Running IIS 10, I used a domain user as the application pool identity: my-company/custom_app_pool_identity
But it was also given a local administrator, so I completely removed that user from the server itself (Didn't want an identity to also be a local administrator - you can see its password using the appcmd command)
In the code (PHP), it accesses a network folder, X:/some_folder.
The website that this app pool runs then display the files from that folder, but if not, it just doesn't display anything (No error if no access).
But now, after the removal, I can't see any files which probably means the app does not have access to X:/some_folder. Because in the local dev environment, I do see the files. (It's weird because it did work right after the removal, so maybe it was cached?)
But - I was sure that I can completely remove the domain user from the server itself, because it's a domain user, so if this user is added to the allowed user of that network folder, then when the app is run by IIS with the identity my-company/custom_app_pool_identity, it should work? Or, if I run any identity with IIS under a custom user, I also need that user to be present on the server itself?
If so, should I just add it back to the server and give it the right permissions (And not Admnin)?
Update: I just checked the folder Security (in Properties), from some reason, the domain user was removed from the Users list there. When I re-added the domain user again and gave him the right permissions, it came back to work. So I can confirm that it works even if the user does not exist as a local user on the server. I just wonder why it disappred from the Users list because it was there before I removed the users from local admins
