While setting up a new mojoPortal site I tried our running the application pool with the identity “ApplicationPoolIdentity”. Previously we have tended to create a specific user account for each site (with each site running in its own app pool). An advantage of that approach was that we could see in Task Manager what CPU and memory was being used by each site, because the the w3wp.exe process showed as the specific user account. When switched to run as ApplicationPoolIdentity, the process appears to run as a user named the same as the application pool, so all good there.
Aside: the problem with running an application pool under its own user account is that MapServer CGI will not run within the site – I’ve no idea why, though it must be a permissions issue. When the app pool runs as ApplicationPoolIdentity then MapServer works fine.
As you’ll see from a previous post about how to install a mojoPortal site, it is necessary to secure the web site folders. When I came to do this I found there was no user account called ApplicationPoolIdentity, and no user with the name of the application pool either.
It turns out there is a virtual user account, and it can be entered as
IIS APPPOOL\ApplicationPoolName (obviously replacing ApplicationPoolName as appropriate):
Folder permissions can then be granted/revoked for this user.