Unable to set NTFS permissions for ApplicationPoolIdentity on Windows 2008 SP2

Posted by Kev on Server Fault See other posts from Server Fault or by Kev
Published on 2010-12-08T23:42:23Z Indexed on 2011/01/06 14:56 UTC
Read the original article Hit count: 262

On Windows 2008 R2 I am able to set NTFS permissions for an application pool's synthesised ApplicationPoolIdentity account thus:

ICACLS d:\websites\site1\www /grant "IIS AppPool\site1":(CI)(OI)(M)

The website's application pool is named site1 and is configured to run as ApplicationPoolIdentity. The site's authentication is also configured to authenticate as ApplicationPoolIdentity. I've done this a thousand times on Windows 2008 Standard Edition R2 with never a hitch.

However if I try to do the same in Windows 2008 Standard Edition SP2 I get the error:

IIS AppPool\site1: No mapping between account names and security IDs was done.
Successfully processed 0 files; Failed processing 1 files

I also notice that this fails if I try to set permissions for the application pool identity via the security GUI as well. I've seen this before and a reboot has cleared this issue but I'd like to know why this happens periodically. Googling around suggests other folks have hit this problem but there's never a satisfactory explanation.

Why would this be?

© Server Fault or respective owner

Related posts about windows-server-2008

Related posts about security