IIS 7 Tip # 3 You can now load the user profile of the application pool identity

IIS 6.0 does not load the user profile of the application pool identity. But with IIS 7.0 you now have a choice to load the profile if needed. This feature is disabled by default on Windows 2008.

loadUserProfile

 <applicationPools>
    <add name="DefaultAppPool">
        <processModel identityType="NetworkService" loadUserProfile="true" idleTimeout="00:05:00" />
    </add>
</applicationPools> 

If you change this to True the profile of your Application Pool is loaded and is available for your application.

You can use this to isolate your applications even further. For example when this option is set to False ( the profile is not loaded ) your application will use the c:\windows\temp folder as its temporary directory. If you have other application pools even they will use the same c:\windows\temp folder. If you set the option to load the user profile the temporary directory will be now change to use the profile’s temporary folder C:\Users\apppooluserid\AppData\Local\Temp.

If the profile is loaded you also have access to all the custom environment variables for that user.

Here’s a question what do you think will the temporary folder be when the Application Pool identity is set to Network Service and Load User Profile is set to True ?

It is not C:\Users\NetworkService\AppData\Local\Temp. but C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp

Bookmark and Share

Comments

  • Anonymous
    March 07, 2009
    PingBack from http://www.clickandsolve.com/?p=19363

  • Anonymous
    March 23, 2009
    Question:  In IIS6 if an ASP.NET application wishes to query WMI via System.Management.MangementObjectSearcher to query the state of running Windows Services it needed to do so in the context of an interactive login (meaning you had to use Win32 LogonUser to establish a separate login and run the WMI Query during that logon). [I beleive the limitation is/was in the SCM Win32 API.] Does this new IIS7 user-profile mechanism mean that the AppPool 'logon' is sufficiently authorized to run WMI / SCM queries?

  • Anonymous
    May 29, 2011
    Thank you. Just what I was looking for

  • Anonymous
    July 20, 2012
    The comment has been removed

  • Anonymous
    October 25, 2014
    I use iis8.5+php5.6. Load zip file. It has the temp file in c:windowstemp folder. According this article, it will use isolate temp folder if Load user Profile is true. But I have my site's application pooladvance settingload user profile is true, it does not word at all. I do not know why. Now, php has no permission to load temp file from c:windowstemp. It must add Everyone to c:windowstemp. This method has security problem, I think.

  • Anonymous
    June 14, 2015
    How do I do this for all application pools at once?