IIS Server Security, Where to disable access to wscript.shell in IIS6&IIS5?

microsoft.public.inetserver.iis.security - About IIS Web Server Security Issues


IIS Server Security >> Where to disable access to wscript.shell in IIS6&IIS5?

by Jess » Wed, 03 Mar 2004 13:17:41 GMT

Hello,

I'd like to be able to disable access to the wscript.shell extensions from
within asp and asp.net scripts by my users but can't seem to find the
location on where to apply the necessary ACLs. Any help would be most
appreciated.

Thanks,
Jess



Top
Similar Threads

1. access denied to wscript.shell 

I need to use nslookup on an asp page.  So I use the sort of code I can see 
in the discussion group
SET objShell = Server.CreateObject("Wscript.Shell")
  DIM objExec 
  SET objExec = objShell.Exec("%comspec% /c nslookup -type=MX "&host)
  
but I get "access denied" on the SET statement. (It doesn't matter what 
command I am using in the shell.)

On the physical IIS application directory Web sharing is enabled
I enable anonymous access
I have full control for the internet guest account.
I have permission for scripts and executables on the virtual directory
application protection low
read write directory browse

I have enabled web sharing for windowsSystem32. (I probably shouldn't have!)

Clearly there is something I have forgotten. But what?
-- 
Victor

2. IIS5 ==> IIS6 /fpdb .ldb files not disappearing

3. WScript.Shell is not working after windows update 

Group:

I am using a method "Run" of  the control "WScript.Shell" to execute a third 
party tool which converts TIFF to PDF. This was working fine till August 12, 
2008. But my IT department pushed the windows update on August 13 since then 
I am receiving the error "Microsoft VBScript runtime (0x800A0046) Permission 
denied".

I am using windows 2003, IIS 6.0 and ASP.

Please help me out.

Please let me know if you need more information regarding this issue.

Thanks in advance
Arunesh

4. WScript.Shell to execute Ms-DOS commands?

5. Help with WScript.Shell Object 

I've made an ASP page that calls a small executable and collects its
text output into a variable ("strExeOut") below. Below is some code similar
to the one I use for that purpose.

strExe = "C:\whatever\myprogram.exe -h1 -d33"

Set objShell = CreateObject("WScript.Shell")
Set objScriptExec = objShell.Exec(strExe)
strExeOut = objScriptExec.StdOut.ReadAll

I developed this in my own computer and the whole thing works like a charm,
but
unfortunately I assumed my hosting provider would let me run the (little and
harmless) exe, and they won't.
Therefore I have to run only the "exe" portion of the code in another web
server and send
back the output to my website on the net.

I'd like to get some feedback on what would
be the best way to call an exe on another server, and to have the output
sent back.

Any help is appreciated. Thanks in advance.

6. pinging with WScript.Shell - ASP

7. WScript.Shell Microsoft VBScript runtime error '800a0046' 

Erorr is
---------------------
Microsoft VBScript runtime error '800a0046'

Permission denied

/a.asp, line 3
-----------------------


Code is
-----------------------
<%
Set WShShell = Server.CreateObject("WScript.Shell")
WShShell.Run "cmd /c dir", 0, True

%>
-----------------------


This is a standart iis user site at c:\inetpub\wwwroot with full 
permissions to iis user.
server hasnt got any av or smilar sow installed


I have tried
------------------
editing cmd security and adding everyone user to cmd.exe just to male 
sure it gets full access


editing cscript security and adding everyone user to cmd.exe just to 
male sure it gets full access

nothaing has changed. I couldnt find any information on the net and 
filemon®mon does not rise any persmission denied errors.


can it be anything else? may be policy? if yes where can i find it?




