Monday, November 29, 2010

SharePoint 2010–App Pool Account User Rights

This is a quick one: Had a new web application in a new farm – so it was the first time the app pool identity was put to use. The app pool would not start with SQL-sounding errors like ‘Unknown SQL Exception 1346 occurred...Either a required impersonation level was not provided, or the provided impersonation level is invalid’.

So after verifying all of the usual suspects, it was determined that adding the user to the local administrators group resolved the issue. Of course that is not a good solution, so I wanted to find out what the smallest set of user rights should be for that account. In the end (and working well so far), the user is a plain-Jane domain user with these rights:

  • Log on as a batch job
  • Generate security audits
  • Impersonate a client after authentication
© I caught you a delicious bass.
Back to top