File permissions from ASP - ASP / Active Server Pages

ewallig

Hi all, need help -

As part of a ASP-based AD account creation tool, I need to
set file permissions on the newly-created user's home
folders. I'm using CACLS to do this and calling it from
within the ASP page. The page is used by instructors who
do not have admin rights (OU that they work in has been
delegated to them and they have "Modify" and
various "Special" NTFS permissions on the home share,
including "Change Permissions". I'm running in Integrated
Windows Authentication mode with Anonymous Access disabled.

This has worked fine under W2K for over a year and almost
1400 accounts. However, I rebuilt my server w/ Windows
2003 last week and now it only works for admins. The non-
admins can still create accounts, but they are getting
a "permission denied" on the line of code in the ASP page
that runs the CACLS command.

I've tried a couple of things, including changing the
Application Pool Identity to LocalSystem and ensuring that
Scripts/Executables are selected on the Home Directory
page. I even went as far as invoking IIS5 Isolation Mode
and turning the Process Isolation Level down to Low (what
I had to do in W2K for it to work) but still no success.

Again, it works for anyone w/ admin rights, but thats not
an option. Any thoughts out there? I really need this to
work again - we add 40-80 users a week and its putting me
way behind having to set these permissions, even with a
script.

Thanks as always, please feel free to email me at
we********@gcfl earnfree.org if you have any questions or
ideas.

Jul 19 '05 #1

Subscribe Reply

2300

Atrax

I wonder, have you checked the NTFS permisisons on the cacls.exe file
itself?

_______________ _______________ __________
Atrax. MVP, IIS
http://rtfm.atrax.co.uk/

newsflash : Atrax.Richedit 1.0 now released.
http://rtfm.atrax.co.uk/infinitemonk...trax.RichEdit/

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Jul 19 '05 #2

ewallig

Good idea, but if I log on as one of the users and then
run the CACLS command from the CLI, it runs without a
problem - its just having problems running from the web
page.

I had this problem when I was using W2K Server; the
solution was to set the Process Isolation to Low but that
hasn't helped in this case.

Thanks for the input though...

-----Original Message-----
I wonder, have you checked the NTFS permisisons on the cacls.exe fileitself?

______________ _______________ ___________
Atrax. MVP, IIS
http://rtfm.atrax.co.uk/

newsflash : Atrax.Richedit 1.0 now released.
http://rtfm.atrax.co.uk/infinitemonk...onents/Atrax.R ichEdit/
*** Sent via Developersdex http://www.developersdex.com ***Don't just participate in USENET...get rewarded for it!
.

Jul 19 '05 #3

ewallig

OK, more information - I ran FileMon while attempting to
execute the web page under a non-admin user. Here's what I
got:

821 9:15:53 AM inetinfo.exe:32 08 IRP MJ_CREATE
C:\WINDOWS\syst em32\cmd.exe ACCESS DENIED Attributes:
Any Options: Open

This happens everytime a non-admin user tries to run this
page, but not whne an admin runs it - any idea who and
what I need to grant permissions to?
Thanks

-----Original Message-----
I wonder, have you checked the NTFS permisisons on the cacls.exe fileitself?

______________ _______________ ___________
Atrax. MVP, IIS
http://rtfm.atrax.co.uk/

newsflash : Atrax.Richedit 1.0 now released.
http://rtfm.atrax.co.uk/infinitemonk...onents/Atrax.R ichEdit/
*** Sent via Developersdex http://www.developersdex.com ***Don't just participate in USENET...get rewarded for it!
.

Jul 19 '05 #4

ewallig

Hi again,

As it turns out, you were really close with your
suggestion about permissions on CACLS. It turns out that
Windows 2003 / IIS 6 does not implicitly allow access to
external system functions (anything in System32) from a
web page to anyone other than administrators.

So even though my users could access the command prompt
normally and could run CACLS from vbscripts (or from the
CLI) they could not run CACLS from ASP because the code
calls the command prompt to run it.

Adding their groups to the CMD.exe ACL list and giving
them Read and Execute solved the problem.
Thanks again,

Ed Wallig
Network Administrator
GCF Global Learning

-----Original Message-----
I wonder, have you checked the NTFS permisisons on the cacls.exe fileitself?

