Issue Creating SQL Login for AppPoolIdentity on Windows Server 2008

IIS7 introduced the option to run your application pool as AppPoolIdentity. With the release of IIS7.5, AppPoolIdentity was promoted to the default option.  You see this change if you’re running Windows 7 or Windows Server 2008 R2.  image

On my Windows 7 machine, I’m able to define my Application Pool Identity and then create an associated database login via the SQL Server Management Studio interface.  No problem.  However, I ran into some troubles when recently installing my web application onto a Windows Server 2008 R2 64-bit machine.  Strange, but the same approach failed as SSMS couldn’t find the AppPoolIdentity user.  Instead of using the tools, I created and executed the login via script and it worked fine. 

Here’s the script, based off of the DefaultAppPool identity, if the same happens to you:

CREATE LOGIN [IIS APPPOOL\DefaultAppPool]
FROM WINDOWS WITH DEFAULT_DATABASE=[master]
USE [Chinook]
CREATE USER [IIS APPPOOL\DefaultAppPool] FOR LOGIN [IIS APPPOOL\DefaultAppPool]

Comments

  1. Johnny-
    Great insight – thanks.

    I am now trying to decipher whether or not the virtual user “IIS AppPool\DefaultAppPool” exists on a given machine before running the script above. I understand that AppPoolIdentity applies to mainly Server 2008 R2 and non-R2 if it is enabled but we have installs on Server 2003 R2 as well where I don’t want to run the script. Any ideas?

closed