IIS 8.5: Virtual Account for App Pool (IIS AppPool\{Application Pool Name} is not available
Solution 1
You won't ever find the synthesised application pool identity in the permissions search dialogue. Just type in the name of the pool identity like this:
Via GUI:
The click the Check Names button:
Via Command Line:
Alternatively you can use ICACLS
from an administrator command line/Powershell:
icacls c:\wwwroot\mysite /grant "IIS AppPool\MyNewAppPool":(CI)(OI)(M)
Solution 2
Above answer works great, just remember to use the server's name rather than the domain name. I got hung up for a bit trying to figure out why it wasn't resolving:
KPhillipson
I'm a .NET developer working in the healtcare field. Also, cats.
Updated on July 09, 2022Comments
-
KPhillipson almost 2 years
I am running IIS 8.5 on a Windows 2012 R2 Core box. I created a new application pool called "MyNewAppPool". I have a website instance, called "MyNewWebsite.com" running in the "MyNewAppPool" application pool. The Identity used for "MyNewAppPool" is "ApplicationPoolIdentity".
It is my understanding that I can assign security permissions for application pools in IIS 8.5 by using the auto-generated local virtual accounts, which will be named "IIS AppPool\{Application Pool Name}".
So, in Windows Explorer on the "MyNewWebsite.com" directory, I should be able to assign read/write permissions for the virtual user account "IIS AppPool\MyNewAppPool". I cannot find this user account to assign any permissions to. I am searching the local computer location and not the whole domain. I can find the "IIS AppPool\DefaultAppPool" account, however I don't want to run MyNewWebsite.com under the DefaultAppPPool, I want to run it under the MyNewAppPool application pool.
Can anyone please tell me why I don't can't find the auto-generated virtual account for MyNewAppPool?
-
KPhillipson over 9 yearsI tried exactly this. I still cannot get the application pool name to resolve. I had this issue on a dev server, and then for an unknown reason the issue went away. Now I'm setting up a QA server I'm experiencing the same problem again.
-
Kev over 9 years@KPhillipson I've seen that before on original Windows 2008 Server and Windows 2008R2 (pre-service pack) and it was mighty bloody annoying. Have a look at my update, it should work with
ICACLS
from the command line. -
Kev almost 9 yearsOP does mention in the question "I am searching the local computer location and not the whole domain."
-
BrainSlugs83 over 5 years@Kev, nope.
No mapping between account names and security IDs was done. Successfully processed 0 files; Failed processing 1 files
-
BrainSlugs83 over 5 yearsNope. Server is not domain joined; local machine name is populated there by default.
-
Kev over 5 years@BrainSlugs83 - what OS, have you got all the latest service packs/updates? Are you sure you're running powershell/command prompt as Administrator? Have you spaces in the path you're granting permissions to? If so wrap in double quotes.....you've not provided much info to go on, I don't normally complain but the DV seems a wee bit unfair as it's not an egregiously incorrect answer. Sounds more like your environment is to blame than the answer.