Use PowerShell to Display IIS Application Pool Identity Account Passwords in Clear Text

It's fairly common to see the identity for an IIS application pool changed to a domain user account. The following image shows three application pools, the DefaultAppPool has the default settings, the www app pool has a Managed Service Account specified, and the wwwDev app pool has a standard domain user account specified:

apppool-identity1.jpg

When a standard user account is specified, the password is entered as shown below:

apppool-identity2.jpg

I've used what you would think is a super secure password, generated by KeePass:

apppool-identity3.jpg

When a Managed Service Account is used, it's specified without having to enter the password. The account name is specified with a trailing dollar sign:

apppool-identity4.jpg

Now let's see how insecure hard coding a user id and password is:

First, I'm going to add the Web-WMI feature to the IIS server so the WMI namespace and class I'm looking for will exist. This also adds a couple of additional prerequisite features:

1Add-WindowsFeature Web-WMI | Format-List

apppool-identity5.jpg

Now to display (in clear text) the hard coded, super secure password that I generated:

1Get-CimInstance -Namespace root/MicrosoftIISv2 -ClassName IIsApplicationPoolSetting -Property Name, WAMUserName, WAMUserPass |
2select-Object -Property Name, WAMUserName, WAMUserPass

apppool-identity6.jpg

If I'm able to retrieve this information with WMI, it has to be stored in clear text somewhere and there's probably other ways of displaying it. This is just another reason why you should be using Managed Service Accounts for your IIS application pool identities.

µ