Yeah; that's kinda what I ran into. Two things... One, if we provide access to net.exe to the IUSR account, how ugly is that hole? If they can run net send, they can run net anything, right? Not sure I like that, but I'm not sure how ugly it really is. Two, how do we provide the perms on net.exe? I tried copying it to another directory and applying read and execute perms to that directory, but it didn't change anything. Is there a how-to anywhere for us non-IIS gurus? Thanks!
********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet > Sent: Wednesday, November 03, 2004 11:12 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Scripting question - Net Send command > > As a security feature on w2k3, the IUSR_ user id has no permissions to > any files (including net.exe). > > Either give the IUSR_ account permissions to net.exe, or configure the > web site to run under a user id that has permission. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Charlie Kaiser > Sent: Wednesday, November 03, 2004 12:42 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Scripting question - Net Send command > > > We're porting our old intranet (NT4/IIS4) to a new server (W2K3/IIS6) > and have run into an authentication issue that I need some help with. > There's a legacy code chunk that does a net send command to create a > popup on a user's PC to tell them a new request has come in that they > need to deal with. I'd prefer that they used email for this, but > apparently checking email regularly is too much trouble for them. They > want a pop-up. :-) The problem is that we can't get Net Send to launch > properly. Here's the distilled code: <% > dim oWSH > Set oWSH = CreateObject("WScript.Shell") > oWSH.Run "NET SEND " & "test4" & " testing." > %> > That is embedded into an ASP file, which is run by a user > connecting to > a webpage stored on the new IIS server. The rest of the > script includes > some authentication procedures that identify the logged on user and > allow or deny page access based on AD Group membership. > > If I run it from my workstation, with my admin credentials, it runs > fine. If I run it from a PC logged in as a standard user, we get > "Microsoft VBScript runtime error '800a0046' Permission denied > /CNK/ww2.asp, line 4". > > Is there a way to: > 1. Force the net send command to securely run as a different user > without exposing elevated credentials? 2. Use a different method to > create the popup window? > > Thanks for any help... > > > > ********************** > Charlie Kaiser > MCSE, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ********************** > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
