IIS7.5 Domain Account Application Pool Identity for SQL Server Authentication
Posted
by Gareth Hill
on Server Fault
See other posts from Server Fault
or by Gareth Hill
Published on 2010-03-24T14:47:03Z
Indexed on
2010/03/24
14:53 UTC
Read the original article
Hit count: 1792
In Windows Server 2003/IIS6 land we typically create an app pool that runs as the identity of an AD account created with minimal privileges simply for that purpose. This same domain user would also be granted access to SQL Server so that any ASP.NET application in that app pool would be able to connect to SQL Server with Integrated Security=SSPI.
We are making a brave move to the world of Windows Server 2008 R2/IIS7.5 and are looking to replicate this model, but I am struggling with how to make the application pool in IIS7.5 run as the identity of an AD account? I know this sounds simple and hopefully it is, but my attempts so far have been fruitless.
- Should the application pool identity be a 'Custom account' for a domain account?
- Does the domain account need to be added to any groups?
© Server Fault or respective owner