Access is denied when running GnuPG on Windows Server 2008

I've inherited some code that attempts to encrypt a text file by programmatically calling gpg.exe. It works fine on my WinXP Pro dev machine but will not work when I deploy to a Win Server 08 SP2 machine. The application is an ASP.NET 2.0 app in VB.NET. When I use the debugger to inspect the Process object it says the process exited with an Exit Code of 2 and the MainModule property has a value of "Access is denied". I used Process Monitor to capture some results and it seems that gpg.exe is denied access to create a pubring.gpg file in the following path:

C:\Windows\System32\config\systemprofile\AppData\Roaming\gnupg\

I've also tried passing the "homedir" argument to gpg.exe to no avail. Could this be an impersonation problem of some kind? Any ideas are appreciated.

Windows Server 2008 SP2
ASP.NET 2.0
GnuPG Version 1.4.10


Dim psi As New ProcessStartInfo(HttpContext.Current.Request.PhysicalApplicationPath & "App_Data\\gpg.exe")

psi.UseShellExecute = False
psi.CreateNoWindow = False
psi.RedirectStandardOutput = False
psi.RedirectStandardInput = True
psi.RedirectStandardError = False

psi.Arguments = " --always-trust -e -r """ & PublicKeyName & """ """ & fileLoc & """"

Dim proc As Process = Process.Start(psi)
proc.WaitForExit()
proc.Close()

Open in new window

Curto123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

vb_studentCommented:
server 2008 is akin to vista. they added HUGE security features to vista. in fact vista runs almost all programs as a standard user. thus if you are making a change to a core file directory such as C:\windows or C:\program files you have to jump through quiet a few hoops. in fact for me to change a system file that had an error i had to manualy change it's security properties. i hope you get this working.
0
Curto123Author Commented:
Hi there. Yes, I was thinking that the problem was along those lines. Win Server 08 displays all those irritating prompts like Vista does. "You must be an administrator to do this", "Are you sure you want to do this", blah blah blah. I've never run into this before as this is the first time I've deployed an app to 08. Unfortunately, my options are limited as this is a client machine and I do not have full control over it. I also do not want to turn off any important security settings and leave the server wide open.
Does anyone have experience or known good code examples to work around this type of problem in Win Server 08?
0
Curto123Author Commented:
The solution turned out to be super simple. First, I created a new keyring associated with my domain account and imported the keys that I needed. GnuPG creates keyring and trustdb files on Win Server 08 for users at C:\Users\USERNAME\AppData\Roaming\gnupg where USERNAME is your domain username. Second, I copied all the files in this directory to the following directory:  C:\Windows\System32\config\systemprofile\AppData\Roaming\gnupg\.
The application code launches the gpg.exe process under the context of the system account (as pointed out by vb_student above). So it uses a profile that is located in the System32 folder. If the needed files do not exist then it attempts to create them. However, it does not have permission to do so. I just gave it a helping hand and created them for it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.