Solved

What user does WSCRIPT.Shell run as?

Posted on 2001-06-19
8
3,535 Views
Last Modified: 2008-02-07
If I use the WSCRIPT.Shell's "run" method to execute a command line program, what user does this run as?  

I am able to get my program to run, however it uses some COM components which need to be ran as a specific user.  I have tried changing the IIS Directory Security permissions to the user I want it to run as, but this does not seem to work.

Any ideas?

Thanks in advance.
David
0
Comment
Question by:d_glenn
8 Comments
 
LVL 20

Expert Comment

by:jitganguly
ID: 6208201
Does IUSR_{yourservername} user has rights to execute those COM componets  ? Check that and assign permission to that user to those COM componets and then try runnign as This user from IIS
0
 
LVL 11

Expert Comment

by:ASPGuru
ID: 6208234
it runs as IUSR_*, unless you turn off anonymous access to your virtual directory and login as the desired user.
0
 
LVL 1

Author Comment

by:d_glenn
ID: 6208326
I have already changed it so that anonymous access for the virtual directory uses my user with the appropriate DCOM permissions.  

Any other ideas?
Thanks
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 5

Expert Comment

by:gbaren
ID: 6208333
I have to disagree here.

IUSR_machine is for ASP, not WScript. I even tested it to make sure.


VB EXE (who.exe)
------------
dim oSys as Nnew WinNTSysInfo
msgbox oSys.UserName


VB Scirpt
-------------
Set Wsh = WScript.CreateObject("WScript.Shell")
Wsh.Run "who.exe"


Result: Currently Logged On User.

WSCript RUN runs in context of currently logged on user.


0
 
LVL 1

Author Comment

by:d_glenn
ID: 6208439
...but I am running the WSCRIPT.Shell component in an ASP page, so there is not a user to be logged in as.
0
 
LVL 1

Author Comment

by:d_glenn
ID: 6208453
Shouldn't it run as the user specified in the "Account used for anonymous access" in IIS for the virtual directory?
0
 
LVL 5

Expert Comment

by:gbaren
ID: 6208651
I see. I didn't realize you were running from the ASP page.

I actually have a piece of code that will spawn RunAs from VB with alternate credentials to move the current user from group to group. Here's a piece that you might find useful:



    sRunAsCmd = "C:\Winnt\System32\RunAs.exe"
    sRunAsParams = " /user:DOMAIN\USRNAME "
    sApp = "\" & Chr(34) & App.Path & "\YourApp.exe\" & Chr(34) & " "
    sParams = "\" & Chr(34) & "Your Parameters" & "\" & Chr(34)
   
    sCommand = sRunAsCmd & sRunAsParams & Chr(34) & sApp & sParams & Chr(34)
   
    Set oShell = New IWshShell_Class
   
    vTaskID = Shell(sCommand, 1)
    DoEvents
   
    Sleep 400
   
    If oShell.AppActivate(vTaskID) Then
        oShell.SendKeys sPwd & "{ENTER}"
    End If
0
 
LVL 20

Accepted Solution

by:
Silvers5 earned 100 total points
ID: 6209266
The IUSR_Webservername is by default the NT anonymous account (it can be changed from within IIS site settings) so either give permissions to the IUSR (local account on the web server) on whatever your com is doing or include your component in MTS and assign a higher privelieged user to run the package.. also you might need to give the Iwam permissions if an out of process application will start.. you can also to simplify your life use a free component called aspexec instead of the shell http://www.serverobjects.com/products.htm , you can assign an admin account to run the component , thus all your permission issues will be resolved..

rgrds
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question