Multiple Application Pools running as Network Service

2.1k views Asked by At

I have four different Application Pools, each one for a different web site, all running as Network Service.

Is this a normal configuration to have?

Can it cause problems between the different applications?

1

There are 1 answers

0
Kev On BEST ANSWER

If you've configured each site's Anonymous Authentication to use "Application Pool Identity" then requests will run as the Network service account.

If this isn't a shared server, i.e. you're not allowing your customers or users to upload content or deploy ASP.NET applications, and you and your team are the sole deployers/mamagers then this isn't a terrible thing to do.

That said, if one site becomes compromised then it will be possible to attackers to compromise the other sites. If the Network Service account only has read access then the attack would be limited to data theft, otherwise they'll be able to do much more damage.

Unless you have a very good reason to, it is always a good idea to configure your application pools to run as Application Pool Identity. IIS will synthesise an account for you when the application pool is running. You should configure your public facing www folders to give appropriate permissions to an account known as IIS AppPool\[POOL_NAME] where [POOL_NAME] is the name of the application pool for the site.

You may wish to have a read of one of my previous answers related to this to help you understand this mechanism:

What are all the user accounts for IIS/ASP.NET and how do they differ?

And see also:

Application Pool Identities