Hello, i'm concerned about the security of the ./temp/appPools/* folders, I have set the folder to be full read/write by System and Local Administrators, plus full privileges to Owner Creator to make sure each AppPools could only read it's own temp folder (auto created by IIS 7.5) but the folder owner is incorrectly set to Administrators instead of "IIS APPPOOL\$AppPoolName", meaning the service will go 503 instead of working with increased security. As this is supposed to be a temp folder, it's not possible for me to pre-create every folders for ACL hardening, the folder could be deleted at any time. I am forced to allow "IIS IUSR" to have read privileges on the whole "./temp/appPools" folder to keep the service running but I don't feel comfortable with that.
Did i miss a checkbox or a hotfix for this problem ? What are the default ACLs for this folder ? What are the best security practices for this ?