Changing Worker Process Identity in IIS 6

by Mitch Tulloch [Published on 30 Aug. 2005 / Last Updated on 30 Aug. 2005]

In IIS 6 on W2K3, all worker processes run by default using NetworkService as their identity.

In IIS 6 on W2K3, all worker processes run by default using NetworkService as their identity. This is done for security reasons since NetworkService is an account that has very few privileges.

If you want however, you can further isolate worker processes by assigning them each their own user account. If you make this change however, you need to make sure you do two things:

  • Assign the new account a complex password
  • Make the new account a member of the IIS_WPG built-in group.

The default IWAM_servername account is in fact a member of this group.

See Also


The Author — Mitch Tulloch

Mitch Tulloch is a well-known expert on Windows Server administration and cloud computing technologies. He has published over a thousand articles on information technology topics and has written, contributed to or been series editor for over 50 books.

Featured Links