I started this question in the hopes of getting some help from the community, but in the process of fully explaining and detailing my problem it seems I've managed to solve it, in what seems to be a legit non hackish way (please tell me if I'm wrong), so I'm going to keep it here in the hopes that it will help others.
QUESTION
I'm in the process of upgrading my Visual Studio 2010 .NET 4 MVC4 site to Visual Studio 2013 .NET 4.5 MVC5. The site runs fine when using the Visual Studio IIS, but when I switch it over to Windows IIS and set the user to ApplicationPoolIdentity and start the site, I get a page saying "HTTP Error 503. The service is unavailable.", and the ApplicationPool gets stopped.
I've found a couple of questions asking the same thing on StackOverflow but none of them have an acceptable solution. One answer was to right click the AppPool > AdvancedSettings > LoadUserProfile = FALSE. This does work and I went with it for a while but I've just found it caused a problem with PhantomJS loading external scripts. I tested this by setting the AppPoolUser to NetworkService and setting LoadUserProfile to FALSE which still broke PhantomJS, and then I set LoadUserProfile to TRUE and it worked.
So I'm running the site using NetworkService and that's all good for now, but I want to be able to use ApplicationPoolIdentity by the time I finish this upgrade so that I can use ApplicationPoolIdentity on the production.
I've checked out EventViewer and I get a lot of warnings telling me that files can't be copied from
\\?\C:\Users\Default\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\SmartArt
to
\\?\C:\Users\TEMP.IIS APPPOOL.004\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\SmartArt Graphics\1033\TC101793893[[fn=Tabbed Arc]].glox.
I created a folder called APPPOOL.004, it then complained about APPPOOL.005, then APPPOOL.006, and it just kept going.
SOLUTION
I then gave ApplicationPoolIdentity full permissions to the C:\Users folder, started the site again and everything worked, the profile must have been created properly, and my site works as it should. I then removed access to C:\Users from ApplicationPoolIdentity and the site still works as it should.
I gave ApplicationPoolIdentity full permissions to the C:\Users folder, started the site and everything worked, the profile must have been created properly, and my site works as it should. I then removed access to C:\Users from ApplicationPoolIdentity and the site still works as it should.
Please tell me if I may have caused any extra security issues in giving ApplicationPoolIdentity temporary full access to C:\Users