If you haven't noticed by now, I'm building a WCF Web Service that will be run in IIS 7.5. The service needs to save files to a folder outside of the Application's home directory. However, by default, the security account that IIS runs the service with does not have any privileges to any resources outside of Application's home folder. IIS 7.5, by default, creates virtual user accounts (that don't show up as regular users) to run worker processes for its Application Pools. The virtual account is named after the Application Pool that uses it. For example: the DefaultAppPool in IIS 7.5 runs as 'IIS AppPool\DefaultAppPool'. If you had an Application Pool named 'MyAppPool', the account name would be 'IIS AppPool\MyAppPool'. The virtual account is specific to the computer that runs the instance of IIS. So when you are choosing a user account to grant privileges make sure you have the Location set to the computer that is running IIS.