Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

App Pool Identity

Posted on 2014-09-16
9
532 Views
Last Modified: 2014-09-18
I have a web site that I switched from NETWORK_SERVICE to AppPoolIdentity.  I did this so I could see which process was running in task manager (I have a runaway process issue).  After changing the app pool to AppPoolIdentity (from NETWORK_SERVICE), some functions in the application don't work.  I think its related to local file access restrictions, but not certain.

When I look at the directory on web server in Windows Explorer, I can see where NETWORK_SERVICE has been given read/write access to the directories the app tried to access.  How do I grant the same level of privileges for the AppPoolIdentity?  I don't see a SID in the active director list.
0
Comment
Question by:No1Coder
  • 6
  • 2
9 Comments
 
LVL 17

Expert Comment

by:Emmanuel Adebayo
ID: 40326552
You grant permission for to account iusr_ to the directories the app tried to access.

Regards
0
 

Author Comment

by:No1Coder
ID: 40326610
IIS_USER and IUSR have the same file access capabilities as NETWORK_SERVICE.  Not sure if that is what you are referring to.

I am not certain that file access is the problem, but I can't think of anything else it could be.  The functions that do not work are dealing with local files, so file security makes sense.
0
 
LVL 17

Expert Comment

by:Emmanuel Adebayo
ID: 40326699
By default, Yes.

I think I understand what the issue si now

You can try this by selecting a file in Windows Explorer and adding the "DefaultAppPool" identity to the file's Access Control List (ACL).

For more, please check http://www.iis.net/learn/manage/configuring-security/application-pool-identities

Cheers
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:No1Coder
ID: 40326777
This doesn't work for me.

W20012R2

I tried entering:
IIS AppPool\DefaultAppPool
IIS_AppPool\DefaultAppPool
IISAppPool\DefaultAppPool

It won't take any of these when I do check names.
0
 

Author Comment

by:No1Coder
ID: 40326779
Also tries same using ICACLS.  It doesn't work either.  Says invalid parameter to 'IIS_AppPool\DefaultAppPool'
0
 

Author Comment

by:No1Coder
ID: 40326828
I tried this on two different 2012 r2 servers.  Doesn't work.
0
 
LVL 33

Accepted Solution

by:
hongjun earned 500 total points
ID: 40329539
Try something like these?

icacls C:\inetpub\wwwroot\website\ /grant "IIS AppPoolApplicationPoolName":RX

Open in new window

0
 

Author Comment

by:No1Coder
ID: 40329889
I tried the following:

icacls d:\websites /grant "DefaultAppPool":RX

D;\Websites is the directory that I would like to set read/execute privileges on.  On one server, when I execute this command, it created a Windows Security ID for the directory in question.  When I go the windows explorer, and view security, I see an entry for DefaultAppPool, and I was able to set permissions as desired.  I do not know yet if this solves the original problem.

I tried the same command on my production server and receive the error "DefaultAppPool: No mapping between account names and security IDs was done.
Successfully processed 0 files; Failed processing 1 files"

The directory structure is the same for both servers.  I don't know what this error means.

I also tried:
icacls d:\WebSites /grant "IIS AppPool\DefaultAppPool":RX

Same results.

At this point I am just guessing.  I don't understand why this needs to be so difficult.
0
 

Author Closing Comment

by:No1Coder
ID: 40329987
Was able to get this to work.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question