I'm facing a problem with IIS Pool Identity. I need to give right permissions to it user, but i cannot find the user that is setted to the IIS Pool Identity, that is ApplicationPoolIdentity. I find the user NetworkService that is a possible user to IIS Pool Identity. There is any problem or anything that i have to consider after change the IIS Pool Identity to NetworkService?
OBS: I'm using Windows 7 (IIS 7.5)
Don't if you can avoid it - using NetworkService means your app pool runs as an identity equivalent with many other services on the box.
ApplicationPoolIdentity is a virtual user account which maps to the Application Pool name. They're not visible in Local Users and Groups (except where you've made it a member of a group).
You can assign permissions in an Object Picker or other username-accepting place by specifying
IIS AppPool\AppPoolNameHere(Note the spacing).
It's not something you can browse to directly, but it is an item with a SID, so can be used to secure any securable resource (files, folders, registry, etc).
Any IIS worker process is also a member of IIS_IUSRS by default, but if you want to be more precise and secure stuff so only one app pool can use it, use AppPoolIdentity to do that.
Depends what else your application is doing - but generally speaking, it should work with no issue.
If you need to assign rights in a very granular way to the application, I'd suggest creating a new user specifically for the app pool identity instead of using Network Service.
Don't use network service if you don't need network resources. Are you accessing a UNC path, if you are, I'd use a domain account vs. network service. Use ApplicationPoolIdentity is the most secure method.