Re: How do I request user right: SeShutdownPrivilege

Great! Simply great! Danke J. Goerlich!

I am currently studying the objWMIService object to see what else I can do
with it...
(this is the Visual Studio Document Explorer's address)
ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.en/wmisdk/wmi/wmi_tasks__computer_hardware.htm

I hope to find a way to logoff a single Terminal Server user given the
session ID or to reset the session - just like:
rwinsta.exe 1 /v
but this command is suffering the same Access Denied (5) error like
"shutdown.exe /s /t 300" is.

After that I will be able to build a simple administration web site.

And thank You for the security advices too!
I use System and Administrators (allow full) for the directury;
I don't know if Integrated Windows Authentication will work behind
router/NAT/firewall from the internet side. I also don't know if a Linux
machine will be able to login with it. This is why I usually relay only on
Plain Text Authentication; require SSL; require 128 bit encription - just to
make it secure.

I don't know if Integrated Windows Authentication has any advantages,
because I haven't studied it into details yet.


George Valkov


<jwgoerlich@xxxxxxxxx> wrote in message
news:1184346133.374242.201700@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| Here is what I did to perform a remote reboot via ASP on IIS 6 /
| Windows 2003:
|
| 1) Configure on the file system.
|
| Under your wwwroot folder, (C:\Inetpub\wwwroot by default), create a
| reboot folder.
| Right-click the folder, Properties.
|
| Security tab ->
| Click [Advanced] and uncheck [ ] Allow inheritable permissions
| Click [Copy] when prompted
| Remove all but Administrators
|
| 2) Configure in IIS.
|
| Open IIS Manager, Default Web Site, right-click reboot, Properties.
|
| Directory tab ->
| Execute Permissions: Scripts only
|
| Documents tab ->
| [x] Enable default content page
| Default.asp
|
| Directory Security tab ->
| Click [Edit] under Authentication and access control
| Uncheck everything, then check only [x] Integrated Windows
| authentication
|
| 3) Create the ASP page
|
| On the file system, create a file called default.asp under the reboot
| folder.
|
| <%
|
| Response.write "<html>Rebooting now!</html>"
|
| strPath = "winmgmts:{impersonationLevel=impersonate,(Shutdown)}\\.\root
| \cimv2"
| strQuery = "Select * from Win32_OperatingSystem"
|
| Set objWMIService = GetObject(strPath)
| Set colOperatingSystems = objWMIService.ExecQuery(strQuery)
|
| For Each objOperatingSystem in colOperatingSystems
| objOperatingSystem.Win32Shutdown(6) 'Restart
| Next
|
| %>
|
| Now browse to http://yourcomputer/reboot/. If your computer is not in
| the Intranet Zone, you will be prompted to login. Use an Administrator-
| level account. Once logged in, the computer will reboot.
|
| Hope that helps.
|
| J Wolfgang Goerlich
|
| On Jul 13, 8:21 am, "George Valkov" <a...@xxxxx> wrote:
| > Windows 2003 server SP2 enterprise,
| > IIS, ASP enabled, execute mode: script and executables.
| >
| > How do I request this user right:
| > SeShutdownPrivilege
| > I do not seem to have it, when I run an ASP script on the server
| > as Asministrator. I want to restart the server from ASP.
| >
| > Please give me either ASP or C++ implementation how to request
| > this user right... And thank You for any good web link too!
| >
| > // details:
| > // login as administrator to local web site and GET:
| > //http://localhost/restart_test.exe
| > // Shutdown in progress dialog box is displayed on server's console.
| > // this is the desired behaviour, but I want to do it from ASP.
| >
| > // login as administrator to local web site and GET:
| > //http://localhost/test.asp
| >
| > // in the ASP I execute this server side script:
| > var WshShell=Server.CreateObject("WScript.Shell");
| >
| > WshShell.Exec("C:\\Inetpub\\restart_test.exe");
| >
| > var stdOutText=objCmd2.StdOut.Readall();
| > response.write(stdOutText);
| >
| > // source code for restart_test.cpp
| > InitiateSystemShutdown(NULL, NULL, 300, false, true);
| > printf("[errorCode=%d]", GetLastError());
| >
| > // The web page returns:
| > // [errorCode=5] // 5 = Access Denied
| >
| > // this means that I am missing this right:
| > // SeShutdownPrivilege
|
|


.

Relevant Pages

  • Re: How do I request user right: SeShutdownPrivilege
    ... The objWMIService object seems like a good starting point for may things :-) ... Especially with the MSDN documentation on the second monitor;-) ... Here is the source code to reset a terminal session from an ASP script: ... || Here is what I did to perform a remote reboot via ASP on IIS 6 / ...
    (microsoft.public.windows.server.security)
  • Re: Remote Web Workplace working only for domain admins
    ... ASP worked immediately! ... I didn't even have to reboot. ... > MVPs Do Not Work for Microsoft ... >> get to the initial login page. ...
    (microsoft.public.windows.server.sbs)
  • Re: How do I request user right: SeShutdownPrivilege
    ... Here is what I did to perform a remote reboot via ASP on IIS 6 / ... Configure in IIS. ... Open IIS Manager, Default Web Site, right-click reboot, Properties. ...
    (microsoft.public.windows.server.security)
  • Re: script to lockout user account
    ... I have a ASP application with an admin interface protected by ... integrated windows authentication. ... The need is to disallow access for ... You are probably looking at ADSI or WSH for doing that. ...
    (microsoft.public.windows.server.sbs)
  • problems with asp and rebooting the server
    ... start and the web site is down until I reregister asp service. ... This error can be caused when the worker process account has ... It's a standard way of registering ASP.NET with IIS server. ... > Does anyone have any idea why I have to do this every time I reboot. ...
    (microsoft.public.dotnet.framework.aspnet)