Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3580
  • Last Modified:

What user does WSCRIPT.Shell run as?

If I use the WSCRIPT.Shell's "run" method to execute a command line program, what user does this run as?  

I am able to get my program to run, however it uses some COM components which need to be ran as a specific user.  I have tried changing the IIS Directory Security permissions to the user I want it to run as, but this does not seem to work.

Any ideas?

Thanks in advance.
David
0
d_glenn
Asked:
d_glenn
1 Solution
 
jitgangulyCommented:
Does IUSR_{yourservername} user has rights to execute those COM componets  ? Check that and assign permission to that user to those COM componets and then try runnign as This user from IIS
0
 
ASPGuruCommented:
it runs as IUSR_*, unless you turn off anonymous access to your virtual directory and login as the desired user.
0
 
d_glennAuthor Commented:
I have already changed it so that anonymous access for the virtual directory uses my user with the appropriate DCOM permissions.  

Any other ideas?
Thanks
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
gbarenCommented:
I have to disagree here.

IUSR_machine is for ASP, not WScript. I even tested it to make sure.


VB EXE (who.exe)
------------
dim oSys as Nnew WinNTSysInfo
msgbox oSys.UserName


VB Scirpt
-------------
Set Wsh = WScript.CreateObject("WScript.Shell")
Wsh.Run "who.exe"


Result: Currently Logged On User.

WSCript RUN runs in context of currently logged on user.


0
 
d_glennAuthor Commented:
...but I am running the WSCRIPT.Shell component in an ASP page, so there is not a user to be logged in as.
0
 
d_glennAuthor Commented:
Shouldn't it run as the user specified in the "Account used for anonymous access" in IIS for the virtual directory?
0
 
gbarenCommented:
I see. I didn't realize you were running from the ASP page.

I actually have a piece of code that will spawn RunAs from VB with alternate credentials to move the current user from group to group. Here's a piece that you might find useful:



    sRunAsCmd = "C:\Winnt\System32\RunAs.exe"
    sRunAsParams = " /user:DOMAIN\USRNAME "
    sApp = "\" & Chr(34) & App.Path & "\YourApp.exe\" & Chr(34) & " "
    sParams = "\" & Chr(34) & "Your Parameters" & "\" & Chr(34)
   
    sCommand = sRunAsCmd & sRunAsParams & Chr(34) & sApp & sParams & Chr(34)
   
    Set oShell = New IWshShell_Class
   
    vTaskID = Shell(sCommand, 1)
    DoEvents
   
    Sleep 400
   
    If oShell.AppActivate(vTaskID) Then
        oShell.SendKeys sPwd & "{ENTER}"
    End If
0
 
Michel SakrCommented:
The IUSR_Webservername is by default the NT anonymous account (it can be changed from within IIS site settings) so either give permissions to the IUSR (local account on the web server) on whatever your com is doing or include your component in MTS and assign a higher privelieged user to run the package.. also you might need to give the Iwam permissions if an out of process application will start.. you can also to simplify your life use a free component called aspexec instead of the shell http://www.serverobjects.com/products.htm , you can assign an admin account to run the component , thus all your permission issues will be resolved..

rgrds
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now