Run CACLS from an ASP page?

Prev: Formatting Generated SQL Statements
Next: Quick test for ActiveX?

From: MacMan0295 on 7 Jan 2009 17:30

---

Trying to run the following in an ASP page and cannot get it to work. I get
a return code 255. Trying to assign an ACL to a folder. I am running this
under my domain username so I know I have sufficient rights. I take the
strCmd and write it to the page to verify the command is correct and it is,
because I copy and paste it into a command window and it works.

Any ideas???

***** Code *****
Dim wshell, intReturn
set wshell = server.createobject("wscript.shell")
strCmd = "cacls.exe " & folderPath & " /e /c /g " & groupName & ":C"
response.write "<br>This is the command string: " & strCmd
intReturn = wshell.run("%COMSPEC% /c Echo Y| " & strCmd,0,True)
***** Code *****

From: Steve on 8 Jan 2009 11:56

---

When you say that you are "running it under your domain user name", do
you mean that you are running it after passing NT Anthentication
through your browser?

I remember that shelling out side the web root used to be a HUGE
security hole that MS fixed ~7 years ago. I once wrote an app, that
would shell out commands, ran under system context, and could have
done significant damage before they fixed the hole.

-Steve


On Jan 7, 5:30 pm, MacMan0295 <MacMan0...(a)discussions.microsoft.com>
wrote:
> Trying to run the following in an ASP page and cannot get it to work.  I get
> a return code 255.  Trying to assign an ACL to a folder.  I am running this
> under my domain username so I know I have sufficient rights.  I take the
> strCmd and write it to the page to verify the command is correct and it is,
> because I copy and paste it into a command window and it works.  
>
> Any ideas???
>
> *****   Code   *****
> Dim wshell, intReturn
> set wshell = server.createobject("wscript.shell")
> strCmd = "cacls.exe " & folderPath & " /e /c /g " & groupName & ":C"
> response.write "<br>This is the command string:  " & strCmd
> intReturn = wshell.run("%COMSPEC% /c Echo Y| " & strCmd,0,True)
> *****   Code   *****

From: MacMan0295 on 8 Jan 2009 13:46

---

I believe I got the command to finally run, here is what I changed:

***** Code *****
Dim WshShell, intReturn
Set WshShell = Server.CreateObject("WScript.Shell")
strCmd = "icacls.exe " & folderPath & " /grant " & groupName & ":(OI)(CI)(M)"
response.write "<br>This is the command string: " & strCmd
Set intReturn = WshShell.Exec(strCmd)
Do While intReturn.Status <> 0
Loop
stdOutText = intReturn.stdout.ReadAll
Response.Write "<br>" & stdOutText
***** Code *****

After running this I now get this: "Successfully processed 0 files; Failed
processing 1 files"

I think it is a permission thing, but not sure where to set it. I tried
adding my domain id to the anonymous section, but that did not work. Any
ideas?

--Craig

"Steve" wrote:

> When you say that you are "running it under your domain user name", do
> you mean that you are running it after passing NT Anthentication
> through your browser?
>
> I remember that shelling out side the web root used to be a HUGE
> security hole that MS fixed ~7 years ago. I once wrote an app, that
> would shell out commands, ran under system context, and could have
> done significant damage before they fixed the hole.
>
> -Steve
>
>
> On Jan 7, 5:30 pm, MacMan0295 <MacMan0...(a)discussions.microsoft.com>
> wrote:
> > Trying to run the following in an ASP page and cannot get it to work. I get
> > a return code 255. Trying to assign an ACL to a folder. I am running this
> > under my domain username so I know I have sufficient rights. I take the
> > strCmd and write it to the page to verify the command is correct and it is,
> > because I copy and paste it into a command window and it works.
> >
> > Any ideas???
> >
> > ***** Code *****
> > Dim wshell, intReturn
> > set wshell = server.createobject("wscript.shell")
> > strCmd = "cacls.exe " & folderPath & " /e /c /g " & groupName & ":C"
> > response.write "<br>This is the command string: " & strCmd
> > intReturn = wshell.run("%COMSPEC% /c Echo Y| " & strCmd,0,True)
> > ***** Code *****
>
>

From: Steve on 8 Jan 2009 15:36

---

Well, a good way to tell the process under which the your app is
running (assuming you have physical/terminal service access to the
server) would be to modify your code from this:

strCmd = "icacls.exe " & folderPath & " /grant " & groupName & ":(OI)
(CI)(M)"

to this:

strCmd = "calc.exe" 'This is the windows calculator program

Then make a copy the windows calculator program (C:\WINDOWS
\System32\calc.exe) and paste it in the same location as your asp
file. Run the page and open Task Manager to the Processes tab. In
task manager, select "Show processes from all users". calc.exe should
show up in the "Image Name" column and it should display the user name
of the account it is running under. When I did this on my local XP
machine, the account it was running under was IWAM_<machine name>.

That is the account that you need to give permissions to (which is not
reccommended due to security issues).

On Jan 8, 1:46 pm, MacMan0295 <MacMan0...(a)discussions.microsoft.com>
wrote:
> I believe I got the command to finally run, here is what I changed:
>
> *****   Code   *****
> Dim WshShell, intReturn
> Set WshShell = Server.CreateObject("WScript.Shell")
> strCmd = "icacls.exe " & folderPath & " /grant " & groupName & ":(OI)(CI)(M)"
> response.write "<br>This is the command string:  " & strCmd
> Set intReturn = WshShell.Exec(strCmd)
> Do While intReturn.Status <> 0
> Loop
> stdOutText = intReturn.stdout.ReadAll
> Response.Write "<br>" & stdOutText
> *****   Code   *****
>
> After running this I now get this: "Successfully processed 0 files; Failed
> processing 1 files"
>
> I think it is a permission thing, but not sure where to set it.  I tried
> adding my domain id to the anonymous section, but that did not work.  Any
> ideas?
>
> --Craig
>
>
>
> "Steve" wrote:
> > When you say that you are "running it under your domain user name", do
> > you mean that you are running it after passing NT Anthentication
> > through your browser?
>
> > I remember that shelling out side the web root used to be a HUGE
> > security hole that MS fixed ~7 years ago. I once wrote an app, that
> > would shell out commands, ran under system context, and could have
> > done significant damage before they fixed the hole.
>
> > -Steve
>
> > On Jan 7, 5:30 pm, MacMan0295 <MacMan0...(a)discussions.microsoft.com>
> > wrote:
> > > Trying to run the following in an ASP page and cannot get it to work.  I get
> > > a return code 255.  Trying to assign an ACL to a folder.  I am running this
> > > under my domain username so I know I have sufficient rights.  I take the
> > > strCmd and write it to the page to verify the command is correct and it is,
> > > because I copy and paste it into a command window and it works.  
>
> > > Any ideas???
>
> > > *****   Code   *****
> > > Dim wshell, intReturn
> > > set wshell = server.createobject("wscript.shell")
> > > strCmd = "cacls.exe " & folderPath & " /e /c /g " & groupName & ":C"
> > > response.write "<br>This is the command string:  " & strCmd
> > > intReturn = wshell.run("%COMSPEC% /c Echo Y| " & strCmd,0,True)
> > > *****   Code   *****- Hide quoted text -
>
> - Show quoted text -

From: Steve on 8 Jan 2009 16:04

---

BTW: You'll have to stop that calc.exe process manually in task
manager to get rid of it.

-Steve

 | 
Pages: 1
Prev: Formatting Generated SQL Statements
Next: Quick test for ActiveX?