« Previous Next »

• 10-13-2008, 5:16 AM

  jerzym Joined on 04-17-2008, 7:21 AM Poland Posts 6

  AppPool Isolation - SID mapping is not working Reply Contact Hello! I have found an article by Ken Schaefer about AppPool Isolation: http://www.adopenstatic.com/cs/blogs/ken/archive/2008/01/29/15759.aspx I tried to assign permission using icacls to a website dir using an AppPool name corresponding to that site. Each time I try to do that I get an error: icacls d:\inetpub\sites\site20.mysites.com\  /grant:r "IIS APPOOL\site20.mysites.com_AppPool":(OI)(CI)(RX) IIS APPOOL\site20.mysites.com_AppPool: No mapping between account names and security IDs was done. Successfully processed 0 files; Failed processing 1 files When I check permissions to :c:\inetpub\temp\appPools\site20.mysites.com_AppPool.config I can see that SID is not resolved to AppPool name: http://img263.imageshack.us/my.php?image=sidmappingiy5.png I'm creating my sites using appcmd. Each site has its own AppPool. When I'm creating a site I also create an AppPool using naming scheme: subdomain.domain.com_AppPool. appPool: appcmd add apppool /name:$AppPoolName /processModel.username:NetworkService /enable32BitAppOnWin64:true site: appcmd add site /name:$site /bindings:$bindings /physicalPath:$SiteFolder /logfile.directory:$LogsFolder /logFile.period:Weekly I have a shared configuration running on two servers. My site content is hosted on DFS replicated share. Every site is working fine. Why is this SID mapping not working? Best Regards, Jerzy

  Tags: IIS 7SIDisolation

• 10-13-2008, 12:52 PM

  In reply to

  CarlosAg Joined on 02-18-2003, 9:23 PM Posts 332	Re: AppPool Isolation - SID mapping is not working Reply Contact I believe you have a typo (you are missing one P in the IIS AppPool): This works on my 64-bit machine: icacls . /grant "IIS APPPOOL\site20.mysites.com_AppPool":(OI)(CI)(RX)

• 10-13-2008, 1:23 PM

  In reply to

  jerzym Joined on 04-17-2008, 7:21 AM Poland Posts 6	Re: AppPool Isolation - SID mapping is not working Reply Contact  Well, I must have made that typo when I was testing icacls for this post (to get an exact error message).  It does give the same error message without that typo. Any help?

• 10-13-2008, 1:47 PM

  In reply to

  CarlosAg Joined on 02-18-2003, 9:23 PM Posts 332	Re: AppPool Isolation - SID mapping is not working Reply Contact Did you tried the line I included in my previous post? (note there is no :R in the /grant) icacls d:\inetpub\sites\site20.mysites.com /grant "IIS APPPOOL\site20.mysites.com_AppPool":(OI)(CI)(RX)

• 10-13-2008, 2:34 PM

  In reply to

  jerzym Joined on 04-17-2008, 7:21 AM Poland Posts 6	Re: AppPool Isolation - SID mapping is not working Reply Contact  Yes I did, it does not make any difference.