IIS7.5 Domain Account Application Pool Identity for SQL Server Authentication

Posted by Gareth Hill on Server Fault See other posts from Server Fault or by Gareth Hill
Published on 2010-03-24T14:47:03Z Indexed on 2010/03/24 14:53 UTC
Read the original article Hit count: 1796

In Windows Server 2003/IIS6 land we typically create an app pool that runs as the identity of an AD account created with minimal privileges simply for that purpose. This same domain user would also be granted access to SQL Server so that any ASP.NET application in that app pool would be able to connect to SQL Server with Integrated Security=SSPI.

We are making a brave move to the world of Windows Server 2008 R2/IIS7.5 and are looking to replicate this model, but I am struggling with how to make the application pool in IIS7.5 run as the identity of an AD account? I know this sounds simple and hopefully it is, but my attempts so far have been fruitless.

  • Should the application pool identity be a 'Custom account' for a domain account?
  • Does the domain account need to be added to any groups?

© Server Fault or respective owner

Related posts about iis7.5

Related posts about application-pools