Run CACLS from an ASP page?

M

MacMan0295

Trying to run the following in an ASP page and cannot get it to work. I get
a return code 255. Trying to assign an ACL to a folder. I am running this
under my domain username so I know I have sufficient rights. I take the
strCmd and write it to the page to verify the command is correct and it is,
because I copy and paste it into a command window and it works.

Any ideas???

***** Code *****
Dim wshell, intReturn
set wshell = server.createobject("wscript.shell")
strCmd = "cacls.exe " & folderPath & " /e /c /g " & groupName & ":C"
response.write "<br>This is the command string: " & strCmd
intReturn = wshell.run("%COMSPEC% /c Echo Y| " & strCmd,0,True)
***** Code *****
 
S

Steve

When you say that you are "running it under your domain user name", do
you mean that you are running it after passing NT Anthentication
through your browser?

I remember that shelling out side the web root used to be a HUGE
security hole that MS fixed ~7 years ago. I once wrote an app, that
would shell out commands, ran under system context, and could have
done significant damage before they fixed the hole.

-Steve
 
M

MacMan0295

I believe I got the command to finally run, here is what I changed:

***** Code *****
Dim WshShell, intReturn
Set WshShell = Server.CreateObject("WScript.Shell")
strCmd = "icacls.exe " & folderPath & " /grant " & groupName & ":(OI)(CI)(M)"
response.write "<br>This is the command string: " & strCmd
Set intReturn = WshShell.Exec(strCmd)
Do While intReturn.Status <> 0
Loop
stdOutText = intReturn.stdout.ReadAll
Response.Write "<br>" & stdOutText
***** Code *****

After running this I now get this: "Successfully processed 0 files; Failed
processing 1 files"

I think it is a permission thing, but not sure where to set it. I tried
adding my domain id to the anonymous section, but that did not work. Any
ideas?

--Craig
 
S

Steve

Well, a good way to tell the process under which the your app is
running (assuming you have physical/terminal service access to the
server) would be to modify your code from this:

strCmd = "icacls.exe " & folderPath & " /grant " & groupName & ":(OI)
(CI)(M)"

to this:

strCmd = "calc.exe" 'This is the windows calculator program

Then make a copy the windows calculator program (C:\WINDOWS
\System32\calc.exe) and paste it in the same location as your asp
file. Run the page and open Task Manager to the Processes tab. In
task manager, select "Show processes from all users". calc.exe should
show up in the "Image Name" column and it should display the user name
of the account it is running under. When I did this on my local XP
machine, the account it was running under was IWAM_<machine name>.

That is the account that you need to give permissions to (which is not
reccommended due to security issues).
 
S

Steve

BTW: You'll have to stop that calc.exe process manually in task
manager to get rid of it.

-Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top