Hi,
We have need to run server based .vbs files and other OS commands through
active server pages i.e...
Set oShell = Server.CreateOb ject("WScript.S hell")
oShell.Run("c:\ somecmd.bat",,T rue)
Under Windows 2000 the EVERYONE group had read/execute rights against
cmd.exe. Under 2003 this has been removed and in order to get my .asp file
to execute the cmd shell I must grant the IUSR acct read/execute access to
cmd.exe on the web server.
Is there a better approach or "best practice" to properly secure my web
server and still be able to shell out to cmd.exe from asp?
Thanks for any insights!!!
We have need to run server based .vbs files and other OS commands through
active server pages i.e...
Set oShell = Server.CreateOb ject("WScript.S hell")
oShell.Run("c:\ somecmd.bat",,T rue)
Under Windows 2000 the EVERYONE group had read/execute rights against
cmd.exe. Under 2003 this has been removed and in order to get my .asp file
to execute the cmd shell I must grant the IUSR acct read/execute access to
cmd.exe on the web server.
Is there a better approach or "best practice" to properly secure my web
server and still be able to shell out to cmd.exe from asp?
Thanks for any insights!!!
Comment