I have a site which I'm trying to secure. It is set up with impersonation
turned ON. In IIS, I've set the site up to support anonymous access for a
specific user "MyWebUser".

In the file system, the docroot and all child directories are set up where
the user "MyWebUser" and the "ASPNET" user have all the necessary read

IMPORTANT NOTE: My site has a bunch of stuff pre-compiled in a DLL but it
also has pages the require dynamic compilation.

Here's the problem: If I set up permissions only for these two users (My
impersonating "MyWebUser" and "ASPNET"), but I do NOT include the "Users"
group in my permissions, I get the error:

"Access denied to 'C:\AxServerLA\WebSite\Default.aspx'. Failed to start
monitoring file changes."

I hate having users and groups in my permissions that I don't understand.
Can you tell me exactly the user (and the minimum required permissions for
that user), that is needed in order to allow whatever "Monitoring" or dynamic
compilation, or whatever is necessary so that this will work?

I've looked at KB "815153, "HOW TO: Configure NTFS File Permissions for
Security of ASP.NET Applications", but it SPECIFICALLY says that these
configurations will only work for sites where all code is pre-compiled into a
DLL, and that doesn't apply to me.