{"id":793,"date":"2011-02-16T23:00:00","date_gmt":"2011-02-16T23:00:00","guid":{"rendered":"http:\/\/mooredynasty.net\/?p=793"},"modified":"2014-12-18T23:01:00","modified_gmt":"2014-12-18T23:01:00","slug":"logging-with-windows-2008-and-iis-7-security","status":"publish","type":"post","link":"https:\/\/mooredynasty.net\/index.php\/2011\/02\/logging-with-windows-2008-and-iis-7-security\/","title":{"rendered":"Logging with Windows 2008 and IIS 7 Security"},"content":{"rendered":"

Often we will create a domain account to run web applications under in the event the web site needs access to external resources.  If this is overkill for an application, the fact IIS 7 runs each app pool under a unique ID can be helpful.<\/p>\n

\n

\"image\"<\/a><\/p>\n<\/blockquote>\n

In a simple example, suppose an ASP.NET applications wants to log exceptions to a text file in a folder outside of the app\u2019s domain.  By default this will not be allowed.  Nor is it possible do use the Windows folder security dialog to add the desired settings for the app pool\u2019s identity.<\/p>\n

However, a short command-line task can add the IIS app pool account to a given folder\u2019s permitted users list:<\/p>\n

\n

icacls C:\\some_directory \/grant "IIS APPPOOL\\some_app_pool":(OI)(CI)(RX)<\/p>\n<\/blockquote>\n

After executing this command on the server, you can update the app pool\u2019s identity with the proper permissions in the usual manner.<\/p>\n

—<\/p>\n

Resources:<\/p>\n

http:\/\/learn.iis.net\/page.aspx\/624\/application-pool-identities\/<\/a><\/p>\n

http:\/\/serverfault.com\/questions\/81165\/how-to-assign-permissions-to-applicationpoolidentity-account<\/a><\/p>\n

http:\/\/serverfault.com\/questions\/100516\/iis-7-application-pool-identity-permissions<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Often we will create a domain account to run web applications under in the event the web site needs access to external resources.  If this is overkill for an application, the fact IIS 7 runs each app pool under a unique ID can be helpful. In a simple example, suppose … <\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[],"class_list":["post-793","post","type-post","status-publish","format-standard","hentry","category-development"],"_links":{"self":[{"href":"https:\/\/mooredynasty.net\/index.php\/wp-json\/wp\/v2\/posts\/793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mooredynasty.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mooredynasty.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mooredynasty.net\/index.php\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/mooredynasty.net\/index.php\/wp-json\/wp\/v2\/comments?post=793"}],"version-history":[{"count":1,"href":"https:\/\/mooredynasty.net\/index.php\/wp-json\/wp\/v2\/posts\/793\/revisions"}],"predecessor-version":[{"id":794,"href":"https:\/\/mooredynasty.net\/index.php\/wp-json\/wp\/v2\/posts\/793\/revisions\/794"}],"wp:attachment":[{"href":"https:\/\/mooredynasty.net\/index.php\/wp-json\/wp\/v2\/media?parent=793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mooredynasty.net\/index.php\/wp-json\/wp\/v2\/categories?post=793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mooredynasty.net\/index.php\/wp-json\/wp\/v2\/tags?post=793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}