Updating IIS application pools using appcmd
When it comes to configuring IIS it turns out there are quite a few different ways that you can do this:
- Using the Internet Information Services (IIS) Manager
- Hand editing web.config and applicationhost.config
- Using the Application Host Administration API
- Installing the 'IIS Metabase and IIS 6 configuration compatibility' feature and programatically using the old API
- Using the Microsoft IIS Administration API
- Using the appcmd command line tool
The appcmd option is one that doesn't get very much mention, perhaps because it's a command line tool and one that doesn't have the worlds friendliest syntax at that!
Commands that are used to retrieve data, like appcmd list apppool (no, there really aren't too many P's in that command. Yes, I agree, it really does look like there are!) don't seem to require you to be running the command as administrator, but any commands where you're applying a configuration change do require you to run them as administrator.
Changing the identity for an application pool
First up, the general syntax when calling appcmd is
appcmd [action] [type_of_thing]. So if we wanted to retrieve a list of all application pools, the command would be
appcmd LIST APPPOOL, simple really! Secondly - unless you've ended up with the folder that contains appcmd in your path you'll need to run commands from `%windir%\system32\inetsrv`, as that's where the EXE lives. The error you'll receive if you're not running "as administrator" can look like this:
ERROR ( message:Configuration error Filename: redirection.config Line Number: 0 Description: Cannot read configuration file due to insufficient permissions . )
There command to change the application identity type for a given application pool is:
appcmd set apppool "AnotherAppPool" -processModel.identityType:LocalSystem
In this instance, I've taken an application pool called AnotherAppPool and changed the Identity type from the default of Application Identity Pool to LocalSystem:
From there it's a fairly simple process to change to a specific identity:
appcmd set apppool "AnotherAppPool" -processModel.identityType:SpecificUser appcmd set apppool "AnotherAppPool" -processModel.userName:DOMAIN\Username appcmd set apppool "AnotherAppPool" -processModel.password:PASSWORD
That's all there is to it - make sure you specify a valid username and password, and then recyle the application pool for good measure:
appcmd recycle apppool "AnotherAppPool"
There's a whole host of other things you can do via the appcmd tool, most all of which can be found out by tacking on /? to the end of a command and seeing what comes out.
My skillset has matured somewhat since then, which you'll probably see from the posts here. You can read a bit more about me on the about page of the site, or check out some of the other posts on my areas of interest.