How to modify the user group of IIS APPPOOL \ xxx

Question

I created a IIS website, the application pool name is testAppPool.

Then I run the following code in the website, obtain current user group permissions:

WindowsIdentity winIdentity = WindowsIdentity.GetCurrent();

str += "<br/>Current user name:\t" + winIdentity.Name;

str += "<br/>Current user authentication type:\t" + winIdentity.AuthenticationType;

str += "<br/>Current user SID:\t" + winIdentity.User;

str += "<br/>Current user token:\t" + winIdentity.Token;

str += "<br/>Token owner SID:\t" + winIdentity.Owner;

str += $"<br/>Current user has {winIdentity.Groups.Count} group memberships.";

foreach (IdentityReference group in winIdentity.Groups)

{

  NTAccount ntAcc = (NTAccount)group.Translate(typeof(NTAccount));     

  str += $"<br/>    Group :  {ntAcc.Value}    ";  

}

I got this result like this:

Current user name: IIS APPPOOL\test
Current user authentication type: Negotiate
Current user SID: S-1-5-82-2084461697-3881244625-4442817516-662440669-514472240
Current user token: 2080
Token owner SID: S-1-5-82-2084461697-3881244625-4442817516-662440669-514472240
Current user has 9 group memberships.
    Group :  Everyone    
    Group :  BUILTIN\Users    
    Group :  NT AUTHORITY\SERVICE    
    Group :  CONSOLE LOGON    
    Group :  NT AUTHORITY\Authenticated Users   
    Group :  NT AUTHORITY\This Organization   
    Group :  BUILTIN\IIS_IUSRS    
    Group :  LOCAL    
    Group :  【SID: S-1-5-82-0】

It contains the user group BUILTIN\Users, and I found that IIS APPPOOL\test can access all disks, read and modify.How can I remove the IIS APPPOOL\test account from BUILTIN\Users group.thanks very much.

Answer 1

此响应已自动翻译。 因此，可能存在语法错误或奇异的措辞。

你好 xiongfj xiongfj，

感谢您在 Microsoft 社区论坛上发帖。

根据描述，我了解您的问题与 IIS 有关。

由于此论坛中没有专门研究 IIS 的工程师。为了能够快速有效地处理您的问题，我建议您在问答论坛中重新发布您的问题，那里将有专门的工程师为您提供专业有效的回复。

以下是 Q&A 论坛的链接： https://learn.microsoft.com/en-us/answers/questions/

有好的一天。

此致敬意

雷