How to Retrieve a Password of an Application Pool User in IIS 6

Today I needed to set a SPN for a IIS application. I discovered that I lost the password of the user account which I need to configure on the application pool.

Luckily, there is a way to retrieve/decrypt the password if it is configured on an existing Application Pool.

This is done by using a Microsoft tool on the IIS server – adsutil.vbs.

Here are 5 simple steps to do this:

1. Go to C:\Inetpub\AdminScripts

2. Open adsutil.vbs in notepad

3. Locate the below function (starting with ‘ IsSecureProperty) and change “IsSecureProperty = True” to IsSecureProperty = False” like this:


‘ IsSecureProperty

‘ Checks to see if the property requires special processing in order to
‘ display its contents.

Function IsSecureProperty(ObjectParameter,MachineName)

On Error Resume Next
Dim PropObj,Attribute
Set PropObj = GetObject(“IIS://” & MachineName & “/schema/” & ObjectParameter)
If (Err.Number <> 0) Then
ReportError ()
WScript.Echo “Error trying to get the property: ” & err.number
WScript.Quit (Err.Number)
End If
Attribute = PropObj.Secure
If (Attribute = True) Then
IsSecureProperty = False
IsSecureProperty = False
End If
End Function

4. Change directory to  C:\Inetpub\AdminScripts.  (CD C:\Inetpub\AdminScripts).

5. Run the following command, (change ApplicationPoolName to the name of your application pool, where the user is configured):

C:\Inetpub\AdminScripts>cscript adsutil.vbs enum W3SVC/AppPools/ApplicationPoolName

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

KeyType : (STRING) “IIsApplicationPool”
AppPoolIdentityType : (INTEGER) 3
WAMUserPass : (STRING) “PASSWORD will appear here
AppPoolState : (INTEGER) 2
AppPoolAutoStart : (BOOLEAN) True
Win32Error : (INTEGER) 0


6 thoughts on “How to Retrieve a Password of an Application Pool User in IIS 6”

Leave a Reply