application pool custom identity

From: William F. Robertson, Jr. (wfrobertson_at_kpmg.com)
Date: 02/06/04

• Next message: Eric: "isapi filter/etension"
• Previous message: Tom Kaminski [MVP]: "Re: IIS installation"
• Next in thread: Tom Kaminski [MVP]: "Re: application pool custom identity"
• Reply: Tom Kaminski [MVP]: "Re: application pool custom identity"
• Reply: David Wang [Msft]: "Re: application pool custom identity"
• Messages sorted by: [ date ] [ thread ]

---

Date: Fri, 6 Feb 2004 13:47:21 -0600

I have a Windows 2003 Web Edition (IIS 6.0) server that host my intrAnet
site. We are using only NT integrated authentication. When the AppPool
identity is set to Network Service (default) everything works fine. But we
are trying to use the aspnet account so the web application will have access
to the directories on another machine. Currently we are using Virtual
directories to link to the various docs on the file server. We would like
to move away from virtual directories (too diffifult to maintain security
15,000+ user) and have the application determine what files they can and can
not see.

When we change the identity of the AppPool to aspnet (setting the password
and created a local user account on the file server with matching username
and password) all the users are prompted with the NT login screen asking for
their username, password, and domain.

My development group is not experiencing this problem, and I suspect it is
because we are all administrators on the machine. All other users are
prompted for the username and password. When they provide their domain
username/password it gives them a 401.1 error invalid credentials. When I
try to login with my username and password from their machine, it is giving
me the same 401.1 error.

The NTFS permissions on web directory are IIS_WPG everything except write
and full control, Everyone group, and US\Domain Users.

I have been searching this problem for quite some time now, and we are
unable to roll the security "enhancements" out because we can not change the
application pool identity over.

Any ideas?

If you need more information, please post and I will respond with any
information you need.

Thanks,

bill

---

• Next message: Eric: "isapi filter/etension"
• Previous message: Tom Kaminski [MVP]: "Re: IIS installation"
• Next in thread: Tom Kaminski [MVP]: "Re: application pool custom identity"
• Reply: Tom Kaminski [MVP]: "Re: application pool custom identity"
• Reply: David Wang [Msft]: "Re: application pool custom identity"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Problem login to LAN server ... months with 2 admin users who can Connect to a file server on the LAN ... a share and enter her username and password, ... (microsoft.public.windowsxp.network_web) Re: application pool custom identity ... We are using only NT integrated authentication. ... When the AppPool ... > directories to link to the various docs on the file server. ... > their username, password, and domain. ... (microsoft.public.inetserver.iis) Re: DNS problem? ... > on the drive I am prompted for a username and password. ... > do not see the server in DNS. ... > So, my question is, if DNS does not see it and I cannot ping it, what ... If the file server has a firewall enabled blocking ICMP packets you won't be ... (microsoft.public.windows.server.dns) RE: No Outlook Email via RDP ... Ensure you join the Terminal Server to SBS domain. ... input one SBS domain user's username and password ... | the Wyse Win Terminals accessing email via RDP. ... (microsoft.public.windows.server.sbs) Re: cant use IMAP ... username and password again and again when you try to connect Exchange thru ... Please enable SSL IMAP on Exchange thru the following page. ... How to configure Outlook to receive e-mail messages from an IMAP server ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)