Need basic help authenticating remote wmi call from an asp webpage

Discussion in 'ASP General' started by Mark, Nov 1, 2007.

  1. Mark

    Mark Guest

    Hi all,
    I am attempting to create a web-page that will check several servers and
    verify that the local admin account has been renamed properly. I've written
    a .vbs (command file) to do it - I have the necessary rights on each
    server - and it works just fine (portion shown below)

    My problem is converting it to an asp web page. When I try, I always get a
    security failure. I've checked and the page is running under a domain id
    with admin rights to the servers. I am assuming its something I just can't
    find the answer to, about the way ASP handles security impersonation. Can
    someone point me to where I need to look?



    Original .vbs code (which works)

    Set WmiObjSet = GetObject("winmgmts:\\" & strComputer)
    Set colItems = WmiObjSet.ExecQuery ("Select * from Win32_Account)


    Code in test.asp which fails with: Permission Denied: 'GetObject'

    Response.Write Request.ServerVariables("LOGON_USER")
    set IPConfigSet = GetObject("winmgmts://xxxxxxxxxxxx").ExecQuery("SELECT
    * from Win32_Account")


    Based on some examples on MSDN, I have also tried (with no luck):

    set IPConfigSet =
    GetObject("winmgmts:{impersonationLevel=impersonate}!//xxxxxxxxxxxx/root/cimv2").ExecQuery("SELECT
    * from Win32_Account")

    set IPConfigSet =
    GetObject("winmgmts:{impersonationLevel=delegate,authority=ntlmdomain:xxxx}//xxxxxxxxxxxx/root/cimv2").ExecQuery("SELECT
    * from Win32_Account")


    Any help would be greatly appreciated
    Mark
     
    Mark, Nov 1, 2007
    #1
    1. Advertising

  2. "Mark" <> wrote in message
    news:...
    > Hi all,
    > I am attempting to create a web-page that will check several servers and
    > verify that the local admin account has been renamed properly. I've

    written
    > a .vbs (command file) to do it - I have the necessary rights on each
    > server - and it works just fine (portion shown below)
    >
    > My problem is converting it to an asp web page. When I try, I always get a
    > security failure. I've checked and the page is running under a domain id
    > with admin rights to the servers. I am assuming its something I just can't
    > find the answer to, about the way ASP handles security impersonation. Can
    > someone point me to where I need to look?
    >
    >
    >
    > Original .vbs code (which works)
    >
    > Set WmiObjSet = GetObject("winmgmts:\\" & strComputer)
    > Set colItems = WmiObjSet.ExecQuery ("Select * from Win32_Account)
    >
    >
    > Code in test.asp which fails with: Permission Denied:

    'GetObject'
    >
    > Response.Write Request.ServerVariables("LOGON_USER")
    > set IPConfigSet =

    GetObject("winmgmts://xxxxxxxxxxxx").ExecQuery("SELECT
    > * from Win32_Account")
    >
    >
    > Based on some examples on MSDN, I have also tried (with no luck):
    >
    > set IPConfigSet =
    >

    GetObject("winmgmts:{impersonationLevel=impersonate}!//xxxxxxxxxxxx/root/cim
    v2").ExecQuery("SELECT
    > * from Win32_Account")
    >
    > set IPConfigSet =
    >

    GetObject("winmgmts:{impersonationLevel=delegate,authority=ntlmdomain:xxxx}/
    /xxxxxxxxxxxx/root/cimv2").ExecQuery("SELECT
    > * from Win32_Account")
    >
    >
    > Any help would be greatly appreciated


    You say "I've checked and the page is running under a domain id with admin
    rights to the servers". How have you done that?

    What happens if you turn off anonymous access and turn on Windows
    intergrated then visit the page using the same logon credentials you used in
    script testing?

