Process Model Settings for an Application Pool <processModel>

Overview

By using the <processModel> element, you can configure many of the security, performance, health, and reliability features of application pools on IIS 7 and later. These include the following features:

  • Application pool identity, which is the name of the service or user account under which the application pool's worker process runs. This is defined by the identityType attribute. By default, starting in IIS 7.5 an application pool runs under the built-in ApplicationPoolIdentity account, which is created dynamically by the Windows Process Activation Service (WAS). (In IIS 7.0 the default identity was the NetworkService account.) You can change the identityType attribute value to the built-in NetworkService account, LocalService account, the built-in LocalSystem account, or a custom account that you create. If you choose a custom account, define the account credentials using the userName and password attributes. Be aware, however, that the NetworkService, LocalService and LocalSystem accounts have more user rights than the ApplicationPoolIdentity account. (Warning: It is a serious security risk to run an application pool using high-level user rights.) Additionally, you can use the logonType attribute to specify whether the process identity should log on as a batch user or service. (For additional information about logon types, see the LogonUser Function article.)
  • Web gardening and use of Non-Uniform Memory Access (NUMA) hardware, which you can configure by setting the maxProcesses attribute. For Web gardening, see maxProcesses to a value greater than one. For use of NUMA hardware, set maxProcesses to a value of "0" to specify that IIS runs the same number of worker processes as there are NUMA nodes.
  • Idle time-out settings, which allows you to set how long a worker process remains idle before it shuts downs. Edit the idleTimeout attribute to configure this setting.
  • Health monitoring by enabling pings against the worker process, the maximum time allowed for a worker process to respond to a ping, and the frequency of pings sent to a worker process to monitor its health. Edit the pingingEnabled, pingInterval, and pingResponseTime attributes to configure these settings.
  • Worker process shutdown and startup time limits. The first limit is set by the shutdownTimeLimit attribute and determines the interval that IIS 7 and later gives a worker process to finish all requests before the WWW service terminates the worker process. The second limit is set by the startupTimeLimit attribute and specifies the amount of time IIS 7 and later allows an application pool to start.

Compatibility

Version Notes
IIS 10.0 The <processModel> element was not modified in IIS 10.0.
IIS 8.5 The idleTimeoutAction attribute was added enabling a worker process that is idle for the duration of the idleTimeout attribute to be either terminated or suspended, not just terminated.
IIS 8.0 The setProfileEnvironment attribute was added enabling the environment to be set based on the user profile for a new process. Values were added for the maxProcesses attribute, including support for Non-Uniform Memory Access (NUMA). The logEventOnProcessModel attribute was added to specify the action taken in the process is logged.
IIS 7.5 The <processModel> element of the <add> element was updated in IIS 7.5 to include settings that allow you run applications using the new ApplicationPoolIdentity and to specify the login type for the process identity.
IIS 7.0 The <processModel> element was introduced in IIS 7.0.
IIS 6.0 The <processModel> element replaces some of the settings in the IIS 6.0 IIsApplicationPools metabase object.

Setup

The <applicationPools> collection is included in the default installation of IIS 7 and later.

How To

How to edit process model configuration settings

  1. Open Internet Information Services (IIS) Manager:

    • If you are using Windows Server 2012 or Windows Server 2012 R2:

      • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows 8 or Windows 8.1:

      • Hold down the Windows key, press the letter X, and then click Control Panel.
      • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
    • If you are using Windows Server 2008 or Windows Server 2008 R2:

      • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows Vista or Windows 7:

      • On the taskbar, click Start, and then click Control Panel.
      • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, expand the server name, click Application Pools, and click the application pool you want to edit. Screenshot of the I I S Manager window displaying the Application Pools page.

  3. In the Actions pane, click Advanced Settings...

  4. In the Advanced Settings dialog box, click the process model property that you want to edit, and then edit it in the property value section of the dialog box, and then click OK. For example, change the Shutdown Time Limit (seconds) and Startup Time Limits (seconds) to 30.
    Screenshot of the Advanced Settings dialog box. Process Model is highlighted.

How to configure IIS for use with Non-Uniform Memory Access (NUMA) hardware

  1. Open Internet Information Services (IIS) Manager:

    • If you are using Windows Server 2012 or later:

      • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows 8 or later:

      • Hold down the Windows key, press the letter X, and then click Control Panel.
      • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, expand the server name, and then click Application Pools.

