Solved

Is it possible to change permissions on c:\windows\system32\rasdial.exe on Server 2012?

Posted on 2014-12-10
9
284 Views
Last Modified: 2014-12-19
Is it possible to change permissions on c:\windows\system32\rasdial.exe on Server 2012?    

It seems that all I can do is look at the permissions while logged on as administrator.
0
Comment
Question by:Gary Fuqua, CISSP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40493043
It is a protected OS file and should not be changed. Even if you succeeded, you'd break windows servicing.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40493058
Shouldn't, or can't?  Was able to do this under Windows Server 2003 and it provided a solution that was used for years.    I need to execute rasdial within a batch file.   The batch file is called from a script on an ASP page on the IIS server on the 2012 machine.    This code worked on a 2003 Server.     Partly because an IIS account had execute access to the rasdial.exe file.     I tried to move a copy of the rasdial.exe to another folder where I could modify the permissions, but no joy...
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40493066
2003 was the last OS Microsoft release before they took security seriously. A *ton* has changed since then. Everything from UAC to actually granting accounts different permissions (XP/2003 saw a lot of things run as system or administrator, and malware loved it.)  

Grant the account running the IIS app-pool for your ASP page the permission to run as batch and it should work. You grant that permission via group policy. A local policy would be best unless you are building an application that you plan on scaling horizontally.
0
SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40493095
I'm the only user of this site.  No need to worry about scaling.
Created a new app pool
Created a new site
Created a single user.
Added user to "login as batch" in local policy
Granted user right to folder where batch file and copy of rasdial.exe is located.  
Batch file wiil execute rasdial using full path, if run from command prompt.  
Assigned user to identity in app pool
No joy from web.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40493123
That doesn't sound like a permissions issue with rasdial.exe then, so changing the permissions of the file (your original question) also wouldn't solve it. But windows has the security events log and audits you can turn on to identify permissions problems, and if it us an issue with IIS, it has logs as well.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40493171
Agreed.     Unfortunately the logs haven't been helpful.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40493313
Please describe what error message you get.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40495478
Here is the thread with more specifics regarding the code and errors.  http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_28578618.html#a40494031
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40498629
I have changed my mind.  I believe it is a permissions issue.   I can't seem to get IIS to execute anything, batch or exe
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question