Whenever a new application pool is created, IIS creates a security identifier (SID) that represents the name of the application pool itself. For example, if you create an application pool with the name "SmartcryptPool," a security identifier with the name "SmartcryptPool" is created in Windows. Resources can be secured by using this identity. However, the identity is not a real user account and will not show up as a user in the Windows User Management Console.
This can be configured by selecting a folder in Windows Explorer and adding the "SmartcryptPool" identity to the folder's Access Control List (ACL).
- Open Windows Explorer
- Select a file or directory.
- Right click the file and select Properties
- Select the Security tab
- Click the Edit button and then Add button
- Click the Locations button and make sure that you select your computer.
- Enter IIS AppPool\SmartcryptPool in the Enter the object names to select: text box.
- Click the Check Names button and click OK.
By doing this, the file or directory you selected will now also allow the SmartcryptPool identity access.
You can do this via the command-line by using the ICACLS tool. The following example gives full access to the SmartcryptPool identity.