Permissions to wp-content folder in Windows Server 2012

I’ve made some tests to solve this problem: trying to update some plugins via WordPress backend I always receive a “Unable to create folder” error.

So I’ve initially added IIS_IUSRS with Read/Write/Modify permissions (not full control), but nothing changed.

Then I’ve tried to add IIS_IUSRS with full control, but I did not solve.
My final try was to add “Everyone” user and give him the Read/Write/Modify permissions. And it works!

But do you think it’s a security hole to give this permissions to Everyone user?
And what do you think could be a solution?

I’m using:
Windows Server 2012, WordPress 4.0.1, PHP 5.4.24, IIS 8.0

There are actually 3 users that IIS access files with on .NET sites: IIS_IUSRS, IUSR, and NETWORK SERVICE

Grant all 3 IIS users Read & Execute, List Folder Contents, Read permissions on the entire WP folder

For file management (e.g. plugin/theme installation & updates), grant all 3 of the IIS users Full Control on the wp_content folder.