IIS7 权限概述 - ApplicationPoolIdentity [英] IIS7 Permissions Overview - ApplicationPoolIdentity
问题描述
我们最近升级到 IIS7 作为核心 Web 服务器,我需要有关权限的概述.以前,当需要写入文件系统时,我会给 AppPool 用户(网络服务)访问目录或文件的权限.
We have recently upgraded to IIS7 as a core web server and I need an overview in terms of the permissions. Previously, when needing to write to the file system I would have give the AppPool user (Network Service) access to the directory or file.
在 IIS7 中,我看到默认情况下,AppPool 用户设置为 ApplicationPoolIdentity
.因此,当我检查任务管理器时,我看到名为WebSite.com"的用户帐户正在运行 IIS 进程(Website.com"是 IIS 中的网站名称)
In IIS7 I see, as default, the AppPool user is set to ApplicationPoolIdentity
. So when I check the task-manager, I see that a user account called 'WebSite.com' is running the IIS Process ('Website.com' being the name of the website in IIS)
但是,如果我尝试使用该用户帐户授予权限,则该用户帐户不存在.那么,我如何确定授予哪个用户权限呢?
However this user account doesn't exist if I try to use that to give permissions. So, how do I determine which user to give the permissions too?
编辑 ================================================================================
Edit ==============================================================================
有关屏幕截图中的问题,请参见下文.我们的网站 (www.silverchip.co.uk) 使用用户名 SilverChip.co.uk 运行.但是,当我添加权限时,该用户确实存在!
See below for the problem in screen shot. Our website (www.silverchip.co.uk) runs on the username SilverChip.co.uk. However when I add pemissions, this user doenst exist!
================================查看 AppPool 图片
=================================See AppPool Image
推荐答案
ApplicationPoolIdentity 实际上是在 IIS7+ 中使用的最佳实践.它是一个动态创建的非特权帐户.要为特定应用程序池添加文件系统安全性,请参阅 IIS.net 的应用程序池标识".快速版:
ApplicationPoolIdentity is actually the best practice to use in IIS7+. It is a dynamically created, unprivileged account. To add file system security for a particular application pool see IIS.net's "Application Pool Identities". The quick version:
如果应用程序池被命名为DefaultAppPool"(如果名称不同,只需替换下面的这段文字)
If the application pool is named "DefaultAppPool" (just replace this text below if it is named differently)
- 打开 Windows 资源管理器
- 选择一个文件或目录.
- 右键单击文件并选择属性"
- 选择安全"标签
- 点击编辑",然后点击添加"按钮
- 点击位置"按钮并确保选择本地机器.(不是如果服务器属于一个 Windows 域.)
- 在输入要选择的对象名称:"文本框中输入IIS AppPoolDefaultAppPool".(不要忘记将此处的DefaultAppPool"更改为您为应用程序池命名的任何名称.)
- 单击检查名称"按钮,然后单击确定".
- Open Windows Explorer
- Select a file or directory.
- Right click the file and select "Properties"
- Select the "Security" tab
- Click the "Edit" and then "Add" button
- Click the "Locations" button and make sure you select the local machine. (Not the Windows domain if the server belongs to one.)
- Enter "IIS AppPoolDefaultAppPool" in the "Enter the object names to select:" text box. (Don't forget to change "DefaultAppPool" here to whatever you named your application pool.)
- Click the "Check Names" button and click "OK".
这篇关于IIS7 权限概述 - ApplicationPoolIdentity的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!