I was recently setting up a Drupal install on IIS7. The setup instructions required that the IIS_IUSRS account be given, temporarily, write access to the settings.php file so it could write the database configuration to the file.
In the end I had to edit the file myself and input the database configuration details myself. What I am wondering is why the instruction specified the IIS_IUSRS account rather than the IUSR account.
Perhaps I am not properly understanding how IIS_IUSRS and IUSR differ.
Here is a good documentation about groups and users used in IIS 7.
IUSR is built-in accountfor all anonymous authentication.IIS_IUSR is a built-in grouphas access to all the necessary file and system resources so that an account, when added to this group, can seamlessly act as an application pool identity.You need to check if Drupal has any account specifically added in the IIS_IUSR group such that giving permission to the group suffices the need.
Going through Drupal document shows that it requires the IIS build-in group permission.