IIS 7 Tip # 3 You can now load the user profile of the application pool identity

IIS 6.0 does not load the user profile of the application pool identity. But with IIS 7.0 you now have a choice to load the profile if needed. This feature is disabled by default on Windows 2008.


add name="DefaultAppPool">
processModel identityType="NetworkService" loadUserProfile="true" idleTimeout="00:05:00" />

If you change this to True the profile of your Application Pool is loaded and is available for your application.

You can use this to isolate your applications even further. For example when this option is set to False ( the profile is not loaded ) your application will use the c:\windows\temp folder as its temporary directory. If you have other application pools even they will use the same c:\windows\temp folder. If you set the option to load the user profile the temporary directory will be now change to use the profile’s temporary folder C:\Users\apppooluserid\AppData\Local\Temp.

If the profile is loaded you also have access to all the custom environment variables for that user.

Here’s a question what do you think will the temporary folder be when the Application Pool identity is set to Network Service and Load User Profile is set to True ?

It is not C:\Users\NetworkService\AppData\Local\Temp. but C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp

Bookmark and Share

Comments (6)
  1. Howard Hoffman says:

    Question:  In IIS6 if an ASP.NET application wishes to query WMI via System.Management.MangementObjectSearcher to query the state of running Windows Services it needed to do so in the context of an interactive login (meaning you had to use Win32 LogonUser to establish a separate login and run the WMI Query during that logon).

    [I beleive the limitation is/was in the SCM Win32 API.]

    Does this new IIS7 user-profile mechanism mean that the AppPool ‘logon’ is sufficiently authorized to run WMI / SCM queries?

  2. Steve says:

    Thank you. Just what I was looking for

  3. Jia says:

    I found the name of the app pool user profile folder is not in the format of {app pool name} (win2008 server + IIS7), I created a bunch of app pools and enabled load user profiles on her box, the profile folders looked like below and numbered sequentially:






    any idea why?

  4. Abatou says:

    I use iis8.5+php5.6. Load zip file. It has the temp file in c:windowstemp folder. According this article, it will use isolate temp folder if Load user Profile is true. But I have my site's application pooladvance settingload user profile is true, it does not word at all. I do not know why.

    Now, php has no permission to load temp file from c:windowstemp. It must add Everyone to c:windowstemp. This method has security problem, I think.

  5. Miriam Nussbacher says:

    How do I do this for all application pools at once?

Comments are closed.

Skip to main content