?
Solved

Is it possible to change permissions on c:\windows\system32\rasdial.exe on Server 2012?

Posted on 2014-12-10
9
Medium Priority
?
309 Views
Last Modified: 2014-12-19
Is it possible to change permissions on c:\windows\system32\rasdial.exe on Server 2012?    

It seems that all I can do is look at the permissions while logged on as administrator.
0
Comment
Question by:Gary Fuqua, CISSP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 40493043
It is a protected OS file and should not be changed. Even if you succeeded, you'd break windows servicing.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40493058
Shouldn't, or can't?  Was able to do this under Windows Server 2003 and it provided a solution that was used for years.    I need to execute rasdial within a batch file.   The batch file is called from a script on an ASP page on the IIS server on the 2012 machine.    This code worked on a 2003 Server.     Partly because an IIS account had execute access to the rasdial.exe file.     I tried to move a copy of the rasdial.exe to another folder where I could modify the permissions, but no joy...
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40493066
2003 was the last OS Microsoft release before they took security seriously. A *ton* has changed since then. Everything from UAC to actually granting accounts different permissions (XP/2003 saw a lot of things run as system or administrator, and malware loved it.)  

Grant the account running the IIS app-pool for your ASP page the permission to run as batch and it should work. You grant that permission via group policy. A local policy would be best unless you are building an application that you plan on scaling horizontally.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40493095
I'm the only user of this site.  No need to worry about scaling.
Created a new app pool
Created a new site
Created a single user.
Added user to "login as batch" in local policy
Granted user right to folder where batch file and copy of rasdial.exe is located.  
Batch file wiil execute rasdial using full path, if run from command prompt.  
Assigned user to identity in app pool
No joy from web.
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40493123
That doesn't sound like a permissions issue with rasdial.exe then, so changing the permissions of the file (your original question) also wouldn't solve it. But windows has the security events log and audits you can turn on to identify permissions problems, and if it us an issue with IIS, it has logs as well.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40493171
Agreed.     Unfortunately the logs haven't been helpful.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40493313
Please describe what error message you get.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40495478
Here is the thread with more specifics regarding the code and errors.  http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_28578618.html#a40494031
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 40498629
I have changed my mind.  I believe it is a permissions issue.   I can't seem to get IIS to execute anything, batch or exe
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question