Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > File permissions from ASP

Reply
Thread Tools

File permissions from ASP

 
 
ewallig
Guest
Posts: n/a
 
      01-17-2004
Hi all, need help -

As part of a ASP-based AD account creation tool, I need to
set file permissions on the newly-created user's home
folders. I'm using CACLS to do this and calling it from
within the ASP page. The page is used by instructors who
do not have admin rights (OU that they work in has been
delegated to them and they have "Modify" and
various "Special" NTFS permissions on the home share,
including "Change Permissions". I'm running in Integrated
Windows Authentication mode with Anonymous Access disabled.

This has worked fine under W2K for over a year and almost
1400 accounts. However, I rebuilt my server w/ Windows
2003 last week and now it only works for admins. The non-
admins can still create accounts, but they are getting
a "permission denied" on the line of code in the ASP page
that runs the CACLS command.

I've tried a couple of things, including changing the
Application Pool Identity to LocalSystem and ensuring that
Scripts/Executables are selected on the Home Directory
page. I even went as far as invoking IIS5 Isolation Mode
and turning the Process Isolation Level down to Low (what
I had to do in W2K for it to work) but still no success.

Again, it works for anyone w/ admin rights, but thats not
an option. Any thoughts out there? I really need this to
work again - we add 40-80 users a week and its putting me
way behind having to set these permissions, even with a
script.

Thanks as always, please feel free to email me at
http://www.velocityreviews.com/forums/(E-Mail Removed) if you have any questions or
ideas.

 
Reply With Quote
 
 
 
 
Atrax
Guest
Posts: n/a
 
      01-18-2004
I wonder, have you checked the NTFS permisisons on the cacls.exe file
itself?

________________________________________
Atrax. MVP, IIS
http://rtfm.atrax.co.uk/

newsflash : Atrax.Richedit 1.0 now released.
http://rtfm.atrax.co.uk/infinitemonk...trax.RichEdit/

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
 
Reply With Quote
 
 
 
 
ewallig
Guest
Posts: n/a
 
      01-18-2004
Good idea, but if I log on as one of the users and then
run the CACLS command from the CLI, it runs without a
problem - its just having problems running from the web
page.

I had this problem when I was using W2K Server; the
solution was to set the Process Isolation to Low but that
hasn't helped in this case.

Thanks for the input though...

>-----Original Message-----
>I wonder, have you checked the NTFS permisisons on the

cacls.exe file
>itself?
>
>________________________________________
>Atrax. MVP, IIS
>http://rtfm.atrax.co.uk/
>
>newsflash : Atrax.Richedit 1.0 now released.
>http://rtfm.atrax.co.uk/infinitemonk...onents/Atrax.R

ichEdit/
>
>*** Sent via Developersdex http://www.developersdex.com

***
>Don't just participate in USENET...get rewarded for it!
>.
>

 
Reply With Quote
 
ewallig
Guest
Posts: n/a
 
      01-19-2004
OK, more information - I ran FileMon while attempting to
execute the web page under a non-admin user. Here's what I
got:

821 9:15:53 AM inetinfo.exe:3208 IRP MJ_CREATE
C:\WINDOWS\system32\cmd.exe ACCESS DENIED Attributes:
Any Options: Open

This happens everytime a non-admin user tries to run this
page, but not whne an admin runs it - any idea who and
what I need to grant permissions to?


Thanks


>-----Original Message-----
>I wonder, have you checked the NTFS permisisons on the

cacls.exe file
>itself?
>
>________________________________________
>Atrax. MVP, IIS
>http://rtfm.atrax.co.uk/
>
>newsflash : Atrax.Richedit 1.0 now released.
>http://rtfm.atrax.co.uk/infinitemonk...onents/Atrax.R

ichEdit/
>
>*** Sent via Developersdex http://www.developersdex.com

***
>Don't just participate in USENET...get rewarded for it!
>.
>

 
Reply With Quote
 
ewallig
Guest
Posts: n/a
 
      01-19-2004
Hi again,

As it turns out, you were really close with your
suggestion about permissions on CACLS. It turns out that
Windows 2003 / IIS 6 does not implicitly allow access to
external system functions (anything in System32) from a
web page to anyone other than administrators.

So even though my users could access the command prompt
normally and could run CACLS from vbscripts (or from the
CLI) they could not run CACLS from ASP because the code
calls the command prompt to run it.

Adding their groups to the CMD.exe ACL list and giving
them Read and Execute solved the problem.


Thanks again,

Ed Wallig
Network Administrator
GCF Global Learning

>-----Original Message-----
>I wonder, have you checked the NTFS permisisons on the

cacls.exe file
>itself?
>
>________________________________________
>Atrax. MVP, IIS
>http://rtfm.atrax.co.uk/
>
>newsflash : Atrax.Richedit 1.0 now released.
>http://rtfm.atrax.co.uk/infinitemonk...onents/Atrax.R

ichEdit/
>
>*** Sent via Developersdex http://www.developersdex.com

***
>Don't just participate in USENET...get rewarded for it!
>.
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Using File:Stat.mode method to find file permissions in Unix Vikram Sharma Ruby 2 12-01-2008 12:24 PM
In-depth documenation on User Permissions, Group Permissions, ACLs, DCLs etc. Curt K ASP .Net 0 11-03-2006 04:54 PM
Upload file to server via asp without changing file permissions N. Quisitive ASP General 0 01-17-2006 12:33 AM
ASPX file returning obscur runtime error - after changing permissions to a subweb (.net app) to different permissions than on its parent ? Isabelle ASP .Net 0 08-11-2004 02:04 PM
Re: Permissions - giving "everyone" full permissions is bad ? Scott Allen ASP .Net 0 07-13-2004 08:54 PM



Advertisments