  3. In the Application Pools pane, select the pool that you want to configure for NUMA.

  4. In the Actions pane, select Advanced Settings.

  5. Under Process Model pane, set Maximum Worker Processes to 0.

    Screenshot of the Advanced Settings pane. Maximum Worker Processes is highlighted in the list.

How to configure the idle timeout action

  1. Open Internet Information Services (IIS) Manager:

    • If you are using Windows Server 2012 R2:

      • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows 8.1:

      • Hold down the Windows key, press the letter X, and then click Control Panel.
      • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, double-click the server name, double-click Application Pools, and then select the application pool to configure.

  3. In the Actions pane, click Advanced Settings.

  4. In the Process Model section of the Advanced Settings dialog box, for idleTimeoutAction, select Terminate or Suspend.

  5. Click OK.

    Screenshot of the Advanced Settings dialog box. Idle Time out-Action is highlighted and Terminate is selected in the drop down menu.

Configuration

You configure the <processModel> element at the server level in the ApplicationHost.config file.

Attributes

Attribute Description
identityType Optional enum attribute.

Specifies the account identity under which the application pool runs.

Note: Starting in IIS 7.5 the default value is ApplicationPoolIdentity. (In IIS 7.0 the default value was NetworkService.)

The identityType attribute can be one of the following possible values; the default is NetworkService.

Value Description
ApplicationPoolIdentity Specifies that the application pool runs under the dynamically-created application pool identity account. Starting in IIS 7.5, ApplicationPoolIdentity is the default identity under which to run application pools. (In IIS 7.0 the default identity was NetworkService.)

When an application pool runs under the ApplicationPoolIdentity account, the application pool accesses resources as the "IIS AppPool&lt;AppPool>" identity. For example, for the "DefaultAppPool", the identity is "IIS AppPool\DefaultAppPool". This identity allows administrators to specify permissions that pertain only to the identity under which the application pool is running, thereby increasing server security.

The numeric value is 4.
LocalService Specifies that the application pool runs under the built-in LocalService account, which has the same user rights as NetworkService.

When an application pool runs under the LocalService account, the application pool presents anonymous credentials on the network.

Note: Running an application pool under an account that has high-level user rights is a serious security risk.

The numeric value is 1.
LocalSystem Specifies that the application pool runs under the built-in LocalSystem account, which has extensive privileges on the local computer and acts as the computer on the network.

Note: Running an application pool under an account that has high-level user rights is a serious security risk.

The numeric value is 0.
NetworkService Specifies that the application pool runs under the built-in NetworkService account. In IIS 7.0 this was the default identity under which to run application pools; in IIS 7.5 default was changed to ApplicationPoolIdentity.

When an application pool runs under the NetworkService account, the application pool accesses network resources as the computer account.

The numeric value is 2.
SpecificUser Specifies that the application pool runs under a custom identity, which is configured by using the userName and password attributes.

Note: To avoid storing unencrypted password strings in configuration files, always use AppCmd.exe or IIS Manager to enter passwords. If you use these management tools, the password strings will be encrypted automatically before they are written to the XML configuration files. This provides better password security than storing unencrypted passwords.

Note: Managed service accounts can be used to enable services and tasks to share their own domain accounts and to enable automatic password management, eliminating the need for an administrator to manually administer passwords. For more information, see What's New for Managed Service Accounts.

The numeric value is 3.
idleTimeout Optional timeSpan attribute.

Specifies how long (in minutes) a worker process should run idle if no new requests are received and the worker process is not processing requests. After the allocated time passes, the worker process should request that it be shut down by the WWW service.

The default value is 00:20:00.

To disable the idle timeout feature, set this value to 00:00:00.
idleTimeoutAction Optional enum attribute.

Specifies the action to perform when the idle timeout duration has been reached. Before IIS 8.5, a worker process that was idle for the duration of the idleTimeout attribute would be terminated. After IIS 8.5, you have the choice of terminating a worker process that reaches the idleTimeout limit, or suspending it by moving it from memory to disk. Suspending a process will likely take less time and consume less memory than terminating it.

You can configure an idle timeout action of suspend with the fake request of application initialization (see applicationInitialization.

