Solved

What user does WSCRIPT.Shell run as?

Posted on 2001-06-19
8
3,511 Views
Last Modified: 2008-02-07
If I use the WSCRIPT.Shell's "run" method to execute a command line program, what user does this run as?  

I am able to get my program to run, however it uses some COM components which need to be ran as a specific user.  I have tried changing the IIS Directory Security permissions to the user I want it to run as, but this does not seem to work.

Any ideas?

Thanks in advance.
David
0
Comment
Question by:d_glenn
8 Comments
 
LVL 20

Expert Comment

by:jitganguly
Comment Utility
Does IUSR_{yourservername} user has rights to execute those COM componets  ? Check that and assign permission to that user to those COM componets and then try runnign as This user from IIS
0
 
LVL 11

Expert Comment

by:ASPGuru
Comment Utility
it runs as IUSR_*, unless you turn off anonymous access to your virtual directory and login as the desired user.
0
 
LVL 1

Author Comment

by:d_glenn
Comment Utility
I have already changed it so that anonymous access for the virtual directory uses my user with the appropriate DCOM permissions.  

Any other ideas?
Thanks
0
 
LVL 5

Expert Comment

by:gbaren
Comment Utility
I have to disagree here.

IUSR_machine is for ASP, not WScript. I even tested it to make sure.


VB EXE (who.exe)
------------
dim oSys as Nnew WinNTSysInfo
msgbox oSys.UserName


VB Scirpt
-------------
Set Wsh = WScript.CreateObject("WScript.Shell")
Wsh.Run "who.exe"


Result: Currently Logged On User.

WSCript RUN runs in context of currently logged on user.


0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 1

Author Comment

by:d_glenn
Comment Utility
...but I am running the WSCRIPT.Shell component in an ASP page, so there is not a user to be logged in as.
0
 
LVL 1

Author Comment

by:d_glenn
Comment Utility
Shouldn't it run as the user specified in the "Account used for anonymous access" in IIS for the virtual directory?
0
 
LVL 5

Expert Comment

by:gbaren
Comment Utility
I see. I didn't realize you were running from the ASP page.

I actually have a piece of code that will spawn RunAs from VB with alternate credentials to move the current user from group to group. Here's a piece that you might find useful:



    sRunAsCmd = "C:\Winnt\System32\RunAs.exe"
    sRunAsParams = " /user:DOMAIN\USRNAME "
    sApp = "\" & Chr(34) & App.Path & "\YourApp.exe\" & Chr(34) & " "
    sParams = "\" & Chr(34) & "Your Parameters" & "\" & Chr(34)
   
    sCommand = sRunAsCmd & sRunAsParams & Chr(34) & sApp & sParams & Chr(34)
   
    Set oShell = New IWshShell_Class
   
    vTaskID = Shell(sCommand, 1)
    DoEvents
   
    Sleep 400
   
    If oShell.AppActivate(vTaskID) Then
        oShell.SendKeys sPwd & "{ENTER}"
    End If
0
 
LVL 20

Accepted Solution

by:
Silvers5 earned 100 total points
Comment Utility
The IUSR_Webservername is by default the NT anonymous account (it can be changed from within IIS site settings) so either give permissions to the IUSR (local account on the web server) on whatever your com is doing or include your component in MTS and assign a higher privelieged user to run the package.. also you might need to give the Iwam permissions if an out of process application will start.. you can also to simplify your life use a free component called aspexec instead of the shell http://www.serverobjects.com/products.htm , you can assign an admin account to run the component , thus all your permission issues will be resolved..

rgrds
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now