Solved

Is it possible to change permissions on c:\windows\system32\rasdial.exe on Server 2012?

Posted on 2014-12-10
9
247 Views
Last Modified: 2014-12-19
Is it possible to change permissions on c:\windows\system32\rasdial.exe on Server 2012?    

It seems that all I can do is look at the permissions while logged on as administrator.
0
Comment
Question by:Gary Fuqua, CISSP
  • 5
  • 3
9 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40493043
It is a protected OS file and should not be changed. Even if you succeeded, you'd break windows servicing.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40493058
Shouldn't, or can't?  Was able to do this under Windows Server 2003 and it provided a solution that was used for years.    I need to execute rasdial within a batch file.   The batch file is called from a script on an ASP page on the IIS server on the 2012 machine.    This code worked on a 2003 Server.     Partly because an IIS account had execute access to the rasdial.exe file.     I tried to move a copy of the rasdial.exe to another folder where I could modify the permissions, but no joy...
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40493066
2003 was the last OS Microsoft release before they took security seriously. A *ton* has changed since then. Everything from UAC to actually granting accounts different permissions (XP/2003 saw a lot of things run as system or administrator, and malware loved it.)  

Grant the account running the IIS app-pool for your ASP page the permission to run as batch and it should work. You grant that permission via group policy. A local policy would be best unless you are building an application that you plan on scaling horizontally.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40493095
I'm the only user of this site.  No need to worry about scaling.
Created a new app pool
Created a new site
Created a single user.
Added user to "login as batch" in local policy
Granted user right to folder where batch file and copy of rasdial.exe is located.  
Batch file wiil execute rasdial using full path, if run from command prompt.  
Assigned user to identity in app pool
No joy from web.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40493123
That doesn't sound like a permissions issue with rasdial.exe then, so changing the permissions of the file (your original question) also wouldn't solve it. But windows has the security events log and audits you can turn on to identify permissions problems, and if it us an issue with IIS, it has logs as well.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40493171
Agreed.     Unfortunately the logs haven't been helpful.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40493313
Please describe what error message you get.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40495478
Here is the thread with more specifics regarding the code and errors.  http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_28578618.html#a40494031
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40498629
I have changed my mind.  I believe it is a permissions issue.   I can't seem to get IIS to execute anything, batch or exe
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Issue with server 2012 R2 and access to folders 20 50
IT Security & information risks with using Altova toolkits 11 91
SOFS cluser offline 3 44
Cloud to Hybrid 4 23
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now