Permissions to run a SharePoint 2010 Application Pool?

Question

I'm currently in the process of setting up a SharePoint 2010 farm. In my Dev Environments, I have one account that is Local Admin, Farm Administrator and runs all Application Pools.

For Production Environment, I would like to go with best Security Practices and run the Web Applications (At least 2: Main Portal and My Sites) with separate Domain Accounts.

It's been some time that I worked with IIS, and I remember that there were issues with accessing files in c:\inetpub by non-Admin users. On the other hand, SharePoint "automagically" sets most permissions anyway.

Does anyone have some experience with which permissions I need to give to the domain account at minimum in order to work?

score 1 · Accepted Answer · answered Jun 08 '10 at 14:01

1

Check out this technet article for the gory details. Basically, your application pool account is assigned to the WSS_WPG group on the server. WSS_WPG is then assigned access to various registry keys and files/folders. There is a table in the linked document with all of the actual permissions for WSS_WPG.

answered Jun 08 '10 at 14:01

MattB

11,194
1
30
36

A great, that article is new and really detailed, thanks! – Michael Stum Jun 08 '10 at 23:16

Permissions to run a SharePoint 2010 Application Pool?

1 Answers1