I have a new Win7 workstation and I am trying to get ScrewTurn Wiki to run on the machine. My STW installation is using the file system option to store its data, and as such I need to give write permissions to the ASP.NET worker process in the folder the website is installed in.
HOWEVER, I cannot seem to be able to come up with name of the worker process in Win7 in order to add it to the permissions for the folder. In XP it was ASPNET_WP, if I remember correctly, but that is not its name in Win7.
Can someone please tell me?
Edited to add:
In response to @Dragan_Radivojevic, here's what the application pool in question looks like (named ScrewTurnWiki):
The Identity is "ApplicationPoolIdentity"
The full command would be something like below, notice the quotes
icacls "c:\inetpub\wwwroot\tmp" /grant "IIS AppPool\DefaultAppPool:F"
I know this is an old thread but to further expand the answer here, by default IIS 7.5 creates application pool identity accounts to run the worker process under. You can't search for these accounts like normal user accounts when adding file permissions. To add them into NTFS permission ACL you can type the entire name of the application pool identity and it will work.
It is just a slight difference in the way the application pool identity accounts are handle as they are seen to be virtual accounts.
Also the username of the application pool identity is "IIS AppPool\application pool name" so if it was the application pool DefaultAppPool the user account would be "IIS AppPool\DefaultAppPool".
These can be seen if you open computer management and look at the members of the local group IIS_IUSRS. The SID appended to the end of them is not need when adding the account into an NTFS permission ACL.
Hope that helps
My immediate solution (since I couldn't find the ASP.NET worker process) was to give write (that is, Modify) permission to IIS_IUSRS. This worked. I seem to recall that in WinXP I had to specifically given the ASP.NET worker process write permission to accomplish this. Maybe my memory is faulty, but anyway...
@DraganRadivojevic wrote that he thought this was dangerous from a security viewpoint. I do not disagree, but since this was my workstation and not a network server, it seemed relatively safe. In any case, his answer is better and is what I finally settled on after chasing down a fail-path due to not specifying the correct domain for the AppPool user.
Source: Stackoverflow.com