7

I am setting up a new web server and trying to use the new Application Pool Identities available in Windows Server 2008 R2 (as described here: http://learn.iis.net/page.aspx/624/application-pool-identities/) to secure the folder structure.

However, it seems that PHP is still using the local IUSR account even though I have set FastCGI impersonation to true in php.ini - how can I get PHP to operate under the Application Pool Identity?

The folder in question is a shared cache directory outside c:\inetpub\wwwroot. When I give IIS_APPPOOL\DefaultAppPool modify privileges, the PHP files cannot access the folder but they can when I give privileges to SERVERNAME\IUSR (or the Users group).

PHP 5.3 is installed using Web Platform Installer in IIS.

The PHP application is using Zend_Cache if that makes a difference.

voidstate
  • 249
  • 2
  • 8
  • Can you post screenshots of 1. The site's application pool advanced configuration 2. The site's anonymous authentication settings (Site -> Authentication -> Anonymous Authentication -> Edit – Kev Jul 24 '12 at 13:21
  • Thanks, Kev. The second window had what I needed! I have posted the answer below in case anyone else has the same issue but if you want the rep, feel free to post it instead and I'll accept your answer (and delete mine). – voidstate Jul 24 '12 at 14:04
  • Don't worry, the main thing is you got it working :) – Kev Jul 24 '12 at 14:10

1 Answers1

8

The answer was to change the anonymous identity in Site -> Authentication -> Anonymous Authentication -> Edit to "Application Pool Identity".

voidstate
  • 249
  • 2
  • 8