below copy of filemon log
---------------------------------------------------

841	11:46:17	w3wp.exe:11228	OPEN	C:\Inetpub\wwwroot\a.asp	SUCCESS 
Options: Open  Access: Read	
842	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\Inetpub\wwwroot\a.asp	SUCCESS	FileFsVolumeInformation	
843	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\Inetpub\wwwroot\a.asp 
BUFFER OVERFLOW	FileAllInformation	
844	11:46:17	w3wp.exe:11228	CLOSE	C:\Inetpub\wwwroot\a.asp	SUCCESS		
845	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshom.ocx	SUCCESS	Attributes: A	
846	11:46:17	w3wp.exe:11228	OPEN	C:\WINDOWS\system32\wshom.ocx	SUCCESS 
Options: Open  Access: 00100020	
847	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshom.ocx	SUCCESS	Length: 98304	
848	11:46:17	w3wp.exe:11228	CLOSE	C:\WINDOWS\system32\wshom.ocx	SUCCESS		
849	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshom.ocx	SUCCESS	Attributes: A	
850	11:46:17	w3wp.exe:11228	OPEN	C:\WINDOWS\system32\wshom.ocx	SUCCESS 
Options: Open  Access: 00100021	
851	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshom.ocx	SUCCESS	Length: 98304	
852	11:46:17	w3wp.exe:11228	CLOSE	C:\WINDOWS\system32\wshom.ocx	SUCCESS		
853	11:46:17	w3wp.exe:11228	READ 	C:\WINDOWS\system32\wshom.ocx	SUCCESS 
Offset: 4096 Length: 32768	
854	11:46:17	w3wp.exe:11228	READ 	C:\WINDOWS\system32\wshom.ocx	SUCCESS 
Offset: 36864 Length: 20480	
856	11:46:17	w3wp.exe:11228	READ 	C:\WINDOWS\system32\wshom.ocx	SUCCESS 
Offset: 57344 Length: 4096	
857	11:46:17	w3wp.exe:11228	READ 	C:\WINDOWS\system32\wshom.ocx	SUCCESS 
Offset: 61440 Length: 16384	
858	11:46:17	w3wp.exe:11228	READ 	C:\WINDOWS\system32\wshom.ocx	SUCCESS 
Offset: 77824 Length: 16384	
859	11:46:17	w3wp.exe:11228	READ 	C:\WINDOWS\system32\wshom.ocx	SUCCESS 
Offset: 94208 Length: 4096	
860	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\WINSPOOL.DRV	SUCCESS	Attributes: A	
861	11:46:17	w3wp.exe:11228	OPEN	C:\WINDOWS\system32\WINSPOOL.DRV 
SUCCESS	Options: Open  Access: 00100021	
862	11:46:17	w3wp.exe:11228	CLOSE	C:\WINDOWS\system32\WINSPOOL.DRV	SUCCESS		
863	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\ScrRun.dll	SUCCESS	Attributes: A	
864	11:46:17	w3wp.exe:11228	OPEN	C:\WINDOWS\system32\ScrRun.dll	SUCCESS 
Options: Open  Access: 00100021	
865	11:46:17	w3wp.exe:11228	CLOSE	C:\WINDOWS\system32\ScrRun.dll	SUCCESS		
866	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\MFC42.dll	SUCCESS	Attributes: A	
867	11:46:17	w3wp.exe:11228	OPEN	C:\WINDOWS\system32\MFC42.dll	SUCCESS 
Options: Open  Access: 00100021	
868	11:46:17	w3wp.exe:11228	CLOSE	C:\WINDOWS\system32\MFC42.dll	SUCCESS		
869	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\ODBC32.dll	SUCCESS	Attributes: A	
870	11:46:17	w3wp.exe:11228	OPEN	C:\WINDOWS\system32\ODBC32.dll	SUCCESS 
Options: Open  Access: 00100021	
871	11:46:17	w3wp.exe:11228	CLOSE	C:\WINDOWS\system32\ODBC32.dll	SUCCESS		
874	11:46:17	w3wp.exe:11228	OPEN 
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 
SUCCESS	Options: Open  Access: 00100021	
875	11:46:17	w3wp.exe:11228	CLOSE 
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 
SUCCESS		
876	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\odbcint.dll	SUCCESS	Attributes: A	
877	11:46:17	w3wp.exe:11228	OPEN	C:\WINDOWS\system32\odbcint.dll 
SUCCESS	Options: Open  Access: 00100020	
878	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\odbcint.dll	SUCCESS	Length: 94208	
879	11:46:17	w3wp.exe:11228	CLOSE	C:\WINDOWS\system32\odbcint.dll	SUCCESS		
885	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\odbcint.dll	SUCCESS	Attributes: A	
886	11:46:17	w3wp.exe:11228	OPEN	C:\WINDOWS\system32\odbcint.dll 
SUCCESS	Options: Open  Access: 00100021	
887	11:46:17	w3wp.exe:11228	CLOSE	C:\WINDOWS\system32\odbcint.dll	SUCCESS		
888	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\MFC42LOC.DLL	NOT FOUND	Attributes: Error	
889	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\MFC42LOC.DLL	NOT FOUND	Attributes: Error	
890	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\MFC42LOC.DLL.DLL	NOT FOUND	Attributes: Error	
891	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshENU.DLL	NOT FOUND	Attributes: Error	
892	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshENU.DLL	NOT FOUND	Attributes: Error	
893	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\windows\system32\inetsrv\wshENU.DLL	NOT FOUND	Attributes: Error	
894	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshENU.DLL	NOT FOUND	Attributes: Error	
895	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system\wshENU.DLL	NOT FOUND	Attributes: Error	
896	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\WINDOWS\wshENU.DLL 
NOT FOUND	Attributes: Error	
897	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\inetsrv\wshENU.DLL	NOT FOUND	Attributes: Error	
898	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\Perl\site\bin\wshENU.DLL	NOT FOUND	Attributes: Error	
899	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\Perl\bin\wshENU.DLL 
NOT FOUND	Attributes: Error	
