Based on the Application Pool Identities article:
IIS introduces a new security feature in Service Pack 2 (SP2) of Windows Server 2008 and Windows Vista. It's called Application Pool Identities. Application Pool Identities allow you to run Application Pools under a unique account without having to create and manage domain or local accounts. The name of the Application Pool account corresponds to the name of the Application Pool.
Here's a good explanation of what happens:
In Windows 7, IIS application pool isolation was taken yet to a different level. The new change introduced in IIS7 (Windows Server 2008) was a new option to run your application pool as AppPoolIdentiy. However, the default for an application pool identity in IIS7 remained the same – NetworkService. In IIS7.5, AppPoolIdentiy becomes a default. Thus, scripts previously expecting permissions for their application pool identity to be set to “NT Service\NetworkService” will now have to set permissions (ACLs) for “IIS AppPool\” – the user account created for each new application pool.
Thus, to set permissions for the DefaultAppPool, the scripts will need to set ACLs for “IIS AppPool\DefaultAppPool”.