Windows iis iusr & IWAM account password Synchronization

IIS provides a script file named adsutil. vbs for obtaining or setting the IUSR and IWAM account passwords in the IIS metabase. In Windows NT 4.0, adsutil. vbs is usually located in the <drive>/winnt/system32/inetsrv/adminsamples folder. In Windows 2000, adsutil. vbs is located in the <drive>/inetpub/adminscripts folder.
The following table lists the syntaxes for various features of the adsutil. vbs utility:
Get IUSR account password
Cscript.exe adsutil. vbs get w3svc/anonymoususerpass

Get IWAM account password
Cscript.exe adsutil. vbs get w3svc/wamuserpass

Set IUSR account password
Cscript.exe adsutil. vbs set w3svc/anonymoususerpass "password"

Change IUSR account
Cscript.exe adsutil. vbs set w3svc/anonymoususername "username"

Set IWAM account password
Cscript.exe adsutil. vbs set w3svc/wamuserpass "password"

Change IWAM account
Cscript.exe adsutil. vbs set w3svc/wamusername "username"

Note: When you try to obtain the password in Windows NT 4.0, the password is displayed as a plaintext, but in Windows 2000, the password is displayed as an asterisk. To display the password as a plaintext in Windows 2000, you must modify adsutil. vbs to display the plaintext. To do this, follow these steps:

1. In notepad, open adsutil. vbs.

2. on the "edit" menu, click "Search", type issecureproperty = true, and then click "find next ".

3. Change "issecureproperty = true" to "issecureproperty = false ".

4. Save the changes made to adsutil. vbs and disable notepad ".

General steps to solve this problem:

Microsoft has proposed two solutions,

Method 1: change the password in the User Manager or in the user and group to match the password of the IIS metabase.

Method 2: Change the IIS metadatabase to match the IUSR and/or IWAM passwords.

The command list is above.

Last run:

Cscript.exe synciwam. vbs-V

Note: Please stop all Internet Information Services before changing the password. Otherwise, an error may occur and the IWAM account may be locked. You need to manually remove the lock from the user management-IUSR attribute.

The second method is widely spread on the Internet, but the first method is more secure, because you do not need to manually modify the IUSR and IWAM passwords, and the system-generated passwords (IIS metabase) are more secure.

When running cscript.exe synciwam. vbs-V, you may encounter:

Updating applications:
Name: IIS Out-of-process pooled applications key:
{3d14228d-fbe1-11d0-995d-00c04fd919c1}
Error: 80110414

The problem may be that the IUSR and IWAM passwords are still not synchronized (please check your previous input) or related to the com ++ component service.

Explanation of error: 80110414: the address of the Microsoft Knowledge Base is unknown:

Go to component service> Computer> my computer> COM + applicationProgram-> IIS Out-of-process pooled applications, right-click IIS Out-of-process pooled applications-> properties to switch to the "identifier" tab of the IIS Out-of-process pooled applications Properties dialog box. "This application runs under the following account" select "this user" will be selected, and the user name is "IWAM _***". These are all default values and do not need to be modified. In the "password" and "Confirm Password" text boxes below, enter the password you just set "password" to confirm the exit, and then execute cscript.exe synciwam. vbs-V. If the error "error: 80110414" is not displayed this time, the problem has been resolved.

Note 1: When you expand the COM + application, the following error may occur:Code8004e00f-com + cannot talk to Microsoft Distributed Transaction Coordination Program "error. This may be because the ms dtc log file is accidentally deleted.

Run Net start MSDTC

If "Distributed Transaction Coordinator service cannot be started" is displayed, rename the directory c:/Windows/system32/dtclog (If yes, skip this step if no one exists ), then create the directory again.
Run MSDTC-resetlog and enter Net start MSDTC to display that the service is successfully started.
Start COM + again to expand "COM + application ".

NOTE 2: after "COM + application" is expanded, IIS Out-of-process pooled applications cannot be found. Use the following method to reconstruct IIS Out-of-process pooled applications:
Start Menu-> Run-> cmd open the Command Prompt window
enter cd % WINDIR %/system32/inetsrv to switch to the inetsrv directory under system32
enter rundll32 wamreg. DLL, createiispackage
Note: You must accurately type "createiispackage", which is case sensitive
enter regsvr32 asptxn. DLL
close and re-open "component service ".