The idleTimeoutAction attribute can have the following possible values. The default value is Terminate.
Value Description
Terminate Terminates an idle worker process. This requires a longer startup period when the site is subsequently accessed by a user and the worker process is started.

The numeric value is 0.
Suspend Suspends an idle worker process. This leaves the worker process alive, but moved from memory to disk, reducing the system resources consumed. When a request subsequently comes in, the memory manager loads the page files that are required for the request from disk to memory, likely making the worker process available more quickly than if it had been previously terminated.

The numeric value is 1.
loadUserProfile Optional Boolean attribute.

Specifies whether IIS loads the user profile for the application pool identity. Setting this value to false causes IIS to revert to IIS 6.0 behavior. IIS 6.0 does not load the user profile for an application pool identity.

The default value is false.
logEventOnProcessModel Optional flags attribute.

Specifies which action taken in the process gets logged to the Event Viewer. In IIS 8.0, the only action that applies is the idle timeout action, in which the process is terminated because it was idle for the idleTimeout period.

Flag name equals IdleTimeout. Value is 1.

The default value is IdleTimeout.
logonType Optional enum attribute.

Specifies the logon type for the process identity. (For additional information about logon types, see the LogonUser Function article.)

Note: This attribute was introduced in IIS 7.5.

The logonType attribute can be one of the following possible values; the default is LogonBatch.
Value Description
LogonBatch Specifies that the application pool identity should logon as a batch user.

The numeric value is 0.
LogonService Specifies that the application pool identity should logon as a service.

The numeric value is 1.
manualGroupMembership Optional Boolean attribute.

Specifies whether the IIS_IUSRS group Security Identifier (SID) is added to the worker process token. When false, IIS automatically uses an application pool identity as though it were a member of the built-in IIS_IUSRS group, which has access to necessary file and system resources. When true, an application pool identity must be explicitly added to all resources that a worker process requires at runtime.

The default value is false.
maxProcesses Optional uint attribute.

Indicates the maximum number of worker processes that would be used for the application pool.
  • A value of "1" indicates a maximum of a single worker process for the application pool. This would be the setting on a server that does not have NUMA nodes.
  • A value of "2" or more indicates a Web garden that uses multiple worker processes for an application pool (if necessary).
  • A value of "0" specifies that IIS runs the same number of worker processes as there are Non-Uniform Memory Access (NUMA) nodes. IIS identifies the number of NUMA nodes that are available on the hardware and starts the same number of worker processes. For example, if you have four NUMA nodes, it will use a maximum of four worker processes for that application pool. In this example, setting maxProcesses to a value of "0" or "4" would have the same result.
The default value is 1.
password Optional string attribute.

Specifies the password associated with the userName attribute. This attribute is only necessary when the value of identityType is SpecificUser.

Note: To avoid storing unencrypted password strings in configuration files, always use AppCmd.exe or IIS Manager to enter passwords. If you use these management tools, the password strings will be encrypted automatically before they are written to the XML configuration files. This provides better password security than storing unencrypted passwords.
pingingEnabled Optional Boolean attribute.

Specifies whether pinging is enabled for the worker process.

The default value is true.
pingInterval Optional timeSpan attribute.

Specifies the time between health-monitoring pings that the WWW service sends to a worker process.

The default value is 00:00:30 (30 seconds).
pingResponseTime Optional timeSpan attribute.

Specifies the time that a worker process is given to respond to a health-monitoring ping. After the time limit is exceeded, the WWW service terminates the worker process.

The default value is 00:01:30 (1 minute 30 seconds).
requestQueueDelegatorIdentity Optional String attribute.

Specifies the account identity that has permission to delegate HTTP requests to the application pool.

Note: This attribute is not available in the Internet Information Services (IIS) Manager UI.
setProfileEnvironment Optional Boolean attribute.

When setProfileEnvironment is set to True, WAS creates an environment block to pass to CreateProcessAsUser when creating a worker process. This ensures that the environment is set based on the user profile for the new process.

The default value is True.
shutdownTimeLimit Optional timeSpan attribute.

Specifies the time that the W3SVC service waits after it initiated a recycle. If the worker process does not shut down within the shutdownTimeLimit, it will be terminated by the W3SVC service.

The default value is 00:01:30 (1 minute 30 seconds).
startupTimeLimit Optional timeSpan attribute.

