Both in SharePoint 2007 and SharePoint 2010 policies can be defined where you grant or deny permissions to specific users on Web Application level. This overrules any permissions the user may or may not have on a Site Collection, Site, List or Item level.
For example: the Search Crawl Account (Content Access Account) will be given Full Read on all Web Applications to ensure all content is indexed.
In this section you have the option to check “Account operates as System”. This effectively hides the real user name and masks it as “System Account”.
Only for Windows Accounts
During experiments with Forms Based Authentication (in SharePoint 2010 through Claims Based Authentication), I found that while it is possible to give policy permissions to a non-Windows User, it is not possible to make it “operate as System”.
The SharePoint Logs confirmed that the underlying mechanism is really looking at Windows User Account Management to perform the lookup:
System.ComponentModel.Win32Exception: i:0#.f|fbamembershipprovider|demouser1 at Microsoft.SharePoint.Win32.SPAdvApi32.LookupAccountName(String strAccountName, String& strDomainName, SID_NAME_USE& sidUse) at Microsoft.SharePoint.Administration.SPPolicy.set_IsSystemUser(Boolean value)
If you’re developing for SharePoint 2010 the Application Pool has a setting called Ping Maximum Response Time with a default value of 90 seconds. In effect, this means that debugging your Web Part, Page, etc. in SharePoint 2010 will only work for 90 seconds and then you get this:
You can increase the value of Ping Maximum Response Time in the Application Pool Settings in IIS:
You can also increase the value for future Application Pools via Set Application Pool Defaults (see Actions menu):