![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 55.00000000000001%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
The DefaultAppPool entry under C:\Users is legitimate and expected on systems running IIS (Internet Information Services).
When IIS uses application pool identities, it can create a user profile directory for the application pool identity account. For the built‑in pool DefaultAppPool, this profile is typically C:\Users\DefaultAppPool. This is used, for example, as the location for that identity’s %TEMP% folder when the app pool is configured to load its user profile.
This folder is part of normal IIS operation and is not a regular local user account. The identity:
- Is a virtual account created by IIS for the app pool.
- Has a corresponding security identifier (SID) named after the app pool (for example,
DefaultAppPool). - Can be used to secure files and folders (for example, granting permissions to
IIS AppPool\DefaultAppPool).
The folder should not be deleted manually. Removing it can break applications running in the DefaultAppPool, especially if they rely on the user profile or temp directory.
If IIS and the DefaultAppPool are no longer needed at all, the correct approach is to uninstall or disable IIS via Windows features, not to delete the C:\Users\DefaultAppPool folder directly.
References: