IIS - Setting the default application pool identity to least privilege principal

You can make the ApplicationPoolIdentity default for all the Application Pools by using the Set Application Pool Defaults action on the Application Pools node. Also ensure that the application pools run under unique identities.

To change the default identity to the built-in ApplicationPoolIdentity in the IIS Manager GUI.

  1. Open the IIS Manager GUI.
  2. On the Connections pane, expand the server node and click Application Pools.
  3. On the Application Pools page, select the application pools associated with IRC and CM websites, and then click the Advanced Settings on the Actions pane.
  4. For the Identity property, click the ... button to open the Application Pool Identity dialog box.
  5. Select the Built-in account option, choose the ApplicationPoolIdentity from the list, or provide a unique application user created for this purpose.
  6. Restart IIS.