stevenmcheerful
asked on
ASPExec - cannot write files or create process ?
Hello - using ASPExec to try to execute a batch file
in an ASP page. But I cannot write a log file
(Access denied) and I cannot kick off another job
with a parameter (Cannot create process)
IUSR_mymachine has ALL priveleges on the directory
in question where my ASP page is
I can execute simple DOS commands such as dir
in my batch file, but that seems to be the limit.
what else do I need to know ?
Michel Sakr
you will need to give the iusr privilieges on where to create the files.. ASPexec has the option to run in an administrator account context.. go to serverobjects , I guess they have a tool for that..
I think that the IWAM account needs to have priviledges in order to launch a process, and as Silvers5 indicates, the IUSR account needs to have change priviledges for reading, writing and deleting.
Fritz the Blank
Fritz the Blank
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hey - great posts from both of you. Especially detailed instructions on creating a COM+
app registration are greatly appreciated !
some questions though (please bear with me I'm a newbie on IIS) :
ASPExec - I couldn't locate any info on running ASPExec as admin account
do you recall what was involved or if it did in fact require a different tool ?
IWAM account - this does indeed look very to be very important. I will research this
but what else would I need to do for this account than to give it FULL priveleges
in my ASP directory ? I've done that, and that didn't change the outcome ...
COM+ registration - I do not have the admin password. My user (i.e., my identity
on our corporate network) does have full admin priveleges on this Win2K box,
but my user is also a member of the corporate Domain, not the local box Domain.
Does that matter - can I make myself the COM+ user , or to ask it another way,
does the COM+ app user and passwd *have* to belong to the local box Domain ?
sorry to drag this out guys, but I think that we're close :)
- steve
I'll defer to Silvers5 on most of your questions--he is much better at this sort of thing than I am. A few things, though:
The IWAM account is what Microsoft uses to launch processes, so if you are going to start a process via a web application, chances are that you'll need to give IWAM the appropriate permissions.
Giving full permissions to IWAM on your ASP directory may not be what you need (it is kind of dangerous to do so anyway). The idea is to create a directory with the .exe's or .bat's or whatever it is that you are going to call from ASPExec and then give the IWAM account permissions for that directory. You might start by giving full control to test and then by backing off the permsissions to make them as tight as you can while still running the code.
Fritz the Blank
The IWAM account is what Microsoft uses to launch processes, so if you are going to start a process via a web application, chances are that you'll need to give IWAM the appropriate permissions.
Giving full permissions to IWAM on your ASP directory may not be what you need (it is kind of dangerous to do so anyway). The idea is to create a directory with the .exe's or .bat's or whatever it is that you are going to call from ASPExec and then give the IWAM account permissions for that directory. You might start by giving full control to test and then by backing off the permsissions to make them as tight as you can while still running the code.
Fritz the Blank
ASKER
hey - great posts from both of you. Especially detailed instructions on creating a COM+
app registration are greatly appreciated !
some questions though (please bear with me I'm a newbie on IIS) :
ASPExec - I couldn't locate any info on running ASPExec as admin account
do you recall what was involved or if it did in fact require a different tool ?
IWAM account - this does indeed look very to be very important. I will research this
but what else would I need to do for this account than to give it FULL priveleges
in my ASP directory ? I've done that, and that didn't change the outcome ...
COM+ registration - I do not have the admin password. My user (i.e., my identity
on our corporate network) does have full admin priveleges on this Win2K box,
but my user is also a member of the corporate Domain, not the local box Domain.
Does that matter - can I make myself the COM+ user , or to ask it another way,
does the COM+ app user and passwd *have* to belong to the local box Domain ?
sorry to drag this out guys, but I think that we're close :)
- steve
Steve,
Did you mean to repost your last comment? Try using the reload question button rather than refreshing your page.
Fritz the Blank
Did you mean to repost your last comment? Try using the reload question button rather than refreshing your page.
Fritz the Blank
ASKER
hey - great posts from both of you. Especially detailed instructions on creating a COM+
app registration are greatly appreciated !
some questions though (please bear with me I'm a newbie on IIS) :
ASPExec - I couldn't locate any info on running ASPExec as admin account
do you recall what was involved or if it did in fact require a different tool ?
IWAM account - this does indeed look very to be very important. I will research this
but what else would I need to do for this account than to give it FULL priveleges
in my ASP directory ? I've done that, and that didn't change the outcome ...
COM+ registration - I do not have the admin password. My user (i.e., my identity
on our corporate network) does have full admin priveleges on this Win2K box,
but my user is also a member of the corporate Domain, not the local box Domain.
Does that matter - can I make myself the COM+ user , or to ask it another way,
does the COM+ app user and passwd *have* to belong to the local box Domain ?
sorry to drag this out guys, but I think that we're close :)
- steve
ASKER
Silvers5 is right on the money about the COM+ package setup
Now I can execute things - Thank-You very much. That advice was great.
I can now execute simple batch jobs that log stuff to file.
But batch jobs that run a separate process, such as a .bat file that
is just
notepad.exe
or any of my C++ executables simply hangs the browser. For my C++
job (that works in a CGI context) I have to go into Task Mgr and delete the job.
Any idea what that might mean ?
thanks
- steve