Hi I have i problem, i need to change default application pool identity of SharePoint 2007 SP2 x64 from Network Service to LocalSystem because i have IIS7 native module that use LsaLogonUser function to authenticate using custom method and then impersonate every request using kerberos constrained delegation. LsaLogonUser function need Act as part of system and impersonate after authenticate. If i change manualy in IIS manager application pool Sharepoint service is unavailable and in Central Dministration -> operation -> service accounts -> web application pool -> for "Sharepoint 80" i can only select Network Service and Local Service. So my question is how to change Application Pool identity to LocalSystem so i can get all needed rights to call LsaLogonUser function? (or how to add new user that have all rights to run LsaLogonUser function, so i can run Sharepoint main app on that user) Tnx!

Hi,The configuration of Kerberos Constrained Delegation it's not simple.- First create a normal domain account.- Add the SPN record of your site to new account with command SETSPN.- Follow the same path for changing account in Central Admin and select Configurable (Not Predefined) in Service Accounts windows. Insert the logonname and password of account with SPN.- Other configuration need in your account or computer that use this Kerberos delegation.All the informations are here: http://technet.microsoft.com/en-us/library/cc263449.aspxGood work.Raffa!!!