Monday, December 13, 2010

IIS7 in maximum application security mode

When IIS7's application pool is set to use the "ApplicationPoolIdentities", the system dynamically creates an user with the name as "IIS AppPool\< application pool name >".
This user is not listed in the right assignment dialog's "Find" feature, but can be entered manually to setup the permissions (Or use the icacls command, like ICACLS folder_name /grant "IIS AppPool\DefaultAppPool":F ). Also, this user in the "IIS_IUSRS" group, so, by assigning the necessary permissions to the group it gives the same rights to that user as well.
To send SMTP Email using CDOSYS object, need not only to give the writing rights to the "Mailroot\Pickup" folder, but also то give the read right to the metabase's "IIS://LOCALHOST/SMTPSVC" and "IIS://LOCALHOST/SMTPSVC/1" to let the CDO know where the pickup folder is.

No comments:

Post a Comment