IT Nota

How to Get Application Pool Identity Password With AppCmd

Typically, web application is run using ApplicationPoolIdentity on IIS. However, for various reasons, it’s very common to find large corporations use service accounts to run the application pools.

IIS Application Pools example

Sometimes the challenge comes when you need to move the website to a different server and you’re not given the proper credential to set it up on the new environment. What’s worse, it’s also not uncommon to hear that sometimes not one soul in the company knows the password.

At that point, your options are usually to either have the password reset (a big No-No for a production application), or have a new service account created (also another headache if the service account is tied to other applications or batch jobs for logical grouping).

But there’s a simple trick that’s quite handy to get password from iis application pool by using AppCmd that is commonly used to migrate IIS websites.

Steps

  1. We know that the AppCmd can be used to export the Application Pool information to an XML file. And we can also export only a single AppPool. So in this case, just as an example, we want to export AppPool ITNOTA by typing the following in Command Prompt:

    C:\> %windir%\System32\inetsrv\appcmd list apppool "ITNOTA" /config /xml > C:\Temp\ItnotaAppPool.xml

    Export single AppPool by name to an XML file with appcmd.exe

  2. Once that was done, let’s open up ItnotaAppPool.xml file from C:\Temp folder. You would see something similar to the following:

    <?xml version="1.0" encoding="UTF-8"?>
<appcmd>
  <APPPOOL APPPOOL.NAME="ITNOTA" PipelineMode="Integrated" RuntimeVersion="4.0" state="Started">
    <add name="ITNOTA" autoStart="true" managedRuntimeVersion="v4.0">
      <processModel identityType="SpecificUser"
                    userName="ITNOTA\Admin_Service_Account"
                    password="###MyAccountPassword###"
                    idleTimeoutAction="Suspend" />
      <recycling>
        <periodicRestart>
          <schedule>
          </schedule>
        </periodicRestart>
      </recycling>
      <failure />
      <cpu />
      <environmentVariables>
      </environmentVariables>
    </add>
  </APPPOOL>
</appcmd>

    IIS AppPool export with identity password

    3. If you look at line 7 (highlighted), the password is there in clear text.

    Note: This XML is modified and compacted just to demonstrate where you can find the password ONLY if you use custom identity. If you use ApplicationPoolIdentity, there’s no password associated with it in the XML file.

In theory, you don’t need to look at the password to make the website run. Because importing the XML will transfer all the information exactly the same way as the current setting. So other than updating the IP address, the identity most of the time doesn’t need any modifications. But this trick is always useful, when you also need to retrieve a “lost” password for a service account that’s been there for years.

Further Reading

How to Migrate IIS Websites to a Different Server
Getting Started with AppCmd.exe
Exporting & Importing App Pools and Websites configuration between multiple IIS instances

Buy me a coffee?

Buy me a coffee If you find any of the articles or demos helpful, please consider supporting my work here, you'll have my big thanks!

Recent Posts

Tags

.NET .NET Core AdSense ASP.NET Cdonts Dll Classic ASP Code Editor ETL FSharp Genesis Framework Git Google HP Asset Manager HTML5 Hugo IIS Information Security Internet Internet Information Services iOS JAMStack Linux macOS Microsoft Microsoft SQL Server MVC PHP PowerShell Python Simple Mail Transfer Protocol Smtp Server SQL SQL Server SSIS SSMS SSRS Sublime Text Visual Studio Visual Studio Code VPN Windows Windows 8 Windows 10 Windows 2012 Windows Server