IIS 8.5: Virtual Account for App Pool (IIS AppPool\{Application Pool Name} is not available

Question

I am running IIS 8.5 on a Windows 2012 R2 Core box. I created a new application pool called "MyNewAppPool". I have a website instance, called "MyNewWebsite.com" running in the "MyNewAppPool" application pool. The Identity used for "MyNewAppPool" is "ApplicationPoolIdentity".

It is my understanding that I can assign security permissions for application pools in IIS 8.5 by using the auto-generated local virtual accounts, which will be named "IIS AppPool\{Application Pool Name}".

So, in Windows Explorer on the "MyNewWebsite.com" directory, I should be able to assign read/write permissions for the virtual user account "IIS AppPool\MyNewAppPool". I cannot find this user account to assign any permissions to. I am searching the local computer location and not the whole domain. I can find the "IIS AppPool\DefaultAppPool" account, however I don't want to run MyNewWebsite.com under the DefaultAppPPool, I want to run it under the MyNewAppPool application pool.

Can anyone please tell me why I don't can't find the auto-generated virtual account for MyNewAppPool?

Kev · Answer 1 · 2014-12-05T21:28:21.230

14

You won't ever find the synthesised application pool identity in the permissions search dialogue. Just type in the name of the pool identity like this:

Via GUI:

enter image description here

The click the Check Names button:

enter image description here

Via Command Line:

Alternatively you can use ICACLS from an administrator command line/Powershell:

icacls c:\wwwroot\mysite /grant "IIS AppPool\MyNewAppPool":(CI)(OI)(M)

edited Dec 05 '14 at 21:28

answered Aug 09 '14 at 02:41

Kev

118,037
53
300
385

1

I tried exactly this. I still cannot get the application pool name to resolve. I had this issue on a dev server, and then for an unknown reason the issue went away. Now I'm setting up a QA server I'm experiencing the same problem again. – KPhillipson Dec 05 '14 at 17:18
@KPhillipson I've seen that before on original Windows 2008 Server and Windows 2008R2 (pre-service pack) and it was mighty bloody annoying. Have a look at my update, it should work with `ICACLS` from the command line. – Kev Dec 05 '14 at 21:30
@Kev, nope. `No mapping between account names and security IDs was done. Successfully processed 0 files; Failed processing 1 files` – BrainSlugs83 Oct 26 '18 at 09:11
@BrainSlugs83 - what OS, have you got all the latest service packs/updates? Are you sure you're running powershell/command prompt as Administrator? Have you spaces in the path you're granting permissions to? If so wrap in double quotes.....you've not provided much info to go on, I don't normally complain but the DV seems a wee bit unfair as it's not an egregiously incorrect answer. Sounds more like your environment is to blame than the answer. – Kev Oct 26 '18 at 11:40

score 2 · Answer 2 · answered Mar 19 '15 at 19:25

2

Above answer works great, just remember to use the server's name rather than the domain name. I got hung up for a bit trying to figure out why it wasn't resolving: enter image description here

answered Mar 19 '15 at 19:25

James Toomey

5,635
3
37
41

2

OP does mention in the question *"I am searching the local computer location and not the whole domain."* – Kev Jun 09 '15 at 23:08
Nope. Server is not domain joined; local machine name is populated there by default. – BrainSlugs83 Oct 26 '18 at 09:13

score 0 · Answer 3 · answered Oct 26 '18 at 10:17

I had the same issue in Server 2012 -- for whatever reason it was not creating the virtual accounts (or they were not available for use). -- I believe it's related to the AppHostSvc or the NetMan service not running. -- Ultimately, I took a shotgun approach to fixing it (not recommended, you should try to do as little as possible for a production environment, but this PowerShell might get you out of a pinch in your dev. environment):

#Requires -Version 4
#Requires -RunAsAdministrator

#######################################

$DebugPreference = "SilentlyContinue";
$VerbosePreference = "SilentlyContinue";
$WarningPreference = "Continue";
$ErrorActionPreference = "Stop";
Set-PSDebug -Strict;
Set-StrictMode -Version 3;

#######################################

Get-WindowsOptionalFeature -Online `
    | where { $_.FeatureName -ilike "*IIS*" -and $_.State -eq "Disabled" } `
    | % { Enable-WindowsOptionalFeature -Online -FeatureName $_.FeatureName -All };

iisreset

Get-Service | ? { $_.ServiceName -eq "W3SVC" } | Start-Service;
Get-Service | ? { $_.ServiceName -eq "W3SVC" } | Set-Service -StartupType Automatic;

Get-Service | ? { $_.ServiceName -eq "WMSvc" } | Start-Service;
Get-Service | ? { $_.ServiceName -eq "WMSVC" } | Set-Service -StartupType Automatic;

Get-Service | ? { $_.ServiceName -eq "AppHostSvc" } | Start-Service;
Get-Service | ? { $_.ServiceName -eq "AppHostSvc" } | Set-Service -StartupType Automatic;

Get-Service | ? { $_.ServiceName -eq "Netman" } | Start-Service;
Get-Service | ? { $_.ServiceName -eq "Netman" } | Set-Service -StartupType Automatic;

iisreset

IIS 8.5: Virtual Account for App Pool (IIS AppPool\{Application Pool Name} is not available

3 Answers3

Linked