Write access to EVERYONE works, IUSR, IIS_IUSRS, DefaultAppPool does not work. why?

You can add the account through the NTFS GUI by typing it in directly. The name is in the format of IIS APPPOOL\<<app pool name>>, e.g. IIS APPPOOL\DefaultAppPool. (see this Microsoft support article)

An alternative solution: I've been using the "Network Service" account as application pool user granting it write permission.

Under IIS 7.5 (and optionally in IIS 7) all workers run with Application Pool Identity: user "IIS AppPool*PoolName*".

Grant access to that user rather than Everyone (you'll need to type the name into the select identity dialogues—it won't show up in the find function).

There is a very useful page on iis.net that covers things in much more detail.

Also note: under IIS7 (Server 2008):

• You set app pool identity on a per-app pool basis in the advanced settings.
• There is no GUI support, so you'll need the command line to set permissions (icacls.exe).

Finally SQL Server's identity selection doesn't know about app pool identity either: use CREATE LOGIN and CREATE USER initially, after this the GUI can be used to grant roles etc.