In short – you do not need to edit any Windows user account privileges at all. Doing so only introduces risk. The process is entirely managed in IIS using inherited privileges.
Applying Modify/Write Permissions to the Correct User Account
- Right-click the domain when it appears under the Sites list, and choose Edit Permissions
Under the Security tab, you will see MACHINE_NAME\IIS_IUSRS is listed. This means that IIS automatically has read-only permission on the directory (e.g. to run ASP.Net in the site). You do not need to edit this entry.
- Click the Edit button, then Add…
- Change location to the local server and NOT the domain!
- In the text box, type
IIS AppPool\MyApplicationPoolName, substitutingMyApplicationPoolNamewith your domain name or whatever application pool is accessing your site, e.g.IIS AppPool\mydomain.com
- Press the Check Names button. The text you typed will transform (notice the underline):
- Press OK to add the user
- With the new user (your domain) selected, now you can safely provide any Modify or Write permissions