Specifies the time that IIS waits for an application pool to start. If the application pool does not startup within the startupTimeLimit, the worker process is terminated and the rapid-fail protection count is incremented.

The default value is 00:01:30 (1 minute 30 seconds).
userName Optional string attribute.

Specifies the identity under which the application pool runs when the identityType is SpecificUser.

Child Elements

None.

Configuration Sample

The following configuration sample uses the application pool <add> element to create a new application pool named Contoso. The <recycling> element configures logging for application pool restarts, the <periodicRestart> element configures when the application pool restarts, and the <processModel> element configures the shutdownTimeLimit and startupTimeLimit attributes for shutting down and starting the worker processes in the application pool for 30 seconds each. If these time limits are exceeded, IIS terminates the worker process.

<add name="Contoso">
   <recycling logEventOnRecycle="Schedule">
      <periodicRestart>
         <schedule>
            <clear />
            <add value="03:00:00" />
         </schedule>
      </periodicRestart>
   </recycling>
   <processModel identityType="NetworkService" shutdownTimeLimit="00:00:30" startupTimeLimit="00:00:30" />
</add>

Sample Code

The following examples change the processModel.shutdownTimeLimit and processModule.startupTimeLimit property values to 30 seconds each for an application pool named Contoso.

AppCmd.exe

appcmd.exe set apppool "Contoso" /processModel.shutdownTimeLimit:00:00:30

appcmd.exe set apppool "Contoso" /processModel.startupTimeLimit:00:00:30

You can also use the following syntax:

appcmd.exe set config -section:system.applicationHost/applicationPools /[name='Contoso'].processModel.shutdownTimeLimit:"00:00:30" /commit:apphost

appcmd.exe set config -section:system.applicationHost/applicationPools /[name='Contoso'].processModel.startupTimeLimit:"00:00:30" /commit:apphost

Note

You must be sure to set the commit parameter to apphost when you use AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.

C#

using System;
using System.Text;
using Microsoft.Web.Administration;

internal static class Sample
{
   private static void Main()
   {
      using (ServerManager serverManager = new ServerManager())
      {
         Configuration config = serverManager.GetApplicationHostConfiguration();
         ConfigurationSection applicationPoolsSection = config.GetSection("system.applicationHost/applicationPools");
         ConfigurationElementCollection applicationPoolsCollection = applicationPoolsSection.GetCollection();

         ConfigurationElement addElement = FindElement(applicationPoolsCollection, "add", "name", @"Contoso");
         if (addElement == null) throw new InvalidOperationException("Element not found!");

         ConfigurationElement processModelElement = addElement.GetChildElement("processModel");
         processModelElement["shutdownTimeLimit"] = TimeSpan.Parse("00:00:30");
         processModelElement["startupTimeLimit"] = TimeSpan.Parse("00:00:30");

         serverManager.CommitChanges();
      }
   }

   private static ConfigurationElement FindElement(ConfigurationElementCollection collection, string elementTagName, params string[] keyValues)
   {
      foreach (ConfigurationElement element in collection)
      {
         if (String.Equals(element.ElementTagName, elementTagName, StringComparison.OrdinalIgnoreCase))
         {
            bool matches = true;
            for (int i = 0; i < keyValues.Length; i += 2)
            {
               object o = element.GetAttributeValue(keyValues[i]);
               string value = null;
               if (o != null)
               {
                  value = o.ToString();
               }
               if (!String.Equals(value, keyValues[i + 1], StringComparison.OrdinalIgnoreCase))
               {
                  matches = false;
                  break;
               }
            }
            if (matches)
            {
               return element;
            }
         }
      }
      return null;
   }
}

VB.NET

Imports System
Imports System.Text
Imports Microsoft.Web.Administration

Module Sample
   Sub Main()
      Dim serverManager As ServerManager = New ServerManager
      Dim config As Configuration = serverManager.GetApplicationHostConfiguration
      Dim applicationPoolsSection As ConfigurationSection = config.GetSection("system.applicationHost/applicationPools")
      Dim applicationPoolsCollection As ConfigurationElementCollection = applicationPoolsSection.GetCollection
      Dim addElement As ConfigurationElement = FindElement(applicationPoolsCollection, "add", "name", "Contoso")

      If (addElement Is Nothing) Then
         Throw New InvalidOperationException("Element not found!")
      End If

