...
By default in IIS7/7.5 application pools are configured with the identity "ApplicationPoolIdentity" by default, but can also default to "Local System", "Local Service" or "Network Service". This is not recommended for a production system.
For production instances of ET, we strongly recommend the use of a domain service account as the identity of the ET application pool, combined with the use of integrated authentication for connecting to the database ET will use for storing its data.
There are a number of reasons for configuring the identity this way, including:
1. The ability to specifically grant ET access to network resources (file system etc.);
2. Domain service accounts can have their password cycle, offering more security;
3. Integrated security to the database will ensure that you don't need to put your password as clear text for the database in a connection string, and makes it easier to manage password policy etc. between SQL server and the ET server; and
4. Integrated access to resources such as Active Directory/LDAP servers.
If this service is a member of an Active Directory domain we recommend creating a specific domain service account for use by Enterprise Tester, this will be useful when configured network filesystem access for the Enterprise Tester and makes it easier to identify Enterprise Tester and give it permissions to a database when using integrated security.
IIS7/7.5:
- Go to Control Panel -> Administrative Tools
- Launch IIS Administrator
- Expand the server node.
- Click on "Application Pools"
- Click on "Add Application Pool..." under Actions.
- Give the new application pool a descriptive name such as "Enterprise Tester".
- Select ".Net Framework v4.0.30319" from the .Net Framework version list.
- Select "Integrated" for the managed pipeline mode.
- Click OK to create the new application pool.
- Right click on the new application pool and select "Advanced Settings.."
- Under the "Process Model" section, change the Identity to your service account (if you have decided to use one).
...