Create folder where website is to be.
Put website files into folder.
In IIS, Add Website and get the Application pool (same as Site Name)
In folder's Properties --> Security --> Advanced make Application pool owner of all folders/files - doing this automatically gives the Application pool Special Permissions
IUSR: when I got the HTTP Error 500.0 - Internal Server Error ..... The FastCGI process exited unexpectedly - IUSR does need to be setup.
In folder's Properties --> Security --> Edit and add IUSR as another user and add Modify to its 3 other default permissions.
create folder aaTestAppPool
put index.html file in aaTestAppPool
site name will be: TestAppPool
go into: IIS Manager
under Connections, if do not see Application Pools and Sites, click the > to the left of computer name as shown in the below image:
right-click Sites for popup list
click Add Site...
and you see the Add Website window opened and you see the following:
The following are blank:
type TestAppPool into Site name - as you type you should see DefaultAppPool be replaced by TestAppPool as shown by:
and when done:
next - Physical path - use the box with the dots to the right to pick the path to the folder: c:\inetpub\wwwroot\aaTestAppPool
for Host name since this is for local use - the same system as the website - only use TestAppPool (Note: you will put 127.0.0.1 TestAppPool in the c:\Windows\System32\drivers\etc\hosts file so it can be accessed by your browser locally)
Add Website window completed:
when you click OK the new TestAppPool application pool is created - at the same time that the website is added
TestAppPool website added to Sites list:
clicking Application Pools shows that the TestAppPool has been added to the list - TestAppPool is an application pool
open Windows Explorer
locate folder aaTestAppPool
right-click on folder aaTestAppPool
click Security tab
beside Owner you see TestAppPool has already been made the owner - this was done on a previous run-through. I had clicked Change previously.
clicking Change brings up:
you will type the application pool name in Enter the object name to select
make sure From this location shows the computer that you are working on
in my case I type IIS AppPool\TestAppPool
click Check Names and IIS AppPool\TestAppPool changes to TestAppPool (Note: notice the underlined TestAppPool)
when you click OK on Select User or group window you get back to the Advanced Security Settings window and notice the added checkbox Replace owner on subcontainers and objects - check this box to do so
When you click Apply a small message window opens telling you that you have to close and reopen the object's properties before viewing/changing permissions
when the small message window closes when you click OK, the checkbox is gone
click OK to close Advanced Security Settings window
click OK to close Properties window
opening Properties again and going to the Security tab and looking under Group or user names shows that TestAppPool is not there but CREATOR OWNER is there with only Special Permissions checked - TestAppPool = CREATOR OWNER
At this point, I thought I need not worry about IUSR but when I got HTTP Error 500.0 - Internal Server Error ..... The FastCGI process exited unexpectedly - IUSR apparently does need to be acted upon.
-In IIS 7.0 and later, a built-in account IUSR replaces the IUSR_MachineName account
-Additionally, a group that is named IIS_IUSRS replaces the IIS_WPG group
-Because the IUSR account is a built-in account, the IUSR account no longer requires a password.
-The IUSR account resembles a network or local service account
-The IUSR_MachineName account is created and used only when the FTP 6 server is installed.
-If the FTP 6 server is not installed, the account IUSR_MachineName is not created.
Article from which the following came from: Add Write Permission to PHP on IIS
<?php var_dump(ini_get('fastcgi.impersonate')); ?>
run the file in the browserCase 1: if you get:
string(1) "1"then in a command prompt with administrative privileges, run the following command:
%windir%\system32\inetsrv\appcmd.exe list config "Your Web Site" /section:anonymousAuthentication
%windir%\system32\inetsrv\appcmd.exe list config "TestAppPool" /section:anonymousAuthenticationto get the following:
<system.webServer> <security> <authentication> <anonymousAuthentication enabled="true" userName="IUSR" /> </authentication> </security> </system.webServer>
the userName attribute gives the user name to which you need to give write permissions, here it is IUSR
if userName is empty or missing, then give write permissions to IIS AppPool\application pool, for TestAppPool this would be IIS AppPool\TestAppPoolCase 1: if you get:
you need to give write permissions to IIS AppPool\application pool, for TestAppPool this would be IIS AppPool\TestAppPool
open Windows Explorer
locate folder: aaTestAppPool
right-click on folder: aaTestAppPool
click Security tab
you will be typing IUSR into box below Enter the object names to select using the server/machine name found below From this location: as part of the name
for me I type DESKTOP-M9NG2C3\IUSR into the box below From this location:
click Check Names and see DESKTOP-M9NG2C3\IUSR change to ISUR (Note: the underline)
click OK and get back to Permissions window and note that IUSR already has the permissions: Read & execute, List folder contents, Read
check Modify and keep the other permissions
when Apply is clicked a small message opens with the title: Windows Security and the message: Setting security information on: and see it rapidly go through all folders and files
click OK to close Permissions window
click OK again to close Properties window