468,161 Members | 1,941 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,161 developers. It's quick & easy.

Can't run a batch file from ASP

Hello everyone, :)

I can't seem to get around some annoying permission issues when I attempt to run a quick test where I call a batch file from my ASP script.

I'm running this on my XP Pro machine with IIS 5.1

Here is my test script (batchtest.asp):
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <body>
  3.  
  4. <h1>
  5. <%    
  6.     Dim wshell
  7.  
  8.     Set wshell = Server.CreateObject("WScript.Shell") 
  9.     Call wshell.Run("C:\Inetpub\wwwroot\test2.bat",0,true)
  10.     'wshell.Run "C:\Inetpub\wwwroot\test2.bat"
  11.  
  12.     Set wshell = nothing 
  13. %>
  14. </h1>
  15.  
  16. </body>
  17. </html>
  18.  
The batch file simply does "ECHO Hello"

No matter what I do, I get a "permission denied" issue.

1) What is the correct syntax to run a system command? (You can see in my test script I have two scenarios)

2) Where does the batch file need to be? Can I place it in the same folder as my ASP script?

3) What permissions need to be set? Do I need to set permissions in IIS, the wwwroot folder, the batch file itself, etc...??

Thank you millions!!!

-Cryo
Jan 11 '08 #1
4 12597
jehrich
24
Hi Cryo,

I'm not sure about the syntax, but I think your commented version is correct.

Classic ASP files run under the context of the "Anonymouse Internet User" account defined for the virtual web server that it's executed from. Technically you can place your batch file just about anywhere, but you must make sure that this account (typically IUSR_machinename) has at least read access to the file (and any other files that the file uses if it gets more complicated than 'ECHO Hello'). You can do this by right-clicking the batch file (or it's parent folder if you want to allow running all batch files in this folder) and adding the account on the security tab.

Hope that helps.

JE
Jan 12 '08 #2
Hi Cryo,

I'm not sure about the syntax, but I think your commented version is correct.

Classic ASP files run under the context of the "Anonymouse Internet User" account defined for the virtual web server that it's executed from. Technically you can place your batch file just about anywhere, but you must make sure that this account (typically IUSR_machinename) has at least read access to the file (and any other files that the file uses if it gets more complicated than 'ECHO Hello'). You can do this by right-clicking the batch file (or it's parent folder if you want to allow running all batch files in this folder) and adding the account on the security tab.

Hope that helps.

JE
Thank you for the response! I think my test wouldn't work regardless (since I need to response.write the ouput... I'm thinking unix), but I set all of the permissions for the batch file and it still didn't work. I found this snippit from another site and now it seems that the batch file runs.

Expand|Select|Wrap|Line Numbers
  1. Permissions is the most likely cause. If you open a command prompt on your
  2. 2003 machine and enter "cacls %comspec%" you'll get something like:
  3.  
  4. C:\WINDOWS\system32\cmd.exe NT AUTHORITY\INTERACTIVE:R
  5. NT AUTHORITY\SERVICE:R
  6. BUILTIN\Administrators:F
  7. NT AUTHORITY\SYSTEM:F
  8. BUILTIN\Administrators:F
  9. RAY2003\TelnetClients:R
  10.  
  11. Notice that the IUSR account does not have rights, nor does the guest group.
  12.  
  13. Enter this: cacls %comspec% /E /G IUSR_your_server_name:R
  14.  
I hope I didn't just make my system vulnerable???
Jan 14 '08 #3
jehrich
24
Yes, of course... I completely forgot about the command interpreter itself.

I'm not a security expert, but I do know that there have been many efforts to prevent anonymous internet users from starting cmd.exe - after all, you don't want just anyone to be able to run "del c:\*.*" on your machine. I suspect you have just bypassed many of these security measures.

Perhaps it would be a good idea to consider taking the functionlity out of your batch file and putting it directly into your ASP code. This way you could avoid giving more access than necessary to the IUSR account.

Either way, one of my favorite utilities for troubleshooting permission related problems is procmon from Sysinternals.

Good luck!

JE
Jan 15 '08 #4
I encountered a similar problem...

My BAT file was executed well on the system, but not from ASP. I didn't got any error, but my BAT file was just.. not executed !

Permissions on folder, cmd.exe and cscript.exe were OK.



I found that using only "cmd / c " is not sufficient.. it needs to be used TWO times !

as is :
Dim oShell
Set oShell = Server.CreateObject("Wscript.Shell")
Call oShell.Run("cmd /c cmd /c """ & BAT_Filename & """")
Set oShell = Nothing
Regards ! Hope it can HELP
Jul 9 '10 #5

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

4 posts views Thread by Jason Shohet | last post: by
3 posts views Thread by emman_54 | last post: by
reply views Thread by Vijay Kumar | last post: by
1 post views Thread by gcdp | last post: by
reply views Thread by gcreed | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.