Fire up Internet Information Services Manager. (window-iis-return)
Find the Application Pools item in the Connections toolbar. One can reuse the default application pool or create a new one. Go for the latter since it is slightly more complicated and hence more fun.
I don't know what the settings above do but they seem to work.
Select your newly created application pool and the advanced settings. Change the Process model to LocalSystem.
(I had planned to create a "better" account with the proper limited rights but ran out of time. Someone else...?)
As one can see in the listing above the new application pool runs as different identity than the default ones.
Now change your web application to use this application pool. This could be made simpler by moving the menu for this to the same place as the other menus. To make the story short - select your site and look to the right of the IIS manager.
That is all there is to it.