ApplicationPoolIdentity Environment variables IIS

windows application-pools iis

Is it possible to set Environment Variables for ApplicationPoolIdentity virtual accounts? The documentation on this is practically-non existent.

I would like to inject an Environment Variable for just that Application Pool. It seems to be the case that people create unique accounts for the app pool to do this, but what I've read about virtual accounts implies I wouldn't have to, but doesn't explain at all how to do this.


Solution 1:

Yes! (As long as you're using IIS 7.0+) You need to set the loadUserProfile setting for the Application Pool Identity to true. The Application Pool Identity will now have a user profile under \Users\[Application Pool Name]. You can then edit this profile to have custom environment variables, etc.

IIS 7 Tip # 3 You can now load the user profile of the application pool identity

EDIT: I just tested this (in IIS 10), because of your comment, and it's definitely working here.

  1. In IIS, I created a new Application Pool named Testing
  2. I changed the Application Pool Defaults to set Load User Profile to True
  3. I started the Application Pool, Testing
  4. I checked to see if the user profile was created at \Users\Testing: no
  5. I added a website to the Application Pool and restarted the website
  6. I checked again to see if the user profile was created: still no
  7. I navigated to the website in my browser, so the application pool would load
  8. I checked a third time to see if the user profile was created: yes
  9. I checked to see if the user registry was loaded in HKEY_USERS, (by checking HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist to see whether the NTUSER.DAT file located at [...]\Users\Testing\NTUSER.DAT was loaded, and it was, with SID S-1-5-82-454248297-962034619-2554273252-202815998-4121577539)
  10. I checked for the presence of the HKEY_Users\[SID]\Environments key, it's present, and has values TEMP and TMP pointing to %USERPROFILE%\AppData\Local\Temp.

The reason I had to do a page load is because I forgot to change the Start Mode from OnDemand to AlwaysRunning. When I created another Application Pool with Start Mode set to AlwaysRunning, the user profile was created when I assigned a web site to the Application Pool and restarted the website.

More useful information on Application Pool Identities: Application Pool Identities

Related

How many FSMO roles are there?
Disable TLS 1.2 stops RST packets
Any good PostgreSQL client for linux? [closed]
Tuning NFS client/server stack
TrustedInstaller.exe takes a lot of CPU
How do I inventory the type and speed of a remote computer?
Switch eliminated collisions. But what about
Change source IP address based on the system user
LDAPsearch with SSL Centos- ldap_start_tls, ldap_bind: Cannot contact LDAP
Relay Postfix email through another server for bounces
Fake SNTP server for testing
DEGRADED zfs pool vs FAULTED