As a best practice, administrators must take into account the identity of the user running the IIS worker thread. The machine account places restrictions on the asp.net worker process that make it incompatible with certain web server applications that must access non-local disk groups. For this reason, the asp.net worker process must run as a secondary identity to ensure access to these disk groups. Windows Server applications pools offer an excellent solution for running asp.net applications as secondary identities.
To create an application pool: