David
Thu Jul 01 01:38:06 CDT 2004
What happens if you configure SCPRO.EXE to launch PGP.EXE directly, without
invoking CMD.EXE /C?
The reason I ask is this -- since XP, cmd.exe has several security checks
within it that are quite restrictive. I do not fully understand everything
involved with the security checks, but I can tell you that if you use
CreateProcess to pass the impersonation token of IIS around to CMD.EXE
(which is likely how SCPRO is doing it), you will have problems.
Thus, I'm asking you to either use CreateProcess directly on PGP.EXE, or use
another CreateProcess* call.
For example, IIS6 uses CreateProcessAsUser for CGIs on your behalf to launch
SCPRO.EXE
These checks in cmd.exe are non-configurable and non-negotiable, so you have
to change SCPRO configuration. There's nothing in IIS6 nor Windows Server
2003 to change.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
<anonymous@discussions.microsoft.com> wrote in message
news:2338501c45eb0$20b8bf10$a601280a@phx.gbl...
This is a "FORM" sending tool
>-----Original Message-----
>I have been using a from sending tool by GEOCEL
>called "SCPRO". I have been using it on all the IIS
>servers, but now have a problem on IIS6.0. The way it
>works after filling the form out the submit launches
>SCPRO.EXE which collects the data into a temp file. The
>process SCPRO.EXE launches a executable "PGP.EXE" which
is
>used to encrypt the data from the form and then send it
>back to the SCPRO process which is then emailed to the
>recipient. The problem is, I think, SCPRO.EXE
>launching "PGP.EXE". SCPRO.EXE runs fine without using
the
>encryption trigger. PGP.EXE runs fine from the command
>line. When SCPRO.EXE makes this call:
>
>cmd.exe /c c:\pgp\pgp.exe -feat club006
>
>Is when SCPRO.EXE fails from that point.
>
>Any info on how to configure IIS6 to allow SCPRO.EXE to
>launch PGP.EXE and return the encrypted data to SCPRO.EXE
>would be greatly appreciated.
>
>Thanks, Doug
>
>
>.
>