Use PowerShell to Create AppPool does not set AppPool Identity

Question

I am attempting to use PowerShell to create an Application Pool in IIS. After searching the web, I created the following test script:

Import-Module WebAdministration

$siteName = "TestAppPool"
$userAccountName = "Domain\UserName"
$userAccountPassword = "MyPassword"

if(!(Test-Path ("IIS:\AppPools\" + $siteName)))
{
     $appPool = New-Item ("IIS:\AppPools\" + $siteName)

     #Display Default AppPool Settings
     "AppPool = " + $appPool
     "UserName = " + $appPool.processModel.userName
     "Password = " + $appPool.processModel.password
     "Runtime = " + $appPool.managedRuntimeVersion
     
     $appPool.processModel.userName = $userAccountName
     $appPool.processModel.password = $userAccountPassword
     $appPool.managedRuntimeVersion = "v4.0"
     $appPool | Set-Item

     #Display Updated AppPool Settings
     "AppPool = " +$appPool
     "UserName = " + $appPool.processModel.userName
     "Password = " + $appPool.processModel.password
     "Runtime = " + $appPool.managedRuntimeVersion
}

When I run the script, the user name and password are not updated to the values I set.

Here are the results from the two print blocks

#Display Default AppPool Settings
AppPool = Microsoft.IIs.PowerShell.Framework.ConfigurationElement
UserName = 
Password = 
Runtime = v2.0

#Display Updated AppPool Settings
AppPool = Microsoft.IIs.PowerShell.Framework.ConfigurationElement
UserName = 
Password = 
Runtime = v2.0

Looking in IIS, the Application Pool shows the .Net Framework was updated, yet the Identity is still set to ApplicationPoolIdentity. It should be Domain\UserName.

enter image description here

I'm an admin on the machine, and I am running PowerShell in Administrator mode. Any ideas as to what I may be missing to get this to work?

score 26 · Accepted Answer · edited Mar 18 '22 at 12:40

26

You will need to change the Process Model identity type to accept a user account instead of the default ApplicationPoolIdentity and this can be done as follows:

Set-ItemProperty -Path IIS:\AppPools\TestAppPool -Name processmodel.identityType -Value 3
Set-ItemProperty -Path IIS:\AppPools\TestAppPool -Name processmodel.userName -Value Domain\UserName
Set-ItemProperty -Path IIS:\AppPools\TestAppPool -Name processmodel.password -Value MyPassword

I hope this helps.

edited Mar 18 '22 at 12:40

David Martin

11,764
1
61
74

answered Feb 14 '13 at 22:32

Musaab Al-Okaidi

3,734
22
21

I had to use `-Name processmodel.userName` - it appears to be case-sensitive (in Server 2016, at least). – user2871239 Oct 02 '18 at 08:00
1

@user2871239 Thanks, this was the key for me, userName is definitely case sensitive in 2016 and above. – David Martin Mar 18 '22 at 12:31

score 7 · Answer 2 · answered Jun 26 '14 at 20:15

I came across this after needing to set the appPool to NetworkService and for anyone else needing to do this, here is the syntax for IIS 7.5 to set your appPool to NetworkService

$pool = get-item("IIS:\AppPools\YOURAPPPOOLNAME");
$pool | Set-ItemProperty -Name "ProcessModel.IdentityType" -Value 2

Note: In IIS 7.5, NetworkService was switched from value 3 to value 2.

More information about Process Model can be found here: http://www.iis.net/configreference/system.applicationhost/applicationpools/add/processmodel

Thank you for including the link to the documentation... helps identify the "magic numbers" — JamesQMurphy, May 29 '19 at 15:33

score 3 · Answer 3 · answered Apr 16 '15 at 18:22

above never worked for me, this did:

import-module webadministration
$pool = Get-Item "IIS:\AppPools\apppoolname"
$pool.processmodel.identityType = 3
$pool.processmodel.username  = "username"
$pool.processmodel.password = "password"
$pool | set-item

score 0 · Answer 4 · answered Dec 10 '15 at 18:52

I was having similar problems setting the identity. Finally, I checked to see what it was setting the password to:

Get-ItemProperty $appPool -name "processmodel.password"

And saw only a partial password. Turns out that I was using double quotes for the password string param, and the password started with '$' which caused it to get parsed as a variable.

I changed the double quotes to single quotes and it worked.

score 0 · Answer 5 · answered Jun 13 '16 at 23:05

In my environment, these answers weren't working for me. I am trying to use an MSA as the identity for my app pool. I could run all the commands (@musaab-al-okaidi's answer) without any error in the console, but upon further inspection, no username was associated with the app pool.

I ended up modifying the applicationHost.config file directly (make a backup first!) to add the proper identity for the app pool.

For those who don't know, the applicationHost.config can be found in: c:\Windows32\inetsrv\config

Within theapplicationHost.config file, look for your app pool entry, and add a 'username' attribute, like the following:

<system.applicationHost>
    <applicationPools>
        <add name="someAppPool" autoStart="true" managedRuntimeVersion="4.0" startMode="AlwaysRunning">
            <processModel identityType="SpecificUser" userName="domain\username$" idleTimeout="00:00:00" />
        </add>
    </applicationPools>
</system.applicationHost>

You can also set the password in similar fashion (since I am using an MSA, there was no need to set the password here, since the MSA is 'managed' in AD and installed on the IIS box).

I also stopped/started the IIS server, just to be sure the new configs were loaded.

Hopefully that helps.

Use PowerShell to Create AppPool does not set AppPool Identity

5 Answers5