How can I return alert from IIS application pool identity after updating wrong password using PowerShell?

Prathyusha Singareddy 1 Reputation point
2022-02-07T08:15:50.277+00:00

I have PowerShell script to update IIS application pool identity password in PowerShell. Powershell script accepts when I give wrong password as well without any alert or warning and no messages in event viewer. After updating password I recycled the application pool and it working good even I updated with wrong password. How can I validate that application pool identity password updated with the correct on or not.

Can someone please help me to achieve this through PowerShell?

Internet Information Services
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,086 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bruce Zhang-MSFT 3,716 Reputation points
    2022-02-08T06:43:30.773+00:00

    Hi @Prathyusha Singareddy ,

    As you said, it does not alert about wrong password.

    This is because powershell writes the username and password directly to the applicationhost.config file. Whether it is a Powershell or Appcmd command, the contents of the command are directly written to the applicationhost.config file. It does not verify that what was written is correct.
    If you edit applicationhost.config directly, the file will also not verify that the content is correct. When you get a prompt message after changing your password in IIS Manager, it's because IIS Manager has built-in authentication.

    So you need to add an authentication command to the powershell script to determine the password or username. Users that can usually be set as app pool identity are all users or user groups within the machine.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,
    Bruce Zhang

    0 comments
  2. Denny Regehr 0 Reputation points
    2023-08-19T01:42:55.9+00:00

    Building onto @Bruce Zhang answer, here is a little script I added at the top of my powershell to make sure the username/password are valid ahead of updating the identity credentials in my application pool.

    # not-so-secure method, but it works
$creds = [System.Management.Automation.PSCredential]::new("Americas\ProcessMIASDev",(ConvertTo-SecureString "Password" -AsPlainText -Force))

# or this more secure method which forces you to enter the password in a popup vs saving it in a script
$creds = $host.ui.PromptForCredential("Need credentials", "Please enter your user name and password.", "Americas\ProcessMIASDev", "Server Credentials")

# here is how you'd use the $creds object
$pool.processModel.userName = $creds.UserName             
$pool.processModel.password = $creds.GetNetworkCredential().Password

    I know this isn't helpful for your project from 18 months ago, but perhaps it will help someone in the future.

    0 comments