Looking at the default security permissions of "wwwroot", I see that "IIS_IUSRS" has multiple permissions : Read&execute/List folder content/Read.
However, when I delete this group, the default website is always working.
Moreover, i already created other websites at the root of inetpub folder without the need to add this group.
So, all my websites work with the following security groups : Creator owner/System/Administrators/Users/TrustedInstaller.
Do I really need to add "IIS_IUSRS" to every website ?
Do I have a security problem if it works without this group ? So, do I need to remove one of the default groups ?