I need to change my ASPNET password. Our auditor uses a tool known as DUMPSEC to extract all the IDs in the server. It noted that ASPNET account setting is set as "password required = no". I believe my ASPNET account has no password. I have not changed a thing and everything set is as per default during installation. By changing or putting in password for the ASPNET account, will this break my ASP.NET application.

I would try asking this here, http://forums.iis.net/ This thread may also be of help, http://forums.asp.net/t/1355255.aspx -- Mike Burr

Thanks, I'll try the suggestion in the URL.

Here's my findings. The auditing tools DUMPSEC is flaw. My ASPNET account has a password. The forum http://forums.iis.net suggested that I got to be careful and that I ensure ASP.NET *.config file to be change to match the ASPNET password I change too. Any I felt that it does not apply in my scenario as the changes will be global to the IIS as I change the ASPNET id in AD. Anyway I backup my test environment, make the changes, cross my finger, hey my app still work. Try another experiment, set my ASPNET password to blank, opps my app is not working, browser shows page not found. Set a new password in the ASPNET, hey my apps work again. So conclusion, if you change your ASPNET application it would not break your application as far as in my environment is concern.