- There's no easy way to set certain items in the registry for the Network Service user. (Sorry, for various reasons, I can't elaborate on that statement.)
- Due to (1), I've decided to run my application as a custom normal (non-Administrator) user that I've created. However in order to use this user with IIS and its applications, certain steps must be taken.
Using a custom user to run an IIS 6.0 application
The following are pre-requisites in order to be able to use a custom user to run an IIS 6.0 application:
- The user must have already been created and should have absolutely the least number of privileges possible.
- Thanks to this question on Stack Overflow, the following must also have the following:
- The "Log on as a service" right (Start -> Control Panel -> Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment -> Log on as a service)
- "Access this computer from the network" (similar location as in the step above)
- "Deny logon locally"
- "Log on as a batch job"
- "Read & Execute", "List Folder Contents" and "Read" access to the file system that underpins the web site/application
- Thanks to this troubleshooting article on MSDN, I also found out that the user must be part of the "IIS_WPG" group.