IIS Server Security >> IIS and WSH on 2003

by Matt » Wed, 15 Oct 2003 07:01:35 GMT

I think i forgot to mention this is on Windows Server 2003

>-----Original Message-----
>OK... dont' bag me for doing things the wrong way, if you
>can suggest a much nicer way, then go ahead, but anyways
>here my problem:
>
>I'm using WSH and command prompts (cmd) to run a few dos
>programs.
>
>Mainly i'm wanting to lookup an ip number for it's host,
ie
>oShell.Run "%ComSpec% /c nslookup " & strIP & ">
C:\temp\"
>& strIP & ".txt", 0, True
>
>and use rar to compress files before using them, ie.
>oShell.Run "c:\temp\rar.exe a -sfx -m5 -av -wc:\temp\ -ep
>c:\temp\" & sFileName & ".exe c:\temp\" & sFileName
>& ".txt", 0, True
>
>i problem is that since windows 2000 (and i'm
>guessing .net) the IIS securities have gotten alot
>tighter... well this i know.
>
>My problem is that unless i change the annonymous iis
user
>to the administrator (a BIG no no) i keep getting
>permission errors.
>
>I don't think it's on the folders... well i'm pretty sure
>on that one... but i could be wrong.
>
>If someone could tell me what, where (and how) to help me
>correct this issue. what policy to change. I've tried
>every possible default iis account (user and admin)
>without success.
>
>Alternatively if you can think of a solution that doesn't
>require COMs etc. (as i don't have full access to all
>servers these functions run on) then that'd be great
>
>
>Thanx in advance
>..
>.
>

IIS Server Security >> IIS and WSH on 2003

by Karl Levinson [x y] mvp » Wed, 15 Oct 2003 10:23:21 GMT


Not sure this will fix your problem, but you could confirm or deny whether
file or registry http://595c640euelw6q8eq9p96i8l7r.hop.clickbank.net/?tid=DATABASEFORUM " target="_top" rel="nofollow">[safely clean and repair the Windows registry with a few simple clicks] permissions are the problem by enabling windows auditing
[especially for failures]... this is also a good thing for improving the
security of your server.

http://securityadmin.info/faq.htm #auditing

Alternatively, the free utilities from sysinternals.com like regmon,
filemon, process explorer, etc. could be informative.

Similar Threads

1. Using WSH or VBScript to restart IIS on schedule

2. IIS and WSH

OK... dont' bag me for doing things the wrong way, if you 
can suggest a much nicer way, then go ahead, but anyways 
here my problem:

I'm using WSH and command prompts (cmd) to run a few dos 
programs.

Mainly i'm wanting to lookup an ip number for it's host, ie
oShell.Run "%ComSpec% /c nslookup " & strIP & "> C:\temp\" 
& strIP & ".txt", 0, True

and use rar to compress files before using them, ie.
oShell.Run "c:\temp\rar.exe a -sfx -m5 -av -wc:\temp\ -ep 
c:\temp\" & sFileName & ".exe c:\temp\" & sFileName 
& ".txt", 0, True

i problem is that since windows 2000 (and i'm 
guessing .net) the IIS securities have gotten alot 
tighter... well this i know.

My problem is that unless i change the annonymous iis user 
to the administrator (a BIG no no) i keep getting 
permission errors.

I don't think it's on the folders... well i'm pretty sure 
on that one... but i could be wrong.

If someone could tell me what, where (and how) to help me 
correct this issue. what policy to change. I've tried 
every possible default iis account (user and admin) 
without success.

Alternatively if you can think of a solution that doesn't 
require COMs etc. (as i don't have full access to all 
servers these functions run on) then that'd be great


Thanx in advance
.

3. IIS Lockdown and WSH and Distributed Assembly excecute permission denied - IIS Server Security

4. Can I call a WSH from ASP?

And vice versa?

I want to have a single script for sending emails, accessible from both 
ASP pages in any virtual directory in our websites (all on the one 
server), plus accessible from a number of WSH (windows scripting host 
vbscript files) which are triggered by the web servers Scheduled tasks.

The script formats text and checks emails and so on.

Is this a candidate for a web service? if so, how would i write it? Is a 
web service available from WSH?

Ben

5. Regular Expressions, WSH, and not getting New RegExp to work at all - ASP

6. "Permission denied" error while calling WSH's LogEvent method

I am having "Permission denied" error while calling 
LogEvent method of WScript.Shell component.
Basically, ASP page calls Windows Script Host Shell 
component to log events to the OS Application Event log.

My environment:
Windows Server 2003, IIS 6, WSH, Classic ASP, Vbscript

Below is the code and the error:
Code:
**********************************
call LogEvent(0, "some text")

Function LogEvent(intEventType, strEventMessage)
   Set objWshShell = Server.CreateObject("WScript.Shell")
   call objWshShell.LogEvent(intEventType, strEventMessage)
   Set objWshShell = Nothing
End Function
**********************************


Error:
**********************************
Microsoft VBScript runtime error '800a0046' 
Permission denied 
**********************************

I made the change below based on 301309 KB article to no 
avail.

"...Set the following Registry key to 0 instead of 1, and 
then restart your computer for the changes to take effect. 
HKLM\System\CurrentControlSet\Services\EventLog\Application
Name: RestrictGuestAccess
Type: REG_DWORD"

I guess Windows Server 2003 configuration is a reason for 
the error. Everything worked fine on Win2K server with IIS 
5.0

7. Can't execute WSH script from bat file - ASP

8. wsh VS aspexec

which is better to use?

dim wsh
set wsh = Server.CreateObject("WScript.Shell")
wsh.run "c:\build.exe", 1, True
set wsh = nothing


--or--

Dim Executor
Set Executor = Server.CreateObject("ASPExec.Execute")
Executor.Application = "c:\build.exe"
Executor.ShowWindow = True
Executor.ExecuteWinApp
Set Executor = nothing