Sync IUSR and IWAN in IIS

How to Sync IUSR and IWAN in IIS:

Usually the IUSR_ and IWAM_ passwords are set automatically and are never known. However, I’ve seen cases in which for some reason the passwords get out of sync or corrupted and need to be reset. The easiest way to reset these passwords is to extract the passwords that Microsoft IIS has in its metabase and update the accounts in Local Users and Groups to use that password.

You first need to update the adsutil.vbs script, which you’ll find in the AdminScripts folder under the Inetpub folder, to display sensitive information (e.g., passwords) instead of just asterisks. Open the adsutil.vbs file in Notepad and search for the text “IsSecureProperty = True”, replace this text with “IsSecureProperty = False” and save the file. Now run the following commands to return the passwords (/anonymoususerpass is the IUSR account; /wamuserpass is the IWAM_ account).

C:\Inetpub\AdminScripts>cscript adsutil.vbs get w3svc/anonymoususerpass

anonymoususerpass : (STRING) “/XEv`J01T”!69I”

C:\Inetpub\AdminScripts>cscript adsutil.vbs get w3svc/wamuserpass

wamuserpass : (STRING) “ikI37Q”W5[,uu%”

If you want to reset the passwords to match the passwords you had already set in Local Users and Groups, use the following command:
C:\Inetpub\AdminScripts>cscript adsutil.vbs set w3svc/anonymoususerpass “Pa55word”

anonymoususerpass : (STRING) “Pa55word”

C:\Inetpub\AdminScripts>cscript adsutil.vbs set w3svc/wamuserpass “Pa55word”

wamuserpass : (STRING) “Pa55word”

You should now run the command below to sync the password from IIS with Microsoft Transaction Server (MTS) and component services:

C:\Inetpub\AdminScripts>cscript.exe synciwam.vbs -v

IIS Applications Defined:
Name, AppIsolated, Package ID

You should now restart IIS via the “All Tasks” context menu option of the IIS server in the MMC Internet Information Services (IIS) Manager snap-in.

Be the first to comment

Leave a Reply