start process as impersonated account for NETSH DHCP?

Discussion in 'ASP .Net Security' started by Monroe, Nov 23, 2004.

  1. Monroe

    Monroe Guest

    Am trying to automatically query and update DHCP servers via a web
    application with VB.NET. Testing with a privileged account, defined
    thus in web.config:

    <identity impersonate="true" userName="<domain>\<user>"
    password="<password>" />

    Have also modified machine.config thusly, and restarted IIS (but
    haven't rebooted):

    <processModel enable="true" ... userName="<domain>\<user>"
    password="<password>" />

    I can run NETSH commands interactively when logged in. Also, in code
    below, I confirm that I am impersonating the user rather than running
    as ASPNET. It still seems that the process is running with limited
    rights of ASPNET; output reads: "Unable to determine the DHCP Server
    version for the Server <ip>.Server may not function properly."

    Dim proc As New System.Diagnostics.Process()
    proc.StartInfo.FileName = "netsh"
    proc.StartInfo.Arguments = "dhcp server <ip> show scope"
    proc.StartInfo.WindowStyle =
    System.Diagnostics.ProcessWindowStyle.Hidden
    proc.StartInfo.UseShellExecute = False
    proc.StartInfo.RedirectStandardOutput = True
    proc.Start()
    TextBox1.Text = proc.StandardOutput.ReadToEnd.ToString & " " &
    System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString
    proc.Close()
    proc.Dispose()

    How can I ensure/confirm that the System.Diagnostic.Process is running
    as the impersonated account, and not the parent? Assistance greatly
    appreciated!
     
    Monroe, Nov 23, 2004
    #1
    1. Advertising

  2. Processes created by the Process class will be started with current process
    token's account, not the impersonated account. The thing I don't understand
    is why your ASP.NET worker process is still running as ASPNET as that change
    should have allowed you to accomplish your goal. Is it possible that there
    are multiple versions of the framework installed and you changed the wrong
    config file? Is this IIS 6, 5.1 or 5? 6 doesn't use the processModel
    section but is configured via the MMC in the AppPool settings.

    Another good option I've seen for starting a process as a specific user is
    to use WMI to accomplish this, but I haven't been able to find the code
    sample that was posted here that shows how.

    HTH,

    Joe K.

    "Monroe" <> wrote in message
    news:...
    > Am trying to automatically query and update DHCP servers via a web
    > application with VB.NET. Testing with a privileged account, defined
    > thus in web.config:
    >
    > <identity impersonate="true" userName="<domain>\<user>"
    > password="<password>" />
    >
    > Have also modified machine.config thusly, and restarted IIS (but
    > haven't rebooted):
    >
    > <processModel enable="true" ... userName="<domain>\<user>"
    > password="<password>" />
    >
    > I can run NETSH commands interactively when logged in. Also, in code
    > below, I confirm that I am impersonating the user rather than running
    > as ASPNET. It still seems that the process is running with limited
    > rights of ASPNET; output reads: "Unable to determine the DHCP Server
    > version for the Server <ip>.Server may not function properly."
    >
    > Dim proc As New System.Diagnostics.Process()
    > proc.StartInfo.FileName = "netsh"
    > proc.StartInfo.Arguments = "dhcp server <ip> show scope"
    > proc.StartInfo.WindowStyle =
    > System.Diagnostics.ProcessWindowStyle.Hidden
    > proc.StartInfo.UseShellExecute = False
    > proc.StartInfo.RedirectStandardOutput = True
    > proc.Start()
    > TextBox1.Text = proc.StandardOutput.ReadToEnd.ToString & " " &
    > System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString
    > proc.Close()
    > proc.Dispose()
    >
    > How can I ensure/confirm that the System.Diagnostic.Process is running
    > as the impersonated account, and not the parent? Assistance greatly
    > appreciated!
     
    Joe Kaplan \(MVP - ADSI\), Nov 23, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shawn Anderson
    Replies:
    7
    Views:
    741
    =?Utf-8?B?TWFyayBEdXJlZ29u?=
    Jul 14, 2004
  2. =?Utf-8?B?R3JhbnQgSG9sZG9t?=

    Spawn a process that runs under an Impersonated user

    =?Utf-8?B?R3JhbnQgSG9sZG9t?=, Feb 6, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    604
    Wei-Dong XU [MS]
    Feb 7, 2006
  3. ben
    Replies:
    0
    Views:
    182
  4. Replies:
    3
    Views:
    148
  5. Aldric Giacomoni

    Ruby and DHCP (Net::DHCP maybe)

    Aldric Giacomoni, Dec 5, 2008, in forum: Ruby
    Replies:
    1
    Views:
    386
    Eustáquio Rangel
    Dec 5, 2008
Loading...

Share This Page