Use the Application Pool Identity dialog box to configure the account under which an application pool's worker process runs. You can select one of the predefined security accounts or configure a custom account.

Note

If you use a custom identity, make sure that the user account you specify is a member of the IIS_IUSRS group on the Web server so that the account has proper access to resources. Additionally, when you use Windows and Kerberos authentication in your environment, you might need to register a Service Principle Name (SPN) with the domain controller (DC).

To configure an application pool identity
  1. On the Application Pools feature page, select an application pool from the list.

  2. In the Actions pane, click Advanced Settings.

  3. Under Process Model, locate the Identity field and click (the Properties button) to open the Application Pool Identity dialog box.

  4. Select an identity option:

    • Select Built-in account to use a predefined security account, and then select one of the accounts from the list.

    • Select Custom account to configure a custom account, and then click Set to open the Set Credentials dialog box from which you can specify the user name and password for the account.

UI Element List

Element NameDescription

Built-in account

Select this option to use one of the predefined security accounts. Then select one of the following accounts:

  • ApplicationPoolIdentity – By default, the Application Pool Identity account is selected. The Application Pool Identity account is dynamically created when an application pool is started, and therefore this account provides the most security for your applications.

  • LocalService - The Local Service account is a member of the Users group and has the same user rights as the Network Service account, but the Local Service account is limited to the local computer. Use this account when the worker process in your application pool does not require access outside the Web server on which it runs.

  • LocalSystem - The Local System account has all user rights, and it is part of the Administrators group on the Web server. Whenever possible, avoid using the Local System account because it presents a more serious security risk for your Web server.

  • NetworkService – The Network Service account is a member of the Users group and has user rights that are required to run applications. It can interact throughout an Active Directory-based network by using the credentials of the computer account.

Custom account

Select this option to configure a custom account. Then click the corresponding Set button to configure the user name and password for the account.

Set

Opens the Set Credentials dialog box from which you can specify credentials for the custom account.

User name

Type the alias of the user account under which you want the worker process to run.

Password

Type the password for the user account that you specified in the User name box.

Confirm password

Retype the password for the user account that you specified in the User name box.

See Also


Table Of Contents