This question was asked so many times, and in this occasion I am going to share with you how to change application pool identities in IIS 8 using PowerShell, there are several ways to do so, and one of my favorite ways to get and change information about an application pool is through the IIS Provider that’s loaded when importing the WebAdministartion module.
You can get basic information about the pool using the Get-Item cmdlet.
PS> Get-Item -Path IIS:\AppPools\MyTest | format-List *
In that picture you can see that a list of application pool settings and information is displayed, but you will also see that some seem hidden from you. ProcessModel contains the identity information in a property named IdentityType The one we want for the application pool identity is ProcessModel. You can retrieve the information from ProcessModel by using the Get-ItemProperty cmdlet.
PS> Get-ItemProperty -Path IIS:\AppPools\MyTest -Name ProcessModel
ProcessModel contains the property IdentityType that holds the application pool identity. Now, if you are one of those hip PowerShell folks you know that you can get this information without reading a long list on the screen with the following:
PS> Get-ItemProperty -Path IIS:\AppPools\MyTest -Name ProcessModel | Select-object IdentityType
But this is IIS and things work better if you change how you operate just a little bit. So, instead of using Select-Object to grab the IdentityType, I’m going to accomplish that in a slightly different approach. Notice the –Name parameter below:
PS> Get-ItemProperty -Path IIS:\AppPools\MyTest -Name ProcessModel.IdentityType
It’s a bit unusual, but this will make it much easier to change the IdentityType with the Set-ItemProperty cmdlet. Before I show you how to change the application pool identity, the values for the identity are Int32 (numbers). here are the identities and their corresponding numbers.
LocalSystem = 0
LocalService = 1
NetworkService = 2
SpecificUser = 3
ApplicationPoolIdentity = 4
So, to change the application pool identity using the Set-ItemProperty to something like “NetWorkService” would look like this:
PS> Set-ItemProperty -Path IIS:\AppPools\MyTest -Name ProcessModel.IdentityType -value 2
Most of the time when an admin needs to change the application pool identity it’s because they want application pool isolation. This means changing the identity to a specific account and password. Here is an example of how to do that:
PS> Set-ItemProperty -Path IIS:\AppPools\MyTest -Name processmodel.identityType -Value 3
PS> Set-ItemProperty -Path IIS:\AppPools\MyTest -Name processmodel.username -Value Administrator
PS> Set-ItemProperty -Path IIS:\AppPools\MyTest -Name processmodel.password -Value P@ssw0rd