Posted on 2005-04-08
Last Modified: 2012-05-05
Hi guys,

I have a script to view the iusr_  password on windows 2003:

Dim IIsObject
Set IIsObject = GetObject ("IIS://localhost/w3svc")
WScript.Echo "According to the metabase, the anonymous credentials are:"
WScript.Echo "    AnonymousUserName = " & IIsObject.Get("AnonymousUserName")
WScript.Echo "    AnonymousUserPass = " & IIsObject.Get("AnonymousUserPass")
WScript.Echo "    WAMUserName = " & IIsObject.Get("WAMUserName")
WScript.Echo "    WAMUserPass = " & IIsObject.Get("WAMUserPass")
Set IIsObject = Nothing

I used this script to move files from one server to another (I needed the i_usr pass).

Now, is it possible to modify this script in order to obtain the Administrator password?

Thanks :)

Question by:pvg1975
    LVL 8

    Accepted Solution

    No the Administrator password is not managed by IIS so it has no need to store it.  IIS only needs to store the Passwords for WAM and USR because it is responsible for creating these accounts in the first place.  I'm suprised that the above code returns usable passwords I was under the impression that they were encrypted.


    Author Comment

    Hi Anthony, thanks for your answer.

    This is what I wanted to do: In our company we are forced to change admin passwords every 7 days. Password has an algorithm: eg: XxxxxxxxxxxxxxxX-nnnnn where nnnnn is a correlative number.

    I wanted to retrieve the admin password and change it automatically (it is 14 servers) based on the pervious stored password.

    EG: if password is MymanagersuckS-12753, I want to change it by MymanagersuckS-12754 by running a script.


    Author Comment

    I forgot to say, algorithm is nnnn + 1 (stupid one, but the one they established)
    LVL 8

    Expert Comment

    I'm afraid your out of luck here.  There is by design no way to retrieve a password from Active Directory or SAM.

    TBH, it all sounds a bit daft.  Whats the point of changing passwords every 7 days when subsequent passwords can be easily guessed from a knowledge of a previous password.


    Author Comment

    Hi Anthony!

    I agree, sounds stupid, that's why I wanted to automate the password change in all the servers.

    Anyway, only me and other 3 guys (plus our manager) knows this algorithm.

    Since no other answer(s) have been posted, I will give you the points.



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
    Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now