900	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshENU.DLL	NOT FOUND	Attributes: Error	
901	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\WINDOWS\wshENU.DLL 
NOT FOUND	Attributes: Error	
902	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\WBEM\wshENU.DLL	NOT FOUND	Attributes: Error	
903	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\Program Files\Microsoft 
SQL Server\90\Tools\binn\wshENU.DLL	NOT FOUND	Attributes: Error	
904	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshEN.DLL	NOT FOUND	Attributes: Error	
905	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshEN.DLL	NOT FOUND	Attributes: Error	
906	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\windows\system32\inetsrv\wshEN.DLL	NOT FOUND	Attributes: Error	
907	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshEN.DLL	NOT FOUND	Attributes: Error	
908	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system\wshEN.DLL	NOT FOUND	Attributes: Error	
910	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\WINDOWS\wshEN.DLL	NOT 
FOUND	Attributes: Error	
911	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\inetsrv\wshEN.DLL	NOT FOUND	Attributes: Error	
912	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\Perl\site\bin\wshEN.DLL	NOT FOUND	Attributes: Error	
913	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\Perl\bin\wshEN.DLL 
NOT FOUND	Attributes: Error	
914	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshEN.DLL	NOT FOUND	Attributes: Error	
915	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\WINDOWS\wshEN.DLL	NOT 
FOUND	Attributes: Error	
916	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\WBEM\wshEN.DLL	NOT FOUND	Attributes: Error	
917	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\Program Files\Microsoft 
SQL Server\90\Tools\binn\wshEN.DLL	NOT FOUND	Attributes: Error	
918	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshENU.DLL	NOT FOUND	Attributes: Error	
919	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshENU.DLL	NOT FOUND	Attributes: Error	
920	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\windows\system32\inetsrv\wshENU.DLL	NOT FOUND	Attributes: Error	
921	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshENU.DLL	NOT FOUND	Attributes: Error	
922	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system\wshENU.DLL	NOT FOUND	Attributes: Error	
923	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\WINDOWS\wshENU.DLL 
NOT FOUND	Attributes: Error	
924	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\inetsrv\wshENU.DLL	NOT FOUND	Attributes: Error	
925	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\Perl\site\bin\wshENU.DLL	NOT FOUND	Attributes: Error	
926	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\Perl\bin\wshENU.DLL 
NOT FOUND	Attributes: Error	
927	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\wshENU.DLL	NOT FOUND	Attributes: Error	
928	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\WINDOWS\wshENU.DLL 
NOT FOUND	Attributes: Error	
929	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\WBEM\wshENU.DLL	NOT FOUND	Attributes: Error	
930	11:46:17	w3wp.exe:11228	QUERY INFORMATION	C:\Program Files\Microsoft 
SQL Server\90\Tools\binn\wshENU.DLL	NOT FOUND	Attributes: Error	
931	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\windows\system32\inetsrv	SUCCESS	Attributes: D	
932	11:46:17	w3wp.exe:11228	OPEN	C:\windows\system32\inetsrv\	SUCCESS 
Options: Open Directory  Access: 00100001	
933	11:46:17	w3wp.exe:11228	DIRECTORY	C:\windows\system32\inetsrv\	NO 
SUCH FILE	FileBothDirectoryInformation: cmd"*	
934	11:46:17	w3wp.exe:11228	CLOSE	C:\windows\system32\inetsrv\	SUCCESS		
936	11:46:17	w3wp.exe:11228	OPEN	C:\WINDOWS\system32\verclsid.exe 
SUCCESS	Options: Open  Access: 001000A1	
937	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\verclsid.exe	SUCCESS	Attributes: A	
938	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\verclsid.exe	SUCCESS	Length: 29184	
939	11:46:17	w3wp.exe:11228	OPEN 
C:\WINDOWS\system32\verclsid.exe.Manifest	NOT FOUND	Options: Open 
Access: 001200A9	
940	11:46:17	w3wp.exe:11228	CLOSE	C:\WINDOWS\system32\verclsid.exe	SUCCESS		
941	11:46:17	verclsid.exe:3208	OPEN	C:\windows\system32\inetsrv\ 
SUCCESS	Options: Open Directory  Access: 00100020	
977	11:46:17	w3wp.exe:11228	OPEN	C:\windows\system32\inetsrv\	SUCCESS 
Options: Open Directory  Access: 00100001	
978	11:46:17	w3wp.exe:11228	DIRECTORY	C:\windows\system32\inetsrv\	NO 
SUCH FILE	FileBothDirectoryInformation: cmd"*	
979	11:46:17	w3wp.exe:11228	CLOSE	C:\windows\system32\inetsrv\	SUCCESS		
980	11:46:17	w3wp.exe:11228	OPEN	C:\WINDOWS\system32\	SUCCESS	Options: 
Open Directory  Access: 00100001	
981	11:46:17	w3wp.exe:11228	DIRECTORY	C:\WINDOWS\system32\	SUCCESS 
FileBothDirectoryInformation: cmd"*	
982	11:46:17	w3wp.exe:11228	DIRECTORY	C:\WINDOWS\system32\	NO MORE 
FILES	FileBothDirectoryInformation	
983	11:46:17	w3wp.exe:11228	CLOSE	C:\WINDOWS\system32\	SUCCESS		
984	11:46:17	w3wp.exe:11228	QUERY INFORMATION 
C:\WINDOWS\system32\cmd.exe	SUCCESS	Attributes: A

8. ASP, Wscript.Shell on a Windows 2003 Server Web Edition - ASP