Your Friend is Here: Check what are the set of Permissions required for the Application pool identity

Thursday, December 2, 2010

Check what are the set of Permissions required for the Application pool identity

NTFS permissions

Directory	Users\Groups	Permissions


%windir%\help\iishelp\common	IIS_WPG	Read, execute
%windir%\IIS Temporary Compressed Files	IIS_WPG	Full control
%windir%\system32\inetsrv\ASP compiled templates	IIS_WPG	Full control
Inetpub\wwwroot (or content directories)	IIS_WPG	Read, execute

Registry permissions

Location	Users\Groups	Permissions
HKLM\System\CurrentControlSet\Services\ASP	IIS_WPG	Read
HKLM\System\CurrentControlSet\Services\HTTP	IIS_WPG	Read
HKLM\System\CurrentControlSet\Services\IISAdmin	IIS_WPG	Read
HKLM\System\CurrentControlSet\Services\w3svc	IIS_WPG	Read

Windows user rights

Policy	Users
Access this computer from the network	ASPNET
Access this computer from the network	IWAM_MachineName
Adjust memory quotas for a process	IWAM_MachineName
Adjust memory quotas for a process	Network service
Bypass traverse checking	IIS_WPG
Deny logon locally	ASPNET
Impersonate a client after authentication	ASPNET
Impersonate a client after authentication	IIS_WPG
Log on as a batch job	ASPNET
Log on as a batch job	IIS_WPG
Log on as a batch job	IWAM_MachineName
Logon as a service	ASPNET
Logon as a service	Network service
Replace a process level token	IWAM_MachineName
Replace a process level token	Network service

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)