Configuring Application Pool Identity

Applies To: Windows Server 2003, Windows Server 2003 with SP1

Application pool identity is the user account that serves as the process identity for the worker processes that are servicing the application pool. Process identity is the account that a process runs under. Every Windows Server 2003 process has a process identity that is used to control access to resources on the system.

Application pool identity can be assigned to a predefined account. Predefined accounts are known as service-user accounts and they are created by the operating system. You can use the predefined NetworkService, LocalSystem, or LocalService accounts for the application pool identity.

In IIS 6.0 worker process isolation mode, application pools have a default identity of NetworkService. The NetworkService identity has minimal administrative credentials, which helps reduce the attack surface of your Web server. If you deploy applications that require a fixed worker process identity, you can change the application pool identity. For information about security and application pool identities, see "Configuring Application Pool Identity Settings" in Deploying ASP.NET Applications in IIS 6.0.

For information about how to configure application pool identity by using IIS Manager, see Configure Application Pool Identity. For information about how to configure application pool identity by using a command-line procedure or scripts, see the AppPoolIdentityType Metabase Property.