In terms of IIS, what exactly is (in low tech management freindly terms) a web app "pool"..... is this just a collection of sites/apps? And why do you potentially have 1 pool or many pools on the same server? What types of sites/apps would you typically pool together?
Also - what are the risks of specific pools running under the security context of the local SYSTEM and/or a local admin account? Is this considered bad practice. How can you determine what permissions the pools need to run under, or is SYSTEM/LA permissions often genuinely required?
where in IIS can you identify what permissions a pool is running under?