      Dim processModelElement As ConfigurationElement = addElement.GetChildElement("processModel")
      processModelElement("shutdownTimeLimit") = TimeSpan.Parse("00:00:30")
      processModelElement("startupTimeLimit") = TimeSpan.Parse("00:00:30")
      serverManager.CommitChanges()
   End Sub

   Private Function FindElement(ByVal collection As ConfigurationElementCollection, ByVal elementTagName As String, ByVal ParamArray keyValues() As String) As ConfigurationElement
      For Each element As ConfigurationElement In collection
         If String.Equals(element.ElementTagName, elementTagName, StringComparison.OrdinalIgnoreCase) Then
            Dim matches As Boolean = True
            Dim i As Integer
            For i = 0 To keyValues.Length - 1 Step 2
               Dim o As Object = element.GetAttributeValue(keyValues(i))
               Dim value As String = Nothing
               If (Not (o) Is Nothing) Then
                  value = o.ToString
               End If
               If Not String.Equals(value, keyValues((i + 1)), StringComparison.OrdinalIgnoreCase) Then
                  matches = False
                  Exit For
               End If
            Next
            If matches Then
               Return element
            End If
         End If
      Next
      Return Nothing
   End Function


End Module

JavaScript

var adminManager = new ActiveXObject('Microsoft.ApplicationHost.WritableAdminManager');
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST";
var applicationPoolsSection = adminManager.GetAdminSection("system.applicationHost/applicationPools", "MACHINE/WEBROOT/APPHOST");
var applicationPoolsCollection = applicationPoolsSection.Collection;

var addElementPos = FindElement(applicationPoolsCollection, "add", ["name", "Contoso"]);
if (addElementPos == -1) throw "Element not found!";

var addElement = applicationPoolsCollection.Item(addElementPos);
var processModelElement = addElement.ChildElements.Item("processModel");
processModelElement.Properties.Item("shutdownTimeLimit").Value = "00:00:30";
processModelElement.Properties.Item("startupTimeLimit").Value = "00:00:30";

adminManager.CommitChanges();

function FindElement(collection, elementTagName, valuesToMatch) {
   for (var i = 0; i < collection.Count; i++) {
      var element = collection.Item(i);
      if (element.Name == elementTagName) {
         var matches = true;
         for (var iVal = 0; iVal < valuesToMatch.length; iVal += 2) {
            var property = element.GetPropertyByName(valuesToMatch[iVal]);
            var value = property.Value;
            if (value != null) {
               value = value.toString();
            }
            if (value != valuesToMatch[iVal + 1]) {
               matches = false;
               break;
            }
         }
         if (matches) {
            return i;
         }
      }
   }
   return -1;
}

VBScript

Set adminManager = createObject("Microsoft.ApplicationHost.WritableAdminManager")
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST"
Set applicationPoolsSection = adminManager.GetAdminSection("system.applicationHost/applicationPools", "MACHINE/WEBROOT/APPHOST")
Set applicationPoolsCollection = applicationPoolsSection.Collection

addElementPos = FindElement(applicationPoolsCollection, "add", Array("name", "Contoso"))
If siteElementPos = -1 Then
   WScript.Echo "Element not found!"
   WScript.Quit
End If

Set addElement = applicationPoolsCollection.Item(addElementPos)
Set processModelElement = addElement.ChildElements.Item("processModel")
processModelElement.Properties.Item("shutdownTimeLimit").Value = "00:00:30"
processModelElement.Properties.Item("startupTimeLimit").Value = "00:00:30"

adminManager.CommitChanges()

Function FindElement(collection, elementTagName, valuesToMatch)
   For i = 0 To CInt(collection.Count) - 1
      Set element = collection.Item(i)
      If element.Name = elementTagName Then
         matches = True
         For iVal = 0 To UBound(valuesToMatch) Step 2
            Set property = element.GetPropertyByName(valuesToMatch(iVal))
            value = property.Value
            If Not IsNull(value) Then
               value = CStr(value)
            End If
            If Not value = CStr(valuesToMatch(iVal + 1)) Then
               matches = False
               Exit For
            End If
         Next
         If matches Then
            Exit For
         End If
      End If
   Next
   If matches Then
      FindElement = i
   Else
      FindElement = -1
   End If
End Function