I have some sites in IIS7 that are configured to run as domain users (MYDOMAIN\someuser).

I'm using the Microsoft.Web.Administration namespace to scan my server configuration, but it's throwing an exception when I hit one of these "impersonator" sites:

using (ServerManager sm = new ServerManager()) {
    foreach (Site site in sm.Sites) {
        foreach (Application app in site.Applications.Reverse()) {
            foreach (VirtualDirectory vdir in app.VirtualDirectories.Reverse()) {
                var config = app.GetWebConfiguration();
                foreach (var locationPath in config.GetLocationPaths()) {
                    // error occurs in GetLocationPaths()
                }
            }
        }
    }
}

The actual error message is:

COMException was unhandled 
Filename: \\?\C:\Windows\system32\inetsrv\config\applicationHost.config 
Line number: 279
Error: Failed to decrypt attribute 'password' because the keyset does not exist

It appears that IIS is storing the MYDOMAIN\someuser password encrypted in applicationHost.config, which is great in terms of security - but I have no idea how to get the ServerManager to decrypt this.

Any tips on how I can either allow ServerManager to decrypt this, or just tell IIS to store the passwords in plain text?

This is on IIS7 under Windows 7 RC, by the way.