Overview of Windows User Accounts (including for IIS)

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Profile image of Mattias Geniar

Mattias Geniar, June 13, 2008

Follow me on Twitter as @mattiasgeniar

After installing Windows Server 2003, with or without IIS (Internet Information Service), there are quite a few user accounts & groups created by default. But what are they used for? Say I want to give a certain folder some extra rights, what user/group accounts do I need to add?

Let’s go over them, one by one, and briefly explain what each user account is used for, and what its purpose is by default. I’ll restrict the list to Windows Server 2003 and IIS 6.0 users. I just might make one for Windows Server 2008 some day too, but that’s beyond the scope of this article.

IIS_WPG

The IIS_WPG (Or IIS Worker Process Group) provides a minimum set of priviliges and permissions required to run a worker process on a webserver. By default, this group contains the following accounts: Network Service, Local Service, LocalSystem, and IWAM__COMPUTERNAME_ . If you want to change a IIS worker process to a new user account (one that you create yourself), make sure that accounts belongs to the IIS_WPG group. Doing so will give it the right permissions from the start to work properly.

**NETWORKSERVICE

** This account has fewer privileges than the LocalService account (in which nearly all programs were started in Windows Server 2000), and is used for starting most applications on Windows Server 2003. It provides a more secure layer, as it doesn’t allow full access to your server.

**LOCALSYSTEM

** This user account is used to run some services that require full privileges, such as the Automatic Update Service. DHCP client, … This account is also used by the Service Control Manager and can be compared to an Administrator account.

LOCALSERVICE



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.