It is using a custom user, which is specified in the Identity tab of the VaultShadowFolderPool Application Pool and is not in the web.config.
Oddly enough the shadowfolder log file in %windir%\temp was last written to on the date I upgraded to 3.0.7 ie 6/29. However the shadow folders have been working until last Friday 8/12. The last entry in the log is:
6/29/2005 7:27:57 PM <generic>: [<No Name>:3828] SimpleLogger finalized
The shadow folder user is in the User group of the machine (it's a domain user), and that group has special permissions to the %windir%\temp directory which allow "Traverse Folder/Execute File", "Create Files, Write Data" and "Create Folders/Append Data".
I've verified the following:
FULL CONTROL - %WINDIR%\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files
READ - .Net Framework hierarchy (%WINDIR%\Microsoft.NET\Framework\v1.1.4322)
FULL CONTROL - %APPDATA% for the .Net Domain Account ( C:\Documents and Settings\VaultShadowFolderAccount\Application Data)
FULL CONTROL - %IIS virtual vault service path%\VaultShadowFolder
FULL CONTROL - [Shadow Folder]
I can't seem to get to the security settings for %windir%\assembly
Mike