IIS 7 Tip # 3 You can now load the user profile of the application pool identity

IIS 7 Tip # 3 You can now load the user profile of the application pool identity

  • Comments 4

IIS 6.0 does not load the user profile of the application pool identity. But with IIS 7.0 you now have a choice to load the profile if needed. This feature is disabled by default on Windows 2008.

loadUserProfile

<applicationPools>
    <add name="DefaultAppPool">
        <processModel identityType="NetworkService" loadUserProfile="true" idleTimeout="00:05:00" />
    </add>
</applicationPools> 

If you change this to True the profile of your Application Pool is loaded and is available for your application.

You can use this to isolate your applications even further. For example when this option is set to False ( the profile is not loaded ) your application will use the c:\windows\temp folder as its temporary directory. If you have other application pools even they will use the same c:\windows\temp folder. If you set the option to load the user profile the temporary directory will be now change to use the profile’s temporary folder C:\Users\apppooluserid\AppData\Local\Temp.

If the profile is loaded you also have access to all the custom environment variables for that user.

Here’s a question what do you think will the temporary folder be when the Application Pool identity is set to Network Service and Load User Profile is set to True ?

It is not C:\Users\NetworkService\AppData\Local\Temp. but C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp


Bookmark and Share

Leave a Comment
  • Please add 3 and 8 and type the answer here:
  • Post
  • PingBack from http://www.clickandsolve.com/?p=19363

  • Question:  In IIS6 if an ASP.NET application wishes to query WMI via System.Management.MangementObjectSearcher to query the state of running Windows Services it needed to do so in the context of an interactive login (meaning you had to use Win32 LogonUser to establish a separate login and run the WMI Query during that logon).

    [I beleive the limitation is/was in the SCM Win32 API.]

    Does this new IIS7 user-profile mechanism mean that the AppPool 'logon' is sufficiently authorized to run WMI / SCM queries?

  • Thank you. Just what I was looking for

  • I found the name of the app pool user profile folder is not in the format of {app pool name} (win2008 server + IIS7), I created a bunch of app pools and enabled load user profiles on her box, the profile folders looked like below and numbered sequentially:

    TEMP

    TEMP.IIS APPPOOL

    TEMP.IIS APPPOOL.000

    TEMP.IIS APPPOOL.001

    TEMP.IIS APPPOOL.002

    any idea why?

Page 1 of 1 (4 items)