UNC pathname are as follows for a computer with an administrative share for
the C drive:
\\MACHINENAME\C$\FOLDERSANDFILES
In order for any remote machine to connect to and be able to use this
filepath the remote machine must be able to authenticate as either a local
administrative account or a domain administrative account (if the target
machine has been added to the domain).
Administrative shares can ONLY be accessed by a remote client authenticating
in this manner.
What you have asked for is that an ASP site on a remote machine be able to
use this UNC path to be able to access files and folders on a target
machine. For this to be able to happen, the IIS page MUST run under the same
restraints but in this case it is further restricted - it can only (in
practice) run under a domain administrative account (eg.
DOMAIN\Administrator).
Now ... for this to happen you have tow choices (as already outlined in my
previous post):
1. Enable Integrated Authentication and disable Anonymous Login for the
website so that a visiting user is prompted for their account (eg.
DOMAIN\Administrator). Once this is entered then the ASP site will run as if
that user is logged in and any ASP scripts such as FSO will be able to
access the UNC filepath for the administrative share.
2. Use the Anonymous Login but set the account used (instead of
IUSR_MACHINE) to be DOMAIN\Administrator.
The funny thing is that you are aware of administrative shares but seem to
have no concept of domain or groups security principals which leads me to
believe that you are trying to run before you can walk. A lot of damage can
be done to a networks security if you start throwing domain administrative
logins around and use them indiscriminately.
My suggestion is that you find an easier way to achieve what you want using
normal methods. You are aware that you can just access these files in
Windows Explorer if you are logged in with the relevant account from any
computer by just typing the UNC path into the 'Run As' box?
Hope this helps and please don't take my comments too personally. I
appreciate what you might be trying to achieve but think you may be going
down a route that will only lead to issues and dead-ends.
Chris.
Users certainly does not need to connect to an ASP page to access something
on their local drive where they had administrative access. Actually in my
explaination user has nothing to do with this ASP page, even they do not
know about it. This ASP page is for the Administrators who want to control
the all the coming and going files on the users' computers. I can do it by
mapping the administrative shares of the all user computers in the
administrator's computer but I want to control the users' computers' files
by pressing a button in my ASP generated page, and all the controls will be
done by ASP then I will see the results on the screen.
By the way, if I can set the security settings of my IIS in a proper way
that makes me Administrator on the all local computers, how can I handle to
list the files on the local computer computer by using ASP. How should I
connect?
Roland Hall said:
in message : Thank you for giving useful informations but probably I explain the
problem
: wrongly. My English is not so good so I'll write the problem a basic way.
We
: can think about a network which have only two computers. One of them is
mine
: (which is administrator computer) and the other is user computer. In my
: computer, I run ISS but the user computer does not. So ASP application is
: located in the my computer which has to connect the user's computer's
: administrative shares with a password and list the files in c$. Changing
any
: setttings of user computer is not useful for me because it will be
formatted
: and installed new windows 2000 or xp periodically.
:
: How can I connect in the explained way with ASP. Is there any connection
: object that can handle the connection to a computer through network, for
: example. If the information in your replies can solve the problem, I am
: totally sorry but cannot understand. Please make the answer easy for me.
Only Administrators can connect to administrative shares.
Untested, if you set your 'IIS' [not ISS] security settings to Integrated
and the user was logged on with their domain account and their domain user
account had Admin rights to their system, AND you had a virtual
directory
to
their computer using the their administrative share, would you then have the
access you need?
However, it begs the question of why would a user need to connect to an ASP
page to access something on their local drive where they had administrative
access?
--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center -
http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation -
http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library -
http://msdn.microsoft.com/library/default.asp