Specifying An AppPool Identity Other Than the Default (NetworkService) Account

Article:HOWTO53253  |  Created: 2011-06-01  |  Updated: 2011-06-24  |  Article URL http://www.symantec.com/docs/HOWTO53253
Article Type
How To

1. Create a local account on the seb server with only "user" privileges.

2. Open a command prompt with admin rights and go to "C:\Program Files(x86)\Risk Automation Suite\Extras\Utilities"

3. Execute the following command: "ConfigUtil -ap <new account name>

4. Go to IIS and change the app pool identity to the new account.

5. Recyle/restart the app pool and the site and test.


NOTE:  If the configutil returns an error "Adding Permissions for user <new account name> failed, with message Length of the access control list exceed the allowed maximum" then perform the following:


1. Execute command: configutil -displaykey.

2. Note the long alphanumeric filename returned.

3. Examine the security tab for this file.  It will be located in "C:\Program Data\Microsoft\Crypto\RSA\MachineKeys"  (The "Program Data" folder is usually hidden)

4. Locate an account in the security with a red question mark (Will look like a SID instead of a name) and delete it from the list.

5. Return to the command prompt and execute "ConfigUtil -ap <new account name>

6. Recycle all web services and test.

Article URL http://www.symantec.com/docs/HOWTO53253

Terms of use for this information are found in Legal Notices