Tag Archives: application-pool

application-pools-in-iis-1920x1080

application pools in iis overview

Advertisements
Advertisements

application pools in iis overview

As defined in Internet Information Services (IIS) an application Pool is a collection of one or more URLs that are serviced by one or a set of worker processes. After installation of SharePoint, open IIS Manager. You will notice application pools in iis.

application-pool-iis-manager-969x476

You must select an existing Application Pool or create a new pool whenever you create a service or web application in SharePoint Server.

create-new-application-pool-1314x453

application pools in iis allow multiple SharePoint websites to run on a single server without the processes or code in one site interacting with any other sites. This is primarily a security benefit, since any outside intrusion on one site is isolated. Also, problematic or poor code running on one site is isolated so that other sites on the server are unaffected. For these reasons, you should plan to use dedicated application pools to isolate authenticated content and separate applications that contain password information.

we can run powershell command to get all application pools.

Advertisements
Advertisements
Get-IISAppPool
Get-IISAppPool-754x567

we can search one or more application pool directly by running the below command.

Get-IISAppPool "DefaultAppPool","SharePoint - 37344"
Get-IISAppPool-information-875x192
Advertisements

Accounts used by application pools or service identities are in the local machine Administrators group SharePoint

Rule Name:  Accounts used by application pools or service identities are in the local machine Administrators group.

Summary:  A user account that is used by application pools or services must have permissions of a domain user account and must not be a member of the Farm Administrators group or a member of the Administrators group on the local computer. Using highly privileged accounts for application pools or services poses a security risk to the farm, and could allow malicious code to execute.

Cause:  Accounts that are used by application pools or services are members of the Administrators group on the local computer.

Resolution: Change the user account to a predefined account, or to a domain user account that is not a member of the Administrators group.

  1. Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
  2. On the Central Administration home page, in the Security section, click Configure service accounts.
  3. On the Service Accounts page, in the Select the component to update list, click the application pool or service that uses the credentials of a member of the Administrators group on the local computer as its security account.
  4. In the Select an account list, click an appropriate account for this component — for example, the predefined account Network Service — or click Register new managed account, and then on the Register Managed Account page, specify the credentials and the password change settings that you want.
  5. Click OK.