Export (0) Print
Expand All

Adding the IIS Worker Process to the Readers Role

Updated: August 22, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

By default, IIS runs in the Network Service account. You can, however, configure an IIS worker process to run in a different account.

If you use a remote authorization store, such as Active Directory or a remote XML file-based store, and you run IIS in the default Network Service context, you must add the Active Directory account of the Web server running IIS to the store's Readers role.

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".


To add the IIS worker process to the Readers role
  1. If Authorization Manager is not already open, click Start, click Run, type


    and then click OK.

  2. In the console tree, right-click Authorization Manager, click Open Authorization Store, click Browse, click the name of the authorization store file you want to update, click Open, and then click OK.

  3. In the console tree, right-click the name of the store, and then click Properties.

  4. Click the Security tab, and in the Authorization manager user role list, click Reader, and then click Add.

  5. In the Enter the object names to select (examples) box, type the name of the IIS worker process, and then click OK twice.

Related Information

Community Additions

© 2016 Microsoft