I'm working on a migration from Server 2012 Essentials to Server 2019 Essentials. A run of BPA is pretty clean except for one regarding application pools.
Error Application pools should be set to run as application pool identities. Security
DNS and AD health are good and DCdiag report is clean with all PASS.
The Server 2012 Essentials was improperly updated a while back with .Net 4.5/4.6/4.7, which I know is not supported. Application Pools are all running at v4.0 level. The BPA error seems insignificant to the migration but just wanted to confirm before proceeding with adding the additional Server 2019 DC.
Thanks for any input.
Ken
Hello Ken,
That error is something that pops-up on all Essentials Servers because most Application Pools in IIS are for Essentials stuff that has been written to use NetworkService or LocalSystem. Those Identities have access to almost everything within Windows Server. Maybe they were lazy when they coded the Essentials bits and pieces. It is indeed a security issue but this cannot be changed easily. You should ignore this BPA error.
On a Windows Server that runs a website such as server-essentials.com, we will never use System Accounts but we will use an Application Pool Identity and grant that Id access to the folder where the website resides. That way it is isolated from all other processes that run.
Makes sense. Thanks.