Recover/fetch the Application Pool password
We’ve had a few discussions lately regarding securing your SharePoint environments. Not only did I have a discussion about this when I were conducting SharePoint training last week, but we also covered the aspect which is a base for this article: The Application Pool Password is stored in Clear Text.
If you read this article and the code associated, you’ll see how unsafe it can be to run your Application Pool accounts with too much permissions – which leads us in to the discussion about running a least-privileged installation of SharePoint, at all times!
Note: This can also be seen as a way of "recovering your application pool password".
Where can I get/retrieve my Application Pool Password?
Well, there’s plenty of ways to fetch your Application Pool password, but I’m going to give you two possible ways which is fairly easy. One of which you need to be an administrator on the local server, and one where you can be an anonymous user running a web part under elevated privileges .
- Use the SharePoint Manager to get your Application Pool password
- Find your Application Pool:
Note: You’ll see that the password for your Application Pool is indicated in clear text, along with the name, ID, User Name etc.
- Use the following SharePoint object model code to get your Application Pool password:
- Copy/Paste friendly code:
SPWebService webService =
SPContext.Current.Site.WebApplication.WebService;
string appPoolName =
SPContext.Current.Site.WebApplication.ApplicationPool.Name;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
var app = new SPApplicationPool(appPoolName, webService);
var lit = new Literal();
lit.Text += "Application Pool Name: " + app.Name;
lit.Text += "
";
lit.Text += "Application Pool Password: " + app.Password;
lit.Text += "
";
lit.Text += "Application Pool User Name: " + app.Username;
Controls.Add(lit);
});
- This is what the Web Part would look like, even to anonymous users
What can we do to secure our environments?
First off, you should think about security before you install SharePoint. That’s for sure. Second, you should always perform a least-privileged installation of your SharePoint environment, meaning that e.g. the Application Pool account doesn’t get more permissions than needed.
To see some related articles on how you can correctly install your SharePoint environments, please have a read-through on the following articles:
- Plan for Administrative and Service accounts
- Install MOSS 2007 with least privilege administration by using the command line
Summary
This post was merely meant to be a follow-up to the discussions going on, and to enlighten you that there are some things we DO NEED TO CONSIDER with our SharePoint environments, even if they’ve been running fine for quite some time.