Whenever a new application pool is created, IIS creates a security identifier (SID) that represents the name of the application pool itself. For example, if you create an application pool with the name "SmartcryptPool," a security identifier with the name "SmartcryptPool" is created in Windows. Resources can be secured by using this identity. However, the identity is not a real user account and will not show up as a user in the Windows User Management Console.
This can be configured by selecting a folder in Windows Explorer and adding the "SmartcryptPool" identity to the folder's Access Control List (ACL).
By doing this, the file or directory you selected will now also allow the Smartcrypt identity access.
You can do this via the command-line by using the ICACLS tool. The following example gives modify access to the Smartcrypt identity to the folder C:\web\mds and all contents.
ICACLS "C:\web\mds" /grant "IIS AppPool\Smartcrypt":M /t