|
|
|
13 Dec 2009
|
Configuring Windows 7 as Web Server
Last year, I wrote a blog about configuring Vista as web server.
Now Windows 7 is released. Windows 7 Professional also has a built-in web server -
IIS 7.5. Microsoft did not tell ordinary users about that. The configuration
between Vista and Windows 7 are similar. I will not repeat the procedure in this blog.
If you want to read step-by-step configuration, please refer to my previous blog: Configuring Vista as Web Server
for reference. After that, please come back to continue because I will
explain the newly added ApplicationPoolIdentity.
For better security, Microsoft introduces
a virtual identity which is called "ApplicationPoolIdentity" in
Windows 7 and Windows Server 2008 R2. In fact, this
identity was also secretly added to Vista SP2 too. In IIS 6.0 and 7.0, you
normally set Application Pool to use "Network Service" identity.
You can still do that in IIS 7.5; but by default, DefaultAppPool uses
"ApplicationPoolIdentity" identity. You can identify your actual application pool
identity in IIS Manager (see below):
If you do not need higher permission for your web application to access server
resouces (for example, you use your server for static web pages), you can ignore this newly added virtual identity. However, if
you need to give higher permission to your web application in accessing a
folder (or server resources), you need to be
aware that ApplicationPoolIdentity is a virtual identity which cannot be seen in
the Access Control List (ACL).
To add security permission in a folder for
your web application,
you should enter "IIS AppPool\<application pool name>" as object name in the folder's
security property section . For example, type "IIS AppPool\DefaultAppPool"
for an application pool with the name "DefaultAppPool" (see figure below).
You can also add permission via command line using ICACLS command. For
more details about ICACLS, please refer to
http://technet.microsoft.com/en-us/library/cc753525(WS.10).aspx#BKMK_examples.
more topics...
|
|
|