How To Run IIS 7 App Pool As Built-In Admin?

Question

I am trying to give access to an App Pool to create some files in the website directory (inside inetpub) and I it keeps denying me access because it says the user doesn't have admin rights. I ran the AppPool as LocalSystem and it still failed. Doesn't LocalSystem have full control over folders? I ran it as AppPoolIdentity and gave the proper rights to those folders, and it doesn't work. The only way I can get it to work is by giving it a custom admin account... but that saves the username/pass in the web.config and that password expires every 90 days. We cannot have websites fail every 90 days.

Is there an easy way where I can run the AppPool as built-in admin without giving some custom account?

Answer 1

Only 18 months late. Nevertheless, I think the problem is that your website runs with anonymous connections right? Anonymous users connecting to your website will not run as admin. This is configurable.

The following is applicable to IIS7 (I think it'll also be applicable to IIS6, though I have no access to that version; almost certainly not applicable to IIS5 and earlier).

So anyway, to change this setting in the IIS Manager, go to:

Sites > [Your Website]

In "Features" view under the IIS subsection

Authentication [Open Feature] > Anonymous Authentication [right-mouse "Edit..."] > Select: Application Pool Identity [OK]

This allows anonymous connections to work under an admin privileges on the OS level, giving you access to files and a whole lot more besides.

Either that, or I've not quite understood your problem.