As defined in Internet Information Services (IIS) an application Pool is a collection of one or more URLs that are serviced by one or a set of worker processes. After installation of SharePoint, open IIS Manager. You will notice application pools in iis.
You must select an existing Application Pool or create a new pool whenever you create a service or web application in SharePoint Server.
application pools in iis allow multiple SharePoint websites to run on a single server without the processes or code in one site interacting with any other sites. This is primarily a security benefit, since any outside intrusion on one site is isolated. Also, problematic or poor code running on one site is isolated so that other sites on the server are unaffected. For these reasons, you should plan to use dedicated application pools to isolate authenticated content and separate applications that contain password information.
we can run powershell command to get all application pools.
we can search one or more application pool directly by running the below command.
Rule Name: Accounts used by application pools or service identities are in the local machine Administrators group.
Summary: A user account that is used by application pools or services must have permissions of a domain user account and must not be a member of the Farm Administrators group or a member of the Administrators group on the local computer. Using highly privileged accounts for application pools or services poses a security risk to the farm, and could allow malicious code to execute.
Cause: Accounts that are used by application pools or services are members of the Administrators group on the local computer.
Resolution: Change the user account to a predefined account, or to a domain user account that is not a member of the Administrators group.
Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
On the Central Administration home page, in the Security section, click Configure service accounts.
On the Service Accounts page, in the Select the component to update list, click the application pool or service that uses the credentials of a member of the Administrators group on the local computer as its security account.
In the Select an account list, click an appropriate account for this component — for example, the predefined account Network Service — or click Register new managed account, and then on the Register Managed Account page, specify the credentials and the password change settings that you want.