Jump to content
Sign in to follow this  
support

Reset IIS Application Pool Password (by Click Studios)

Recommended Posts

Script Name

Reset IIS Application Pool Password

 

Description

Reset the password and then restart the Application Pool

 

System Requirements

  • PowerShell 2.0 or above installed on the remote host
  • PowerShell Remoting enabled on the remote host
  • Windows Server 2008 (not R2) requires the II7 PowerShell Snap-In to be installed on the target host - http://www.iis.net/downloads/microsoft/powershell
  • Firewall to allow access
     

Successfully Tested Against

  • Windows Server 2008 & R2
  • Windows Server 2012 & R2
  • Windows 7 Desktop
  • Windows 8 & 8.1 Desktop

 

Failed Testing Against

  • None reported 

 
PowerShell Script

<#
.SYNOPSIS
Connect to a Windows host using the supplied Privileged Account Credentials, and change the password for an Internet Information Services Application Pool identity.
.NOTES
Requires PowerShell Remoting to be enabled
#>
function Set-IISAppPoolPassword
{
	[CmdletBinding()]
	param (
		[String]$HostName,
		[String]$ApplicationPoolName,
		[String]$UserName,
		[String]$NewPassword,
		[String]$PrivilegedAccountUserName,
		[String]$PrivilegedAccountPassword
	)
	
	$scriptBlock = {
		param ($ApplicationPoolName, $UserName, $NewPassword)
		#Import-Module WebAdministration
		if ([System.Version] (Get-ItemProperty -path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion").CurrentVersion -ge [System.Version] "6.1")
		{ Import-Module WebAdministration }  #IIS7.5 and above
		else
		{ Add-PSSnapin WebAdministration } #IIS7.0 
		
		#Add-PSSnapin WebAdministration
		$AppPoolPath = "IIS:\AppPools\$ApplicationPoolName"
		
		if (Test-Path $AppPoolPath)
		{
			$appPool = Get-Item $AppPoolPath
			$appPool.processModel.UserName = $UserName
			$appPool.processModel.Password = $NewPassword
			$appPool | Set-Item
			
			#If the Application Pool is already stopped, then there is no need to stop it as part of this password reset process
			$ApplicationPoolStatus = Get-WebAppPoolState $appPool.Name
			
			if ($ApplicationPoolStatus.Value -eq "Started")
			{
				Stop-WebAppPool -Name $ApplicationPoolName
				Start-WebAppPool -Name $ApplicationPoolName
			}
			else
			{
				Start-WebAppPool -Name $ApplicationPoolName
			}
			
			#Test the application pool has restarted successfully
			Start-Sleep -s 1
			$ApplicationPoolStatus = Get-WebAppPoolState $appPool.Name
			
			if ($ApplicationPoolStatus.Value -eq "Started")
			{
				Write-Output "Success"
			}
			else
			{
				Write-Output "Unable to restart Application Pool"
			}
			
		}
		else
		{
			Write-Output "Application Pool not found"
		}
		
	} #End of scriptBlock
	
	try
	{
		$pass = ConvertTo-SecureString $PrivilegedAccountPassword -AsPlainText -Force
		$cred = New-Object System.Management.Automation.PSCredential($PrivilegedAccountUserName, $pass)
		
		$resultsarray = Invoke-Command -ComputerName $HostName -Authentication 'Default' -Credential $cred -ScriptBlock $scriptBlock -ArgumentList $ApplicationPoolName, $UserName, $NewPassword 2>&1 #Using 2>&1 to ensure STDERR is piped to STDOUT
		$resultsarray = [string]::join("`r`n", $resultsarray)
		
		if ($resultsarray -eq "Success")
		{
			Write-Output "Success"
		}
		else
		{
			switch -wildcard ($resultsarray.ToString().ToLower())
			{
				"*WinRM cannot complete the operation*" { Write-Output "Failed to reset the password for the IIS Application Pool '$ApplicationPoolName' on Host '$HostName' as it appears the Host is not online, or PowerShell Remoting is not enabled."; break }
				"*WinRM cannot process the request*" { Write-Output "Failed to reset the password for the IIS Application Pool '$ApplicationPoolName' on Host '$HostName' as it appears the Host is not online, or PowerShell Remoting is not enabled."; break }
				"*WS-Management service running*" { Write-Output "Failed to reset the password for the IIS Application Pool '$ApplicationPoolName' on Host '$HostName' as it appears the Host is not online, or PowerShell Remoting is not enabled."; break }
				"*user name or password is incorrect*" { Write-Output "Failed to reset the password for the IIS Application Pool '$ApplicationPoolName' on Host '$HostName' as the Privileged Account password appears to be incorrect, or the account is currently locked."; break }
				"*execution of scripts is disabled on this system*" { Write-Output "Failed to reset the password for the IIS Application Pool '$ApplicationPoolName' on Host '$HostName' as it appears execution of PowerShell scripts has not been enabled on this Host. Please run the PowerShell command Set-ExecutionPolicy RemoteSigned"; break }
				#Add other wildcard matches here as required
				default { Write-Output "An error has occured trying to query the IIS Application Pool '$ApplicationPoolName' information on Host '$HostName'. Error = $resultsarray." }
			}
		}
	}
	catch
	{
		switch -wildcard ($error[0].Exception.ToString().ToLower())
		{
			"*cannot bind argument to parameter*" { Write-Output "Failed to reset the password for the IIS Application Pool '$ApplicationPoolName' on Host '$HostName' as it appears you may not have associated a Privileged Account Credential with the Password Reset script."; break }
			#Add other wildcard matches here as required
			default { Write-Output "Failed to reset the password for the IIS Application Pool '$ApplicationPoolName' on Host '$HostName'. Error = " $error[0].Exception }
		}
	}
}

#Make a call to the Set-IISAppPoolPassword function
Set-IISAppPoolPassword -HostName '[HostName]' -ApplicationPoolName '[ResourceName]' -UserName '[UserName]' -NewPassword '[NewPassword]' -PrivilegedAccountUserName '[PrivilegedAccountUserName]' -PrivilegedAccountPassword '[PrivilegedAccountPassword]'

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×