    --
    Anthony Jones - MVP ASP/ASP.NET
     
    Anthony Jones, Nov 3, 2007
    #2
    1. Advertising

  3. Mark

    Mark Guest

    Anthony, thanks for responding.
    The website uses Windows integrated authentication and I placed a

    Response.Write Request.ServerVariables("LOGON_USER")

    in the code, it shows that my id running the page is the domain account with
    admin rights over both the webserver and the server I am trying to attach
    to.

    I'm fairly confident the code is right, if I remove the remote server name
    the code runs just fine. I tried the sample code found at
    http://msdn2.microsoft.com/en-us/library/aa389395.aspx but it gives the same
    error if I try to run it against a remote computer, which implies I have
    some kind of environment setting incorrect or I don't have the remoteserver
    syntax exactly correct. A missing group from some local security policy or
    registry key is my fear.

    I created a web.config and added <identity impersonate="true" /> based on
    http://support.microsoft.com/kb/307901 but it hasn't helped.

    I guess WMI just won't run remotely from inside of a web page - probably a
    security thing - and I will have to go back to batch files.

    Mark




    "Anthony Jones" <> wrote in message
    news:...
    > "Mark" <> wrote in message
    > news:...
    >> Hi all,
    >> I am attempting to create a web-page that will check several servers and
    >> verify that the local admin account has been renamed properly. I've

    > written
    >> a .vbs (command file) to do it - I have the necessary rights on each
    >> server - and it works just fine (portion shown below)
    >>
    >> My problem is converting it to an asp web page. When I try, I always get
    >> a
    >> security failure. I've checked and the page is running under a domain id
    >> with admin rights to the servers. I am assuming its something I just
    >> can't
    >> find the answer to, about the way ASP handles security impersonation. Can
    >> someone point me to where I need to look?
    >>
    >>
    >>
    >> Original .vbs code (which works)
    >>
    >> Set WmiObjSet = GetObject("winmgmts:\\" & strComputer)
    >> Set colItems = WmiObjSet.ExecQuery ("Select * from Win32_Account)
    >>
    >>
    >> Code in test.asp which fails with: Permission Denied:

    > 'GetObject'
    >>
    >> Response.Write Request.ServerVariables("LOGON_USER")
    >> set IPConfigSet =

    > GetObject("winmgmts://xxxxxxxxxxxx").ExecQuery("SELECT
    >> * from Win32_Account")
    >>
    >>
    >> Based on some examples on MSDN, I have also tried (with no luck):
    >>
    >> set IPConfigSet =
    >>

    > GetObject("winmgmts:{impersonationLevel=impersonate}!//xxxxxxxxxxxx/root/cim
    > v2").ExecQuery("SELECT
    >> * from Win32_Account")
    >>
    >> set IPConfigSet =
    >>

    > GetObject("winmgmts:{impersonationLevel=delegate,authority=ntlmdomain:xxxx}/
    > /xxxxxxxxxxxx/root/cimv2").ExecQuery("SELECT
    >> * from Win32_Account")
    >>
    >>
    >> Any help would be greatly appreciated

    >
    > You say "I've checked and the page is running under a domain id with
    > admin
    > rights to the servers". How have you done that?
    >
    > What happens if you turn off anonymous access and turn on Windows
    > intergrated then visit the page using the same logon credentials you used
    > in
    > script testing?
    >
    > --
    > Anthony Jones - MVP ASP/ASP.NET
    >
    >
     
    Mark, Nov 5, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mrwoopey
    Replies:
    3
    Views:
    9,647
    mrwoopey
    Jun 30, 2003
  2. Ken Tucker
    Replies:
    0
    Views:
    1,702
    Ken Tucker
    Jul 5, 2003
  3. Brent Waldrop

    Trouble authenticating to Remote SQL Server

    Brent Waldrop, Nov 23, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    648
    brent
    Nov 23, 2004
  4. davidj411
    Replies:
    7
    Views:
    3,383
    Tim Golden
    Oct 8, 2009
  5. soren625
    Replies:
    2
    Views:
    412
    soren625
    Dec 12, 2006
Loading...

Share This Page