An ASP.net application deployed on a IIS6/IIS7 server runs under the identity defined at application pool level unless the current logged in user is impersonated programmatically. PINpoint never impersonates the current logged in user.

Microsoft's recommendation is to set the application pool to point to the built-in Network Service account. This account is a low privileged account that satisfies the rights required by a web application to function.

Because the Network Service account is a low privileged account it does not have rights to create/update any files on the file system. At run time PINpoint needs to be able to update application specific files that are stored in the Logs and Resources folders. At installation time PINpoint grants full rights to the Network Service account to the above mentioned folders in the file system (PINpointRootFolder\Logs and PINpointRootFolder\Resources).