如何修改IIS APPPOOL\xxx的用户组

我创建了一个IIS网站，应用程序池名称是testAppPool。

然后我在网站中运行以下代码，获取当前用户组权限：

 WindowsIdentity winIdentity = WindowsIdentity.GetCurrent();

 if (winIdentity == null)
 {
     str += "Cannot get current user identity. Exiting...";
 }
 else
 {
     str += "<br/>Current user name:\t" + winIdentity.Name;
     str += "<br/>Current user authentication type:\t" + winIdentity.AuthenticationType;
     str += "<br/>Current user SID:\t" + winIdentity.User;
     str += "<br/>Current user token:\t" + winIdentity.Token;
     str += "<br/>Token owner SID:\t" + winIdentity.Owner;
     str += $"<br/>Current user has {winIdentity.Groups.Count} group memberships.";

     foreach (IdentityReference group in winIdentity.Groups)
     {
         try
         {
             NTAccount ntAcc = (NTAccount)group.Translate(typeof(NTAccount));
             str += $"<br/>&nbsp;&nbsp;&nbsp;&nbsp;Group :&nbsp;&nbsp;{ntAcc.Value}&nbsp;&nbsp;&nbsp; 【SID:&nbsp;{group.Value}】";
         }
         catch (Exception ex)
         {
             str += $"<br/>&nbsp;&nbsp;&nbsp;&nbsp;Group :&nbsp;&nbsp;【SID:&nbsp;{group.Value}】";
         }
     }
 }

我得到这样的结果：

Current user name: IIS APPPOOL\test
Current user authentication type: Negotiate
Current user SID: S-1-5-82-2084461697-3881244625-4442817516-662440669-514472240
Current user token: 2080
Token owner SID: S-1-5-82-2084461697-3881244625-4442817516-662440669-514472240
Current user has 9 group memberships.
    Group :  Everyone    
    Group :  BUILTIN\Users    
    Group :  NT AUTHORITY\SERVICE    
    Group :  CONSOLE LOGON    
    Group :  NT AUTHORITY\Authenticated Users   
    Group :  NT AUTHORITY\This Organization   
    Group :  BUILTIN\IIS_IUSRS    
    Group :  LOCAL    
    Group :  【SID: S-1-5-82-0】

它包含用户组BUILTIN\Users，我发现IIS APPPOOL est可以访问所有磁盘，读取和修改。

如何从 BUILTIN\Users 组中删除 IIS APPPOOL est 帐户。

非常感谢。