PHP FastCgi running as IUSR instead of IIS APPPOOL/xxx

An IIS website is run via an Application Pool which has its Identity advanced property set to ApplicationPoolIdentity. The website runs PHP scripts via a FastCGI handler. These scripts try to write to a file but the access is denied even the application pool user has enough permission. I have run ProcMon and it shows that the scripts are trying to open the files using IUSR instead of the application pool user.

• Website example.com
  • Basic Settings - Application Pool = example.com
  • Basic Settings - Connect As = Application user (pass-through authentication)
• Application Pool example.com
  • Advanced Settings - Process Model - Identity - ApplicationPoolIdentity
• Script tries to write to a file
  • C:\ABC\test.txt
• The directory C:\ABC has permission
  • IIS APPPOOL\example.com - Full control, Type Allow, Applies to This folder, subfolders and files

When I open the scripts url, I get PHP Warning: fopen(C:\ABC\test.txt): failed to open stream: Permission denied

When I run Sysinternal's ProcMon I see:

• Event
  • Operation CreateFile
  • Result Access Denied
  • Path C:\ABC
  • Desired Access: Read Data/List Directory, Syncchronize
  • ShareMode: Read, Write, Delete
  • Impersonating: NT AUTHORITY\IUSR
• Process
  • Path …\php-cgi.exe
  • User: IIS APPPOOL\example.com

How to fix it so the file is accessed using the example.com user?

Solution 1:

Finally found it. There is one more place that it needs to be set it up.

Site -> Authentication -> Anonymous Authentication -> Edit to "Application Pool Identity"

Source: PHP on IIS 7.5/W2K8 using IUSR Account not IIS_APPPOOL\DefaultAppPool