Re: lan file access with perl cgi scripts under iis 5.0
From: x y (jamescagney90210@excite.com)
Date: 06/20/02
- Next message: Christopher D. Wiederspan: "Blocking Foreign IP Addresses"
- Previous message: x y: "Re: iusr not running scripts"
- In reply to: Jeff Cochran: "Re: lan file access with perl cgi scripts under iis 5.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "x y" <jamescagney90210@excite.com> Date: Wed, 19 Jun 2002 19:17:03 -0400
Yes... this will probably involve adding a local IUSR account to the remote
PC, and setting IIS to not control the password for the anonymous iusr
account, then setting the password yourself to match on both computers and
in IIS. You might also enable security auditing of file access failure on
both computers and then check the windows security log to confirm that it is
the IUSR account and not the IWAM account that is being denied access. If
the IIS MMC properties for the folder containing the script have
"application isolation" set to high and maybe medium, the IWAM account might
be in use.
If you wish to keep using the IWAM account, you'll want to find out what the
IWAM password is or set it yourself. You can find out the password by
running l0phtcrack from www.l0pht.com, or for free you can run the [I think
it's called] adsutil.vbs file that should be on the IIS computer. Search
www.microsoft.com/support for "adsutil iwam" to get instructions on how to
run adsutil to get or set the IWAM password. if you change the password for
the IWAM account, you also need to change it in the IIS metabase using the
adsutil.vbs command.
<jcochran at naplesgov dot com (Jeff Cochran)> wrote in message
news:3d15d5cc.84503329@news.supernews.com...
> >i wrote a perl cgi script that manages files on my lan.
> >running as a standalone script, it works perfectly.
> >however, when i run it from a web page under iis, it can't
> >find any files on another computer on the lan. first i
> >tried opening the files with UNC specs (which also worked
> >perfectly as a standalone), then i tried mapping the
> >appropriate folders to network drives and trying it that
> >way (also works on standalone). however, neither method
> >will work through iis. it's not a permission problem, as
> >far as i can tell, as it runs as a user with the
> >appropriate permissions, and the script has access to all
> >the files on the hosting computer, but the script can't
> >seem to access any lan files. i appreciate this as a
> >security *feature* but the conditions under which i do
> >this are not so severe. is there any way around this? is
> >there some way that i can tell iis it's ok to allow access
> >to lan files?
>
> The user context your script runs in is likely the IUSR account. By
> default, it doesn't have permissions on your other system or files.
> Configure the appropriate Windows/NTFS permissions and it will work.
>
> Jeff
- Next message: Christopher D. Wiederspan: "Blocking Foreign IP Addresses"
- Previous message: x y: "Re: iusr not running scripts"
- In reply to: Jeff Cochran: "Re: lan file access with perl cgi scripts under iis 5.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
