IIS 7 and Above
Restricting Application Pool Setting Modifications
Last post Dec 06, 2018 07:30 PM by lextm
Dec 06, 2018 06:02 PM|patmorin18|LINK
I have an issue with an App Pool Identity for a single site that randomly has its password being changed to a password for a different App Pool Identity. Each of our App Pools use domain accounts that are used on other servers as well which do not have this
issue. Something locally on the server is setting the password for this identity to be different then what it should be and I want to know if there is a way to restrict modifications to App Pool Settings?
I tried looking at the logs and nothing shows what is changing the password or how it is being done (manually or through a script.) I even went as far as blocking PowerShell entirely on the server yet this still occurred. All I can see is there errors that
arise from the password not being correct. The App Pools for the site and its child applications all stop or fail to work. So I need a way to block changes to an App Pool or more advanced logging abilities for IIS.
Dec 06, 2018 07:30 PM|lextm|LINK
Enable configuration auditing https://blogs.msdn.microsoft.com/webtopics/2010/03/19/iis-7-5-how-to-enable-iis-configuration-auditing/ and
also file access auditing. Then it should be clear who modified the settings.