Changing file permissions results in IdentityNotMappedException (when code is ran on web server)

I have the following code (from msdn) to set file permissions:

' Adds an ACL entry on the specified file for the specified account.
Sub AddFileSecurity(ByVal fileName As String, ByVal account As String, ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)

    ' Get a FileSecurity object that represents the 
    ' current security settings.
    Dim fSecurity As FileSecurity = File.GetAccessControl(fileName)

    ' Add the FileSystemAccessRule to the security settings. 
    Dim accessRule As FileSystemAccessRule = New FileSystemAccessRule(account, rights, controlType)

    fSecurity.AddAccessRule(accessRule)

    ' Set the new access settings.
    File.SetAccessControl(fileName, fSecurity)

End Sub

I call this using the group IIS_IUSRS (I've tried ComputerName/IIS_IUSRS too) and I'm trying to apply FileSystemRights.FullControl

But results in this error:

System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated

Which suggests IIS_IUSRS doesn't exist (it does). My next step is to output the users and groups on the machine to see what my code thinks does exist. In the mean time does anyone know why, or what is causing this?

This code works fine on my lo开发者_如何学运维cal machine but not when run on my web server. The app pool runs as network service and Network Server has FULL permission on the folder the files are in. I noticed this question that suggests the user needs permission on the directory - but this isn't the problem.

To work around this, change the authentication on the website to run as "Same as app pool" (as opposed to anonymous). Not the best answer, but have tried everything else.