IIS 7.x by default no longer uses networking service as the default user for each application pool instead it uses ApplicationPoolIdentity which is a dynamically generated account that takes the form IIS APPPOOL\ApplicationPoolName,
This mechanism is designed to allow more granular control over access permissions - however - last time I looked at this area - the implementation was flawed - as there is no easy way to manage these dynamic users - or assign permissions to them as they do not appear in the acl object picker by default.
There are a couple of options to deal with this issue.
check your application pool and verify what identity is assigned to it
-- if it is assigned to use ApplicationPoolIdentity then you can either:
** change it to Network Service -- if this is your own server and u have full control its not a bad idea
** or create a new user "give it whatever name u like" - and assign that user as the pool identity - if you host many sites its not a bad idea for each to have its own identity user. Maybe a user called wwwDNN_app_poll or some such if your application pool is named wwwDNN
********
OR u can use the command line and icacls to assign the applicationpoolidentity user to your web site directory.
icacls c:\inetpub\wwwdnn /grant "IIS APPPOOL\wwwdnn":(OI)(CI)(F)
this grants the user 'IIS APPPOOL\wwwdnn' full access account permission to the folder c:\inetpub\wwwdnn and its descendants
- where the name of the application pool associated with your website is wwwdnn
Note: after you have initially granted the application pool user access permissions using icacls - you can then manage them using the normal gui security tab in internet explorer or from Edit Permissions in IIS.
Once you understand what is happening = the last option is the correct methodology to adopt long term - since it is the by design option - just a pity ms has not fully implemented its functionality in the access control list object picker.
Westa