Recently I am moving application from IIS6.0 to IIS8.5 and some the applications are running under application pool identity, the application owner could not remember the password..Typical of application developer.
I did not want to change password from the Active Directory as I’m not sure if there are applications running elsewhere on the network with the same identity.
Happily, there is a way to retrieve/decrypt application pool password by using a Microsoft tool on the IIS server – adsutil.vbs.
Follow the procedures below to retrieve/decrypt the password
1. Change directory to C:\Inetpub\AdminScripts
2. Using Notepad Edit adsutil.vbs
3. Find the function “IsSecureProperty” and within this function change “IsSecureProperty = True” to IsSecureProperty = False”
5. Run the command, C:\Inetpub\AdminScripts>cscript adsutil.vbs enum W3SVC/AppPools/ApplicationPoolName
(Note: ApplicationPoolName is the application pool name)
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
KeyType : (STRING) “IIsApplicationPool”
AppPoolIdentityType : (INTEGER) 3
WAMUserName : (STRING) “DOMAIN\User”
WAMUserPass : (STRING) “PASSWORD will appear here”
AppPoolState : (INTEGER) 2
AppPoolAutoStart : (BOOLEAN) True
Win32Error : (INTEGER) 0