Microsoft will continue to cramp down on security and the use of ApplicationPoolIdentity is the default settings for a new website (so I'm blogging this to help others and to remind myself).
To the best of my knowledge, here are the steps to get your site up and running on 2008 R2 (if you have any corrections or feedback, please comment):
1) Using IIS, select “Application Pools”. Right-click the pool to modify and
choose “Advanced Settings”. In the “Process Model” section:
a. Verify “Identify” is set to ApplicationPoolIdentity.
b. Verify “Load User Profile” is set to true.
2) Using IIS, select the site to modify. In the IIS section, double-click
“Authentication”. Next “Edit” the “Anonymous Authentication” name and verify
“Application pool identity” is chosen.
3) Using SQL Studio Management Studio, select “Security”, then “Logins”. Add
“New Login” using:
a. Set “Login name” to “IIS AppPool\yourIISSiteName”.
b. Select “Windows authentication” (don’t worry that this doesn’t resemble a
real account on the computer; click OK).
4) Optional for security flexibility on the site files:
a. Using Windows Explorer, right-click the site directory and choose
“Properties”. Select the “Security” tab and choose “Add”.
b. In the “Enter the object names select” box, enter
“IIS AppPool\yourIISSiteName”. Click OK.
c. Before leaving the “Permissions” dialog, customize the permissions for the
new account (read, write, execute, etc.).
Whew!
No comments:
Post a Comment