I think ASP.NET actually requires "log on as a batch job". Normally, the
best way to use a non-standard ID as an app pool identity under IIS 6 is to
add it to the local IIS_WPG group as the ACLs and policies required to run a
worker process are usually configured to include this group when IIS is
installed.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Norm" <ne*****@gmail.comwrote in message
news:ee**********************************@w39g2000 prb.googlegroups.com...
On Sep 11, 9:12 am, "Joseph Geretz" <jger...@nospam.comwrote:
I created a new Application Pool for my ASP.NET application since I want
it
to run under a specific user identity with privileges to access the
application database. (I don't want to grant access to the entire Network
Service account.) I know the application pool is fundamentally sound
because
it runs my application when its identity is set to the default Network
Service account. When I change its identity to the desired local user
account, I get Service Unavailable back to the browser on any ASPX page
hit.
I guess the user account is lacking some required privilege? I've been up
and down through Local Users and Groups and through Local Security Policy
and I can't find anything which will enable this user account to serve as
the identity for the application pool. Can you help?
Thanks for any help which you can provide!
Joseph Geretz
I am 90% sure that you must allow the user to "Log on as a service".
Start -Administrative Tools -Local Security Policy
Security Settings -Local Policies -User Rights Assignment -Log
On As A Service
Add your user to this list.
Hopefully this works!
Norm