Knowledgebase
How to manually Create a Site & Application Pool Identity in IIS7
Posted by Nathalie Vaiser on 03 February 2010 09:19 AM

We recommend running each web site on your server using its own application pool and identity (user)

 The steps below demonstrate how to create an IUSR user, create a new application pool for the site, and create the web site.

CREATE THE IUSER USER (WEB SITE IDENTITY):

To create the web site user, go to the 'Edit local users and groups' control panel:

Local Users and Groups

Right-click on the Users folder, and select 'New User...'

New User

 

In the New User window, add the User name, password, and set the password to never expire, and click 'Create'

New User

 

Close the New User window, and right-click on the new user you just created, and select Properties:

user properties

 

 

Click the "Member of" tab, and REMOVE the "Users" group membership:

remove users group

Next, click the Add button, and add the user to the IIS_IUSRS group:

 

 

iis_iusrs group

Now you should only have your user a member of the IIS_IUSRS group.

Click OK, and close out of the Local Users and Groups control panel.

 

CREATE THE APPLICATION POOL:

Open IIS, and right-click on the Application Pools folder, and select 'Add Application Pool'

Add Application Pool

 

Name your application pool and click OK:

Application Pool

Then, right-click on your new application pool, and select 'Advanced Settings':

Advanced Settings

In the Advanced Settings window, click the browse button next to the default Identity:

browse

Select 'Custom Account', click 'Set', and enter the user information you created earlier:

 

set credentials

Click OK several times to close out of all the windows.

Now, add your web site in IIS (or modify your existing site if you have already created a site)

ADD NEW WEB SITE:

Add Web Site

Enter your site details, and then click the 'Test Settings' button to test:

and ensure that all tests pass:

test

SET NTFS PERMISSIONS

You now need to provide the IUSR user created above with permissions to the web site folder. Browse in your hard drive to the folder you created for your web site, right-click the folder and select 'properties'

NTFS permissions

Click the 'Security' tab, and click 'Edit'

Security

On the next screen, click 'Add'

On the Select Users, Computers, Service Accounts, or Groups window, click the 'Locations' button:

CLICK CANCEL if you are asked to provide credentials:

cancel

and on the next screen, click on YOUR SERVER NAME, and click OK:

Now in the Select Users or Groups window, type the username you created earlier and click OK:

Make sure your IUSR user is selected. You can add write permissions if needed, but otherwise to accept the default settings, click OK:

Click OK on any remaining windows to close out of the settings.

You have now configured a web site identity user, application pool, and web site.

 

(327 votes)
This article was helpful
This article was not helpful

Comments (0)
Post a new comment 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

Help Desk Software by Kayako Fusion