Updating IIS application pools using appcmd

iis, windows server

Appcmd is a command line tool that comes with IIS which can be used to perform many configuration tasks for IIS

When it comes to configuring IIS it turns out there are quite a few different ways that you can do this:

  • Using the Internet Information Services (IIS) Manager
  • Hand editing web.config and applicationhost.config
  • Using the Application Host Administration API
  • Installing the 'IIS Metabase and IIS 6 configuration compatibility' feature and programatically using the old API
  • Using the Microsoft IIS Administration API
  • Using the appcmd command line tool

The appcmd option is one that doesn't get very much mention, perhaps because it's a command line tool and one that doesn't have the worlds friendliest syntax at that!

Commands that are used to retrieve data, like appcmd list apppool (no, there really aren't too many P's in that command. Yes, I agree, it really does look like there are!) don't seem to require you to be running the command as administrator, but any commands where you're applying a configuration change do require you to run them as administrator.

Changing the identity for an application pool

First up, the general syntax when calling appcmd is appcmd [action] [type_of_thing]. So if we wanted to retrieve a list of all application pools, the command would be appcmd LIST APPPOOL, simple really! Secondly - unless you've ended up with the folder that contains appcmd in your path you'll need to run commands from `%windir%\system32\inetsrv`, as that's where the EXE lives. The error you'll receive if you're not running "as administrator" can look like this:

ERROR ( message:Configuration error
Filename: redirection.config
Line Number: 0
Description: Cannot read configuration file due to insufficient permissions
. )

There command to change the application identity type for a given application pool is:

appcmd set apppool "AnotherAppPool" -processModel.identityType:LocalSystem

In this instance, I've taken an application pool called AnotherAppPool and changed the Identity type from the default of Application Identity Pool to LocalSystem:

An application pool that's had its identity type changed to LocalSystem via the appcmd command

From there it's a fairly simple process to change to a specific identity:

appcmd set apppool "AnotherAppPool" -processModel.identityType:SpecificUser
appcmd set apppool "AnotherAppPool" -processModel.userName:DOMAIN\Username
appcmd set apppool "AnotherAppPool" -processModel.password:PASSWORD

That's all there is to it - make sure you specify a valid username and password, and then recyle the application pool for good measure:

appcmd recycle apppool "AnotherAppPool"

There's a whole host of other things you can do via the appcmd tool, most all of which can be found out by tacking on /? to the end of a command and seeing what comes out.

About Rob

I've been interested in computing since the day my Dad purchased his first business PC (an Amstrad PC 1640 for anyone interested) which introduced me to MS-DOS batch programming and BASIC.

My skillset has matured somewhat since then, which you'll probably see from the posts here. You can read a bit more about me on the about page of the site, or check out some of the other posts on my areas of interest.

2 Comments

  • Gravatar Image

    really useful page. thanks a lot !

  • Gravatar Image

    This works great ... UNLESS your password has an & in it, so if you wrap your password in speech marks " it gets around this problem.

    However ! If the password is wrong that line that sets the password STILL looks like it works, so you can't tell if it was correct or not.

Add a Comment