Rectangle 27 0

iis 7 ApplicationPoolIdentity user cannot modify files in shared folder in Windows Server 2008?


Actually, using a service account that can be locked down and dedicated to one narrow purpose is the more secure option because it reduces the attack surface area. Using the machineaccount$ for access means that any process running under the networkservice account (like other websites on that server) will also gain rights on that network resource. But yes, password management can be the downside.

This is not a fix for the problem described, more of a workaround to the original problem.

To solve this one, our server administrator created a domain user in the domain controller called domainuser. Then I went into the IIS 7 application pool advanced settings, and changed the Identity from ApplicationPoolUser to "{domain name}\domainuser" (under the Custom Account field) and entered the password for the account. Then I set write permissions (under the folder properties > security) on that shared folder for {domain name}\domainuser. It worked great.

the disadvantage of your answer is that you are not using ApplicationPoolIdentity user and that you have to enter password.

Note
Rectangle 27 0

iis 7 ApplicationPoolIdentity user cannot modify files in shared folder in Windows Server 2008?


Sign up for our newsletter and get our top new questions delivered to your inbox (see an example).

Go to the Shared Folder > right click > properties -> security >edit > add (so far as usual ) -> choose object types > check on computers > now enter the computer name where your application is working from , where you published your application.

The steps are :

as I've written at my post : GreKai.WordPress.com You should have entered the computer name and not the ApplicationPoolIdentity. That was your problem.Try it out ! It should work.

Note
Rectangle 27 0

iis 7 ApplicationPoolIdentity user cannot modify files in shared folder in Windows Server 2008?


Actually, using a service account that can be locked down and dedicated to one narrow purpose is the more secure option because it reduces the attack surface area. Using the machineaccount$ for access means that any process running under the networkservice account (like other websites on that server) will also gain rights on that network resource. But yes, password management can be the downside.

This is not a fix for the problem described, more of a workaround to the original problem.

To solve this one, our server administrator created a domain user in the domain controller called domainuser. Then I went into the IIS 7 application pool advanced settings, and changed the Identity from ApplicationPoolUser to "{domain name}\domainuser" (under the Custom Account field) and entered the password for the account. Then I set write permissions (under the folder properties > security) on that shared folder for {domain name}\domainuser. It worked great.

the disadvantage of your answer is that you are not using ApplicationPoolIdentity user and that you have to enter password.

Note
Rectangle 27 0

iis 7 ApplicationPoolIdentity user cannot modify files in shared folder in Windows Server 2008?


Actually, using a service account that can be locked down and dedicated to one narrow purpose is the more secure option because it reduces the attack surface area. Using the machineaccount$ for access means that any process running under the networkservice account (like other websites on that server) will also gain rights on that network resource. But yes, password management can be the downside.

This is not a fix for the problem described, more of a workaround to the original problem.

To solve this one, our server administrator created a domain user in the domain controller called domainuser. Then I went into the IIS 7 application pool advanced settings, and changed the Identity from ApplicationPoolUser to "{domain name}\domainuser" (under the Custom Account field) and entered the password for the account. Then I set write permissions (under the folder properties > security) on that shared folder for {domain name}\domainuser. It worked great.

the disadvantage of your answer is that you are not using ApplicationPoolIdentity user and that you have to enter password.

Note
Rectangle 27 0

iis 7 ApplicationPoolIdentity user cannot modify files in shared folder in Windows Server 2008?


Go to the Shared Folder > right click > properties -> security >edit > add (so far as usual ) -> choose object types > check on computers > now enter the computer name where your application is working from , where you published your application.

The steps are :

as I've written at my post : GreKai.WordPress.com You should have entered the computer name and not the ApplicationPoolIdentity. That was your problem.Try it out ! It should work.

Note