Changing Worker Process Identity in IIS 6

by Mitch Tulloch [Published on 30 Aug. 2005 / Last Updated on 30 Aug. 2005]

In IIS 6 on W2K3, all worker processes run by default using NetworkService as their identity.

In IIS 6 on W2K3, all worker processes run by default using NetworkService as their identity. This is done for security reasons since NetworkService is an account that has very few privileges.

If you want however, you can further isolate worker processes by assigning them each their own user account. If you make this change however, you need to make sure you do two things:

  • Assign the new account a complex password
  • Make the new account a member of the IIS_WPG built-in group.

The default IWAM_servername account is in fact a member of this group.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links