Solved

IIS 7.5 ApplicationPoolIdentity

Posted on 2014-03-10
5
519 Views
Last Modified: 2014-03-15
All my web apps for Windows 2008 R2 IIS 7.5 are running with ApplicationPoolIdentity, should I change this or leaving the default option as it is

Can you give me an over view of Identities and what function do they perform
0
Comment
Question by:rakkad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39919009
Depending on the nature of your application.

However it is best practice to run your apps under an identity for issues such as impersonation and DB connectivity where there might be security concerns.

Here is a more lengthy explanation:

http://blogs.technet.com/b/tristank/archive/2011/12/22/iusr-vs-application-pool-identity-why-use-either.aspx
0
 

Author Comment

by:rakkad
ID: 39919027
Am still confused about the article,

What does the default ApplicationPoolIdentity do ?
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 39919066
If you have an application it can run as any user.

The identity allows you access aspect of the system and your network that SHOULD NOT be available to your IIS default user accounts.

If you do not utilize an identity for your application then you will have to worry about security issues where granting access to the application will require granting access to built in account.

This is NOT A SECURE model, it is best practice to run applications under an identity.
If you application needs to write a file it is easier to grant access to a secure (non-builtin user) than to grant access to a built in user that could be spoofed by an intruder.

The concept as well of an application pool identity is to ensure there is secure isolation for folders used by the app, there is no need to grant EVERYONE or NETWORK SERVICE etc access to application related folders which can lead to system compromise.

The long and short of it is, the application pool identity is an identity that allows your application to interact with your system and network etc in a controlled not easily manipulated manner.

As the article says
Using the App Pool Account as anonymous is a good idea because it allows you to secure your content at the NTFS level for just COMPUTER\Coke or IIS AppPool\Pepsi, and be assured that Windows file system security will prevent one company's anonymous app from reading (or otherwise affecting) its competitor's anonymous content.
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 39919264
If your common app pool recycles then all sessions will recycle. If you have several websites this could be a problem.  If each website has its own apppool then a problem with one website won't affect the others.
0
 

Author Closing Comment

by:rakkad
ID: 39931120
This proved useful and clarified my answer

Thanks
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question