Application pool identities IIS 7.5 Issues RRS feed

  • Question

  • User1805109794 posted


    I am trying to run an exe on a user's pc from a wcf service hosted in IIS 7.5. I created a website hosted on the same server as the wcf service.


    1. The website make a call to the wcf service

    2. The wcf service lunch the exe from the user's pc

    The webserver is a windows 2008 R2 server.

    I follwed the instruction outlined in this article http://learn.iis.net/page.aspx/624/application-pool-identities/.
    I used my account which has administrative rights on the server but I'm still getting the error message "Access is denied".

    This is my set up, I have a website that calls a wcf service and the wcf service execute an exe on my local machine.
    The exe will write to a text file.

    I give my account full access to the folder that contains the wcf service on the server.
    I also give my account full access to the folder that contains the exe on my local pc.

    I also create a different application pool for the wcf service. When I set the Identity for the apppool to run under my credentials, everytime I
    initiate a call from the website the apppool for the wcf service stop working.

    When I set the Identity to ApplicationPoolIdentity it returns an "Access Denied" error message.

    Any help is highly appreciated.

    Monday, February 13, 2012 1:40 PM

All replies

  • User-2064283741 posted

    Common when doing permission based problems is to do too much at once.

    First try everything on one machine.

    The machine (server) that has the site also have the exe (copy it from the clint/remote machine local to the serrver) . Does it work then?

    Try to excuste from remote machien often worries me but first establish if what you are trying to do can be done locally.



    Monday, February 13, 2012 2:04 PM
  • User521890537 posted

    Condition 1: From windows server you need to have access to file on user PC.

    Condition 2: the user website runs must have permission to execute file on user PC

     So what you would need to do is create administrator account on user pc.

    Create same administrator account on windows server and configure website run with that user.

    Tuesday, February 14, 2012 1:54 AM
  • User1805109794 posted

    Thanks very much for the reply. I Followed your instruction above. Copy the exe to the server that host the site and the wcf service and it worked. What should I do next? I move the exe back to the remote pc but it didn't work. I used my account with admin rights on the remote pc and the server. Any ideas will be very helpful.



    Wednesday, February 15, 2012 3:16 PM
  • User1805109794 posted

    How do you give the website permission to execute file on the user pc. When I go to the security settings to give permission to the

    IIS AppPool\DefaultApppool user account it tells me it can not find the user. Do you know what I'm missing or what I'm doing wrong?

    Thanks again for your respond.

    Wednesday, February 15, 2012 3:22 PM
  • User1773224436 posted


    Please check this article about IIS Application Pool Identities which ilustrates how to configure IIS Application Pool Identities and secure resource. Please check the securing resource section carefully.


    Monday, February 20, 2012 10:47 AM
  • User1805109794 posted

    Thanks for your response. I used the instructions in the securing resources section of the article and was able to get the wcf service run the exe successfully.  But how do I configure IIS to run the exe on a remote machine?

    When I moved the exe to a remote pc (my dev machine) and ran the test, it failed with error message ("Accessed Denied"). This is what the path look like to the exe on my dev machine(\\MachineName\$\TestFolder\WriteToFile.exe).

    When I change the folder to a share folder(\\MachineName\$\TestFolder\WriteToFile.exe) I got a different error messag(" path not found.")

    I am a newbie to IIS and the whole permission stuff on the server side.

    I also created a new domain account and give it read/write permission on the folder that has the exe on the remote machine. I added the account to the IIS_IUSRS group but I don't know how to make it work on the remote server.

    What am I missing here? How can I get IIS or the Identity pool to execute the exe on the remote mcahine? The article did not cover this in detail for a newbie.

    I added the new domain account to the custom account for the ApplicationPoolIdentity but it crashes the apppool when I run a test on.

    Thanks for the help.

    Thursday, February 23, 2012 9:40 AM
  • User1773224436 posted

    You can't configure IIS to run the exe directly, IIS hosts just the web application. That means you can enable Web applicatin hosted in IIS to access the exe remotely.

    Friday, February 24, 2012 1:57 AM
  • User1805109794 posted

    Thanks Mamba dai for the response. So how can I enable the web application to access the exe remotely? Do you have any resource that can walk me through the process?

    Friday, February 24, 2012 8:12 AM