Specifying An AppPool Identity Other Than the Default (NetworkService) Account
|Article:HOWTO53253|||||Created: 2011-06-01|||||Updated: 2011-06-24|||||Article URL http://www.symantec.com/docs/HOWTO53253|
1. Create a local account on the seb server with only "user" privileges.
2. Open a command prompt with admin rights and go to "C:\Program Files(x86)\Risk Automation Suite\Extras\Utilities"
3. Execute the following command: "ConfigUtil -ap <new account name>
4. Go to IIS and change the app pool identity to the new account.
5. Recyle/restart the app pool and the site and test.
NOTE: If the configutil returns an error "Adding Permissions for user <new account name> failed, with message Length of the access control list exceed the allowed maximum" then perform the following:
1. Execute command: configutil -displaykey.
2. Note the long alphanumeric filename returned.
3. Examine the security tab for this file. It will be located in "C:\Program Data\Microsoft\Crypto\RSA\MachineKeys" (The "Program Data" folder is usually hidden)
4. Locate an account in the security with a red question mark (Will look like a SID instead of a name) and delete it from the list.
5. Return to the command prompt and execute "ConfigUtil -ap <new account name>
6. Recycle all web services and test.
Article URL http://www.symantec.com/docs/HOWTO53253