Changing Worker Process Identity in IIS 6

by Mitch Tulloch [Published on 30 Aug. 2005 / Last Updated on 30 Aug. 2005]

In IIS 6 on W2K3, all worker processes run by default using NetworkService as their identity.

In IIS 6 on W2K3, all worker processes run by default using NetworkService as their identity. This is done for security reasons since NetworkService is an account that has very few privileges.

If you want however, you can further isolate worker processes by assigning them each their own user account. If you make this change however, you need to make sure you do two things:

  • Assign the new account a complex password
  • Make the new account a member of the IIS_WPG built-in group.

The default IWAM_servername account is in fact a member of this group.

Featured Links