Monday, August 30, 2010

Granting permissions to the ApplicationPoolIdentity

Windows 7 and Windows 2008 RC 2 introduced the concept of managed service accounts and by default, application pools are set to use a managed service account in order to isolate the web application pool without adding additional management of passwords and such.  The downside is that the implementation is half-baked when it comes to giving these accounts permission to other things such as accessing files or directories.

The trick is, when setting the security for the file or folder, select your computer as the location then enter IIS APPPOOL\ApplicationPoolName as the user where ApplicationPoolName is the name of the application pool you want to give permission to.  Microsoft really should make these accounts show up in the GUI, but at least this little trick works.