permissions error when calling WScript.Shell and ftp.exe

Posted on 2008-11-12
Last Modified: 2013-12-04
I'm trying to do some FTP transfers within an ASP page. I'm getting an "access is denied" error on this statement:

set WSX=objShell.Exec("ftp.exe -i -s:D:\folder\tempN5L17ZO1LT.ftp")

I'm rather unfamiliar with WScript.Shell. I'm not sure where the permission problem is. Is it when trying to run ftp.exe itself? I'm not sure how this statement works, for example how does it know where to find ftp.exe?
Question by:bbdesign
    LVL 25

    Accepted Solution

    it's because essentially you are logging into the servers shell as the IUSR_machinename account (which is the anon, IIS user), and by defautl this user has barely any permissions.  In order for this to work for you, you would have to give that user Execute permissions on the ftp.exe file (which generally is not a very good idea to do...)

    Author Comment

    OK, so if I need to do FTP transactions within ASP, it may be a better idea to install an FTP component program instead of trying to give permissions to FTP.EXE to the anon. user account? I thought it would be nice if I didn't have to install a component to accomplish what I'm trying to do, but I don't want to screw up security either. Thanks!
    LVL 51

    Expert Comment

    The Windows FTP service (or any FTP service) is the least secure service available.  Generally when a Windows server is hacked, FTP is the weak link.  If you search there are articles for doing uploads/downloads directly in ASP code without FTP.

    Author Comment

    OK, here is what I'm trying to do, and maybe this isn't the best way, but its all I could figure out for now. I would love to hear any better suggestions.

    Files sit in a wwwroot directory and do not have write permissions. There is an FTP account with access to the site, however.

    Client logs in to an admin interface, I want them to be able to edit the text files in a browser.

    I created a folder outside the wwwroot directory that does have write permissions, but is otherwise inaccessible from browsers (for security).

    My idea was to FTP a temporary version of the file into the write permissions folder, do all editing there, then when a "publish" button is clicked, FTP the file back into the wwwroot directory.

    I'm basically trying to get around the fact that there are no write permissions on the files, and use the FTP permissions that already exist, instead.

    Author Closing Comment

    Sorry this took so long, thanks for the advice. I decided to install an FTP component instead of using the Windows FTP.exe, so I abandoned the Shell idea altogether. Seems to be working well now.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    First let me explain that I am extremely paranoid about computer security issues and computer backup issues.  This means that I only feel safe if I am running unknown programs and visiting unknown sites in a virtual machine.  In that way, if anythin…
    Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now