Solved

Is it possible to change permissions on c:\windows\system32\rasdial.exe on Server 2012?

Posted on 2014-12-10
9
237 Views
Last Modified: 2014-12-19
Is it possible to change permissions on c:\windows\system32\rasdial.exe on Server 2012?    

It seems that all I can do is look at the permissions while logged on as administrator.
0
Comment
Question by:Gary Fuqua, CISSP
  • 5
  • 3
9 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
Comment Utility
It is a protected OS file and should not be changed. Even if you succeeded, you'd break windows servicing.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
Comment Utility
Shouldn't, or can't?  Was able to do this under Windows Server 2003 and it provided a solution that was used for years.    I need to execute rasdial within a batch file.   The batch file is called from a script on an ASP page on the IIS server on the 2012 machine.    This code worked on a 2003 Server.     Partly because an IIS account had execute access to the rasdial.exe file.     I tried to move a copy of the rasdial.exe to another folder where I could modify the permissions, but no joy...
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
2003 was the last OS Microsoft release before they took security seriously. A *ton* has changed since then. Everything from UAC to actually granting accounts different permissions (XP/2003 saw a lot of things run as system or administrator, and malware loved it.)  

Grant the account running the IIS app-pool for your ASP page the permission to run as batch and it should work. You grant that permission via group policy. A local policy would be best unless you are building an application that you plan on scaling horizontally.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
Comment Utility
I'm the only user of this site.  No need to worry about scaling.
Created a new app pool
Created a new site
Created a single user.
Added user to "login as batch" in local policy
Granted user right to folder where batch file and copy of rasdial.exe is located.  
Batch file wiil execute rasdial using full path, if run from command prompt.  
Assigned user to identity in app pool
No joy from web.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
That doesn't sound like a permissions issue with rasdial.exe then, so changing the permissions of the file (your original question) also wouldn't solve it. But windows has the security events log and audits you can turn on to identify permissions problems, and if it us an issue with IIS, it has logs as well.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
Comment Utility
Agreed.     Unfortunately the logs haven't been helpful.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Please describe what error message you get.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
Comment Utility
Here is the thread with more specifics regarding the code and errors.  http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_28578618.html#a40494031
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
Comment Utility
I have changed my mind.  I believe it is a permissions issue.   I can't seem to get IIS to execute anything, batch or exe
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now