Recipe12.20.Configuring Application Pool Identities

Previous page
Table of content
Next page

Recipe 12.20. Configuring Application Pool Identities

Problem

You want to configure the identity of an application pool.

Solution

Using a graphical user interface

  1. Open Internet Information Services (IIS) Manager.

  2. In the left pane, expand the server node in the console tree and select Application Pools.

  3. Right-click on the target application pool and select Properties.

  4. Select to the Identity tab.

  5. Select either one of the three predefined identities or a custom user account and click OK.

Using a command-line interface

The following two commands assign a custom user account for an application pool identity and set the password for the account:

> cscript %systemroot%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/ <AppPoolName>/WAMUserName <Username> > cscript %systemroot%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/ <AppPoolName>/WAMUserPass <Password>

Replace <AppPoolName> with the name of the target application pool, <Username> with the name, and <Password> with the user's password.

Using VBScript
' This code configures an app pool identity. ' ------ SCRIPT CONFIGURATION ------ strComputer = "<ServerName>" strAppPoolName = "<AppPoolName>" strUser   = "<Username>"  ' e.g., RALLENCORP\myiisuser strPasswd = "<Password>" ' ------ END CONFIGURATION ---------     set objAppPool = GetObject("IIS://" & strComputer & "/w3svc/AppPools/" & _                            strAppPoolName) objAppPool.AppPoolIdentityType = 3 objAppPool.WAMUserName = strUser objAppPool.WAMUserPass = strPasswd objAppPool.SetInfo( )     WScript.Echo "App Pool identity modified successfully: " & objAppPool.Name

Discussion

When an application in the pool executes, the worker process impersonates the identity of the process token associated with the client requesting the application pool. An application pool's identity is the security context in which the worker processes assigned to the pool run when no application is running within the pool. The three predefined identities that can be assigned to a pool are shown in Table 12-9.

Table 12-9. Predefined application pool identities

Identity

Description

Network Service

Built-in identity with few privileges

Local Service

Same as Network Service but can only access resources on local computer

Local System

Powerful built-in identity with numerous privileges


By default, new application pools (and the Default Application Pool) use Network Service as their identity. If you want to create a custom user account for a pool, be sure to give it a complex password and make it a member of the IIS_WPG built-in group, which gives the account the privileges needed to be able to instantiate new worker processes on the computer.


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
C++ GUI Programming with Qt 3
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Data Structures and Algorithms in Java
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy