iis 7.5 Website permissions

Question

I'm trying to setup permissions on IIS 7.5 running in Win7. The instructions I found are:

Ensure all your sites have their own unique Application Pool assigned.
In the Advanced Settings under Processing Model for the application pool, set the built-in account as ApplicationPoolIdentity.
Enable impersonation in php.ini with fastcgi.impersonate = 1
IIS > Authentication > Anonymous Authentication > Application Pool Identity (not IUSR)
Set read/write permissions on your folders using the automatically generated application pool user account (e.g. "IIS AppPool\MyAppPoolName").

When I enter MyAppPoolName I'm not sure which name to use:

I have two web sites running on this same server. In IIS Manager, Application Pools I have:

WebSite1 v4.0 (Integrated)
WebSite1 v4.0 (Classic)
WebSite1 v2.0 (Integrated)
WebSite1 v2.0 (Classic)
WebSite2 v4.0 (Integrated)
WebSite2 v4.0 (Classic)
WebSite2 v2.0 (Integrated)
WebSite2 v2.0 (Classic)

What should I use for MyAppPoolName? "IIS AppPool\MyAppPoolName"

Thank you,

Docfxit

Ideally, you should split this into two questions – MichelZ Mar 26 '14 at 06:04 — MichelZ, Mar 26 '14 at 06:04

score 0 · Answer 1 · edited May 23 '17 at 11:33

I don't think it matters which App Pool you choose if you are hosting a PHP application, and no .NET is used.

The v2.0 and v4.0 tells IIS to use .NET 2.0 or .NET 4.0 for the Application, which does not matter, as you're using PHP.

Just make sure that they are separated.

As for classic vs. integrated pipeline mode, it does not matter as well:

Some reading classic vs integrated: https://stackoverflow.com/questions/759304/what-is-the-difference-between-defaultapppool-and-classic-net-apppool-in-iis7

And here's some reading specific to PHP: http://technet.microsoft.com/en-us/magazine/2008.07.iis7.aspx#id0110047

Keep in mind that integrated mode and classic mode only affect how IIS 7.0 integrates ASP.NET into the request pipeline. These pipeline modes do not affect PHP applications directly. The FastCgiModule and all other native modules load without pipeline-mode preconditions in both integrated mode and classic mode.

Even when not using .NET, the application pool identity is still important, because it is what runs the site regardless of asp.net, php or static files. — Peter Hahndorf, Mar 26 '14 at 17:54
Yes, but all of these options should have the "ApplicationPoolIdentity" set by default. And I mentioned to separate them — MichelZ, Mar 27 '14 at 10:11

score 0 · Answer 2 · answered Mar 26 '14 at 17:52

If you have two site, you should also only have two application pools. I would rename the AppPools hosting your sites and delete the other ones. So you should end up with something like

Site1AppPool
Site2AppPool

Then for setting NTFS permissions, use:

IIS AppPool\Site1AppPool
IIS AppPool\Site2AppPool

You cannot browse for these names in the permissions dialog, you have to type them in.

You tagged this with batch-file, so you may want to script this. You can script your five steps plus setting the NTFS permissions with PowerShell.

iis 7.5 Website permissions

2 Answers2