IIS - chyby v Best Pracises Analyseru

Mám tyto chyby v Best Practises Analyseru ignorovat?
1/ Issue:
Application pool is set to run as an administrator, as local system, or to 'Act as part of the operating system'.

Impact:
The application pool can execute high-privileged code, including potentially malicious code that can negatively affect your server.

Resolution:
Set the application pool to run as the application pool identity.

Když nastavím vše potřebné, tak je nutné pro přístup třeba do OWA zadat ještě jedbou přihlašovací údaje před vstupem na stránku.

2/ Issue:
Basic authentication is enabled for configuration path 'MACHINE/WEBROOT/APPHOST' but it lacks a required SSL binding.

Impact:
If you use Basic authentication without SSL, credentials will be sent in clear text that might be intercepted by malicious code.

Resolution:
Use Basic authentication with an SSL binding, and make sure that the site or application is set to require SSL. Alternatively, use a different method of authentication.

Všude mám nastaveno používání SSL.