Solved

ASPExec - cannot write files or create process ?

Posted on 2002-04-08
9
454 Views
Last Modified: 2012-08-14

 Hello - using ASPExec to try to execute a batch file
   
   in an ASP page.  But I cannot write a log file
 (Access denied) and I cannot kick off another job
 with a parameter (Cannot create process)

  IUSR_mymachine has ALL priveleges on the directory
  in question where my ASP page is

  I can execute simple DOS commands such as dir
  in my batch file, but that seems to be the limit.

  what else do I need to know ?
0
Comment
Question by:stevenmcheerful
  • 4
  • 3
  • 2
9 Comments
 
LVL 20

Expert Comment

by:Silvers5
ID: 6925190
you will need to give the iusr privilieges on where to create the files.. ASPexec has the option to run in an administrator account context.. go to serverobjects , I guess they have a tool for that..
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 6925196
I think that the IWAM account needs to have priviledges in order to launch a process, and as Silvers5 indicates, the IUSR account needs to have change priviledges for reading, writing and deleting.

Fritz the Blank
0
 
LVL 20

Accepted Solution

by:
Silvers5 earned 100 total points
ID: 6925204
otherwise include aspexec.dll in an MTS or COM+ package this way:

Start the Component services..in the tree select computers.. mycomputer..com+ applications...right click on it--> new -> application.. now in the wizard click next and select an empty application -> name your package  leave it in server process and click next -> Select the user and enter an account with enough rights to fufill your com jobs (admin account for ex) -> Finish..

now in the tree expand the new package untill you see the component directory-> right click it -> select new component-> in the wizard click next.. you can either install a new component if it's not registred or install a registred one if you already registred your dll (you select the 2nd choice) -> Select your component from the list (internal name displayed) -> Finish..

and voila..


In MTS (IIS4)

Start MMC (Microsoft management console.. from IIS or MTS) -> Select in the tree Microsoft Transaction.. -> My computer ->right click packages installed -> new package -> click on create an empty package and name the package, next -> select this user and give an admin user for the package -> finish  , now we'll need to include your registered component in the package(dll).. Expand the newly created package in the tree and right click on components folder-> new component -> select import components that are already registered -> you'll get a list of registered components on that machine.. select your component to include by it's class name -> Finish  note that your activex dll should be set to run unattended while compiling..


0
 

Author Comment

by:stevenmcheerful
ID: 6928172

  hey - great posts from both of you.  Especially detailed instructions on creating a COM+
        app registration are greatly appreciated !

   some questions though (please bear with me I'm a newbie on IIS) :

   ASPExec - I couldn't locate any info on running ASPExec as admin account
            do you recall what was involved or if it did in fact require a different tool ?

   IWAM account - this does indeed look very to be very important.  I will research this
             but what else would I need to do for this account than to give it FULL priveleges
            in my ASP directory  ?  I've done that, and that didn't change the outcome  ...

   COM+ registration -  I do not have the admin password.  My user (i.e., my identity
           on our corporate network) does have full admin priveleges on this Win2K box,
           but my user is also a member of the corporate Domain, not the local box Domain.

           Does that matter - can I make myself the COM+ user , or to ask it another way,
         does the COM+ app user and passwd *have* to belong to the local box Domain ?

   sorry to drag this out guys, but I think that we're close    :)

   - steve
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 6928217
I'll defer to Silvers5 on most of your questions--he is much better at this sort of thing than I am. A few things, though:

The IWAM account is what Microsoft uses to launch processes, so if you are going to start a process via a web application, chances are that you'll need to give IWAM the appropriate permissions.

Giving full permissions to IWAM on your ASP directory may not be what you need (it is kind of dangerous to do so anyway). The idea is to create a directory with the .exe's or .bat's or whatever it is that you are going to call from ASPExec and then give the IWAM account permissions for that directory. You might start by giving full control to test and then by backing off the permsissions to make them as tight as you can while still running the code.

Fritz the Blank
0
 

Author Comment

by:stevenmcheerful
ID: 6928240

  hey - great posts from both of you.  Especially detailed instructions on creating a COM+
        app registration are greatly appreciated !

   some questions though (please bear with me I'm a newbie on IIS) :

   ASPExec - I couldn't locate any info on running ASPExec as admin account
            do you recall what was involved or if it did in fact require a different tool ?

   IWAM account - this does indeed look very to be very important.  I will research this
             but what else would I need to do for this account than to give it FULL priveleges
            in my ASP directory  ?  I've done that, and that didn't change the outcome  ...

   COM+ registration -  I do not have the admin password.  My user (i.e., my identity
           on our corporate network) does have full admin priveleges on this Win2K box,
           but my user is also a member of the corporate Domain, not the local box Domain.

           Does that matter - can I make myself the COM+ user , or to ask it another way,
         does the COM+ app user and passwd *have* to belong to the local box Domain ?

   sorry to drag this out guys, but I think that we're close    :)

   - steve
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 6928292
Steve,

Did you mean to repost your last comment? Try using the reload question button rather than refreshing your page.

Fritz the Blank
0
 

Author Comment

by:stevenmcheerful
ID: 6928914

  hey - great posts from both of you.  Especially detailed instructions on creating a COM+
        app registration are greatly appreciated !

   some questions though (please bear with me I'm a newbie on IIS) :

   ASPExec - I couldn't locate any info on running ASPExec as admin account
            do you recall what was involved or if it did in fact require a different tool ?

   IWAM account - this does indeed look very to be very important.  I will research this
             but what else would I need to do for this account than to give it FULL priveleges
            in my ASP directory  ?  I've done that, and that didn't change the outcome  ...

   COM+ registration -  I do not have the admin password.  My user (i.e., my identity
           on our corporate network) does have full admin priveleges on this Win2K box,
           but my user is also a member of the corporate Domain, not the local box Domain.

           Does that matter - can I make myself the COM+ user , or to ask it another way,
         does the COM+ app user and passwd *have* to belong to the local box Domain ?

   sorry to drag this out guys, but I think that we're close    :)

   - steve
0
 

Author Comment

by:stevenmcheerful
ID: 6931606

 Silvers5 is right on the money about the COM+ package setup

 Now I can execute things - Thank-You very much.  That advice was great.

 I can now execute simple batch jobs that log stuff to file.

 But batch jobs that run a separate process, such as a .bat file that
 is just


 notepad.exe

 or any of my C++ executables simply hangs the browser.  For my C++
job (that works in a CGI context) I have to go into Task Mgr and delete the job.

Any idea what that might mean ?

thanks
 
- steve
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Dynamic? Dropdown Box 29 70
Webdav server error 405 using iannotate on ipad 11 137
ASP SQL Syntax Duplicate Key 7 69
Pass through dll 2 38
I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now