David
Mon Oct 31 20:49:20 CST 2005
Is the EXE launched via CreateProcess*() or via shell() using CMD.EXE.
By default, on Windows Server 2003, only administrators can authenticate via
IIS6 to launch anything using CMD.EXE. No such additional restriction if
using CreateProcess to launch the EXE, and the restriction is not placed on
interactive login user tokens (hence it works from commandline and static
non-web program but not when invoked via IIS - IIS launches CGI via
CreateProcess after performing WebServiceExtension check).
There is nothing configurable within IIS6; this is totally based on ACLs as
a part of Windows Server 2003 overall security lockdown to prevent remote
users from the web from ever using creating a shell on the server.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Karl Geppert" <karlg@chemwatch.net> wrote in message
news:%23vFPknn3FHA.700@TK2MSFTNGP15.phx.gbl...
We have an web-package that is driven from CGI .exe's on the server
written in Delphi. This works fine, starting the CGI's from a URL.
However, one of our search processes needs to, if it receives a
particular search key, run a separate exe to do a molecular substructure
search. The exe is written in Visual C++.
In IIS5 and Apache this works correctly and performs the search. From
the command line and a static non-web program, the program works fine in
Win2K3. In IIS6 however, the second-level cgi.exe is never started.
Can anyone cast any light on what permissions might be controlling this,
and if there is something configurable which might fix this? We need to
roll the new version out in the next two weeks, and are going to get a
lot of questions from IIS6 web-server operators.
Karl
karlg@chemwatch.net