IIS 7 and Above
How I can run IIS app pool by domain account?
Last post May 30, 2014 10:37 AM by yatajga
May 29, 2014 09:11 AM|yatajga|LINK
There are two domains, domain1 and domain2. My machine works in domain1 and SQL Serever database works in domain2. The web application use database and SQL Server allow only windows autentification for users from domain2. How I can run IIS worker process
by domain2 user identity? I can start visual studio by runas /netonly /user:domain2\user_name command and use IIS Express. It's work. But I want use locale IIS. Can I do it?
May 29, 2014 10:21 AM|fredcumbee|LINK
You can use a domain user to run the application pool for a site. Create the domain user, on the IIS server add the user to the Users and IIS_IUSRS group. Give the domain user permissions to the site's data. Go to the application pool for the site and
change the Indentity user to the domain user. You can find this by selecting the app pool and clicking
Advance Settings... under the Actions pane menu. Select
Identity and then click the button beside the current user listed. Select
Custom account and click Set. Use the format domain\username for the username and enter the password for the user.
May 29, 2014 11:15 AM|yatajga|LINK
Ok. Thanks. But when I try to add domain2 user account in my machine I have following error: The user account does not exist.
May 29, 2014 11:29 AM|fredcumbee|LINK
Is your machine apart of the domain? Make sure there is a trust setup between the two domains. You may also need to
grant the "Allowed to authenticate" permission on the system which the user need access. This should be performed under the security properties of the server in Active Directory Users and Computers.
May 29, 2014 11:38 AM|yatajga|LINK
It's member of domain1.
May 29, 2014 11:55 AM|yatajga|LINK
"Make sure there is a trust setup between the two domains." - trust setup between the two domains is missing.
May 29, 2014 12:19 PM|yatajga|LINK
As I understand it is impossible
May 30, 2014 05:46 AM|Terry Guo - MSFT|LINK
There have a blog, maybe helps:
The following is the solution:
1. Add the Domain Account to the IIS_WPG group on the Machine running IIS. (This group is the worker Process group which contains the Accounts, allowed to run the IIS worker process.)
2. Goto Start> Run and type secpol.msc . Hit OK. The
Local Security Settings console will open up. Under Security Settings, expand
Local Policies and Click User Rights Assignment. Double click
Log on as a service in the right pane. Add the domain account if not already listed. Click
OK and exit the console. (It enabled the Domain account to register a process as a service.)
Hope it helps.
May 30, 2014 10:37 AM|yatajga|LINK
Thanks for reply. But I use Win 8.1 and the problem is in another case. My machine can't find domain2 user.