______________ _______________ ___________
Atrax. MVP, IIS
http://rtfm.atrax.co.uk/

newsflash : Atrax.Richedit 1.0 now released.
http://rtfm.atrax.co.uk/infinitemonk...onents/Atrax.R ichEdit/
*** Sent via Developersdex http://www.developersdex.com ***Don't just participate in USENET...get rewarded for it!
.

Jul 19 '05 #5

Similar topics

3182

flock and reading file into array

by: deko | last post by:

Do I need to use flock() when reading a file into an array? It's possible that the file in question could be open at the time the file('filename') request is made. I realize flock() is required when opening a file with fopen() when there is contention for the file: $fp=fopen($ctr, 'w'); //only write if we can get lock on file if (flock($fp, LOCK_EX)) { fwrite($fp, "0");

PHP

6477

cannot unlink file that Apache and I have permissions to delete

by: Phil Powell | last post by:

print_r(is_file("$logPath/$logFileName")); // RETURNS 1 unlink("$logPath/$logFileName"); // RETURNS WARNING: PERMISSION DENIED This code should tell me that the file located at $logPath/$logFileName should delete the log file, however, it never deletes it due to permissions error. However, upon checking the file properties I find this:

PHP

2332

Re setting file permissions...

by: Fran Tirimo | last post by:

I am developing a small website using ASP scripts to format data retrieved from an Access database. It will run on a Windows 2003 server supporting FrontPage extensions 2002 hosted by the company 1&1 with only limited server configuration via a web based control panel. My query relates to the ASP security model and how it relates to FrontPage options for setting file access on a database file. If you know of any online documentation...

ASP / Active Server Pages

3943

ASP security model / file permissions to allow updating of a database

by: Fran Tirimo | last post by:

ASP / Active Server Pages

2840

Creating a file that can be seen in the browser

by: David Thielen | last post by:

Hi; My ASP.NET app (C# calling J# under .net 2.0) creates a png file in a subdirectory to display as part of the created page. However, the bitmap will not display due to a security violation. Everything is the default settings I believe. IIS is running under Local System. In IIS the DefaultAppPool is running under Network Service. Annonymous access uses the account IUSR_JASMINE (machine name is Jasmine).

ASP.NET

2626

setting file permissions on a web server

by: John Salerno | last post by:

I always read about how you need to set certain file permissions (for cgi files, for example), but it's never been clear to me *how* you do this. I know you can run the line chmod 755 scriptname.py but *where* do you run this? Is this done on your personal system, or on the server? What if you are using Windows? If it's done on the server, how do you do it?

Python

19136

Checking if a file exists regardless of the permissions on it

by: sprash | last post by:

Newbie question: I'm trying to determine if a file physically exists regardless of the permissions on it Using File.Exists() returns false if it physically exists but the process does not have the necessary permissions. One hack could be to check for length and that would throw a FileNotFoundException ...but there is got to be a better way!

C# / C Sharp

1405

file upload permissions issue

by: Tim Payne | last post by:

I have an odd permissions issue with uploading files to a windows 2003 server. I have a reasonably unusual setup. We have a php website, running through IIS that was written to use mod_rewrite. Obviously, this doesn't exist in IIS, so as a workaround, I have the .net isapi dll as a wildcard handler for the site, with the rewriting done by .net, which then passes the processng back to the php pages. So far so good. When I attempt to...

ASP.NET

5467

Triggering a "Exceeds Max File Size" error in freeASPUpload

by: chrisj | last post by:

I'm using freeASPupload and got some assistance integrating to a Member script. It works successfully. In this modified version there are two groups that use this upload script. Members of one group get automatically re-directed after uploading. However, this member group never gets the benefit of knowing if they've uploaded an incorrect file size or incorrect file extension. Members from the second group do see the "exceeds max file...

ASP / Active Server Pages

2053

Need Help with File Permissions

by: beary | last post by:

Hello everyone, I posted this in unix/linux but it received no replies, so I assume it was the wrong forum. I'm trying here. I'm in way over my head with file permissions. The directory and files are sitting on a linux server. I know almost nothing about linux. The background: I was given a web share by my IT admin. Initially, the web share had 3 users, myself (as the owner) ,root (the group) and everyone. I could copy and paste from my...

General

9786

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

9641

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

10769

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

10523

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

10199

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

7741

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

6948

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4409

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

3956

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP