For PHP Fastcgi (for example) - even though the Taskmgr user is listed as "NETWORK SERVICE" (ala the app pool) - it impersonates the Anonymous user, so can still only access its own hosting space.
If you use an ASP file browser, that can also only access its own hosting directory (so I assume that is impersonating too).
Hence why I thought it would be OK to use shared, I didn't realise .NET was different.
Lucky I asked 🙂

I don't know how you configured your PHP, but for me PHP processes run under the same web identity, not a shared one.
Same for my asp.net, iis exe's, etc
My websites have 100% their own user, and it's the only way it works, as anon, and everyone, and users, and any global one besides full fledged domain admin simply has no rights to acces the files (not even read, let alone execute).

What I'm saying is, you can safely run PHP processes under a shared application pool, as you make them impersonate the anonymous user on script execution. (fastcgi.impersonate = 1)
Hence my confusion about this .NET issue.

What I'm saying is, you can safely run PHP processes under a shared application pool, as you make them impersonate the anonymous user on script execution. (fastcgi.impersonate = 1)
Hence my confusion about this .NET issue.