Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

access is denied launching cscript from batchfile in asp

158 views
Skip to first unread message

Gary Dryden

unread,
Jul 31, 2002, 1:47:00 PM7/31/02
to
Hi,

I have an ASP page as follows:

<%@ language=javascript %>
<html>
<body>

<%
var Shell = Server.CreateObject("WScript.Shell");
var Path=Server.MapPath(".");
var Cmd = Path+"\\test.bat >c:\\testxxx.txt";
Response.Write(Cmd+"<br>\n");
Shell.Run(Cmd, 0, false);
%>

</body>
</html>

It launches this batch file:

dir p:\
cscript

The resulting file c:\\testxxx.txt contains:


C:\WINNT\system32>dir p:\
Volume in drive P has no label.
Volume Serial Number is 98C8-C47C

Directory of p:\

07/29/2002 09:50a <DIR> .
...
07/05/2002 09:01p 2,693,002 zippp20020705.zip
30 File(s) 34,471,151 bytes
31 Dir(s) 7,731,599,872 bytes free

C:\WINNT\system32>cscript
CScript Error: Loading your settings failed. (Access is denied.
)

The virtual directory containing test.asp does not allow anonymous access,
so when the page is run you are forced to login.

I have read and implemented this:
http://support.microsoft.com/support/kb/articles/q221/0/81.asp
HOWTO: Use Windows Script Host Scripts as CGI Scripts

Although I would think that the above applies to IUSR_????? and anonymous
access.

As you can see from the output, the scripting engine will not run.

Any ideas.
TIA

gary

Atrax _

unread,
Aug 1, 2002, 3:56:11 AM8/1/02
to
if you just run cscript, this is all you get

---------------------------------------------------
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Usage: CScript scriptname.extension [option...] [arguments...]

Options:
//B Batch mode: Suppresses script errors and prompts from
displaying
//D Enable Active Debugging
//E:engine Use engine for executing script
//H:CScript Changes the default script host to CScript.exe
//H:WScript Changes the default script host to WScript.exe (default)
//I Interactive mode (default, opposite of //B)
//Job:xxxx Execute a WSF job
//Logo Display logo (default)
//Nologo Prevent logo display: No banner will be shown at execution
time
//S Save current command line options for this user
//T:nn Time out in seconds: Maximum time a script is permitted to
run
//X Execute script in debugger
//U Use Unicode for redirected I/O from the console

---------------------------------------------------


have you tried actually running a script, instead of just calling the
'help'?

function String.prototype.r(){// Javascript rot13 en/decipherment. run
me for Atrax's signature
var a='nopqrstuvwxyz';var b='abcdefghijklm';var j='/:.'+a+b;var
k='/:.'+b+a;var l='';
for(var
x=0;x<this.length;x++){l+=k.charAt(j.indexOf(this.charAt(x)));}return l;
} alert("uggc://jjj.ernqgurshpxvatznahny.pb.hx/".r()); // Atrax, MVP
2002.

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Gary Dryden

unread,
Aug 1, 2002, 10:46:36 AM8/1/02
to
I was just giving a minimal example.
The point is that cscript does not launch because
of a permission problem.
I am hoping that someone has already been here before and
can advise.

Mitchell Krog

unread,
Oct 4, 2002, 1:03:05 PM10/4/02
to
There is a very handy (free) ASP object called ASPExec
http://www.serverobjects.com/products.htm

I use it all the time for scripting as I run various batch files for admin
tasks.

Make sure you set NTFS permission to the object ONLY for the username under
which context the site is running. Run the site as an Isolated process and
set the same username and password on the COM+ object created for the site
in Component Manager. Only use Windows Authentication on the site, not basic
auth or it will not work. (trust me)

Whatever you do, DO NOT allow IUSR permissions to this object, in fact add
IUSER to the NTFS permissions for this dll and specify DENY. Your site must
not access your ASP scripts and objects as an IUSER .... you must run them
all as an authenticated user (Administrator) In other words when you open
your site it must ask you for "username, password, domain" .. oh yeah also
remove "allow anonymous user" from the website .... if you are running any
type of admin scripts that run batch files etc .. you certainly cannot allow
IUSER any type of access at all.

Oh ... to make sure your web site is properly configured security wise ...
use the following simple ASP script to determine if windows is correctly
detecting your Logon Session"

<%
Dim LoggedOnUser
LoggedOnUser = Request.ServerVariables("LOGON_USER")
Response.Write LoggedOnUser
%>

This should return "MACHINENAME\username"

If you do not get your username showing up correctly, then your web site is
not setup correctly and possible you are using Basic Authentication and not
Windows Authentication ... MUST be windows authentication. I could write a
book about what I learned about running batch files securely in ASP, so as
you can imagine I am not going to go into all the additional security
practices that are needed to secure this, but the above should get you on
your way, the rest is up to you.

Hope it works out for you.
Mitch

"Gary Dryden" <garyd...@hotmail.com> wrote in message
news:c9f0b9ba.02073...@posting.google.com...

0 new messages