Hello,
When installing IIS, several changes are made to the local security policy. These were documented in KB981949 for IIS versions 7, 7.5, and 8. However, in version 8.5, we're starting to see some change in that behavior. Rather than listing only the ApplicationPoolIdentity in certain rights (such as Adjust memory quotas for a process), we're seeing multiple IDs added. They seem to be listing ids for every application pool that is available by default when IIS is installed.
Why the change in behavior from adding only ApplicationPoolIdentity? Should we see more ids added to these lists when new application pools are created?
If I've missed some official Microsoft documentation on this, I apologize but I couldn't find anything specific to IIS 8.5.
I'd appreciate any info on this possible as it affects some of our security monitoring and auditing process. Thank you in advance.