In the following steps, the term "application pool identity account" refers to the user account configured to run the application pool worker process. In IIS, this account is specified in the Application Pool Identity dialog box. You can select a built-in service account or set the credentials for a custom account.
The term "impersonated identity account" refers to the custom service account that ASP.NET uses to access domain resources in high-security deployments. This account's credentials are encrypted in the registry, and the registry location is specified in the Application Server's web.config file.