPAPI the connectionStrings section of my web.config at the machine level. I was getting an error could not access the web.config when deploying it to a server we have. I also found other errors in the past where when i changed the identity from ApplicationPoolIdentity to NetworkService things were resolved permission wise. Is there any drawback from doing this? I want to make sure I have my ducks in a row if I need to explain why it's okay.