. . Hong Kong Business Software Company
Expert in web-based solutions
Software House in Hong Kong

Microsoft Certified Solution Developer

 

Chief Architect's Blog on software development

13 Dec 2009
Configuring Windows 7 as Web Server
Last year, I wrote a blog about configuring Vista as web server.  Now Windows 7 is released.  Windows 7 Professional also has a built-in web server -  IIS 7.5.  Microsoft did not tell ordinary users about that.  The configuration between Vista and Windows 7 are similar.  I will not repeat the procedure in this blog.  If you want to read step-by-step configuration, please refer to my previous blog: Configuring Vista as Web Server for reference.  After that, please come back to continue because I will explain the newly added ApplicationPoolIdentity.

For better security, Microsoft introduces a virtual identity which is called "ApplicationPoolIdentity" in Windows 7 and Windows Server 2008 R2.  In fact, this identity was also secretly added to Vista SP2 too.  In IIS 6.0 and 7.0, you normally set Application Pool to use "Network Service" identity.  You can still do that in IIS 7.5; but by default, DefaultAppPool uses "ApplicationPoolIdentity" identity.  You can identify your actual application pool identity in IIS Manager (see below):



If you do not need higher permission for your web application to access server resouces (for example, you use your server for static web pages), you can ignore this newly added virtual identity.  However, if you need to give higher  permission to your web application in accessing a folder (or server resources), you need to be aware that ApplicationPoolIdentity is a virtual identity which cannot be seen in the Access Control List (ACL). 

To add security permission in a folder for your web application, you should enter "IIS AppPool\<application pool name>" as object name in the folder's security property section .  For example, type "IIS AppPool\DefaultAppPool" for an application pool with the name "DefaultAppPool" (see figure below).



You can also add permission via command line using ICACLS command.  For more details about ICACLS, please refer to http://technet.microsoft.com/en-us/library/cc753525(WS.10).aspx#BKMK_examples.





more topics...  

Home | Products | Services | FAQ | Chinese version | Contact Us
© 2008 Bisware Technology Limited. All Rights Reserved.