0

My issue is two-fold:

  1. Need a user account to write to inetpub/wwwroot that isn't in the IIS_WPG Group
  2. Change the DefaultAppPool account to specified user account in #1

We cannot have anonymous HTTP writing to Server A from Server B from the default anon user account Windows reads from, hence for #2. And due to said server permissions, we cannot have Group IIS_WPG do any writing to inetpub/wwwroot either.

I created a new user account, but it isn't associated to any groups. Then, I added this user to the DefaultAppPool Identity instead of using Network Service. Then, under Inetpub/wwwroot I gave read/write permissions to this user account. Then I restart w3svc.

I am getting a Service Unavailable error now when I try to view any web page with this error in the logs: A failure was encountered while launching the process serving application pool 'DefaultAppPool'. The application pool has been disabled.

Note: I am not a Windows admin by any means, so what I'm doing is based off of any articles I can find and trusting their accuracy 100%.

justacoder
  • 2,684
  • 6
  • 47
  • 78

1 Answers1

0

The whole point of the IIS_WPG group is to have a pre-set grouping of the permissions required to run an application pool. So the best case is going to be creating your new user but then just adding that user to the IIS_WPG group.

If you can't do that, then I believe you have to explicitly give your new user the same permission set that IIS_WPG has already. Which can be found here: http://support.microsoft.com/kb/812614

Stephen S.
  • 1,616
  • 16
  • 14