Click here to get back home

Application security issue
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Application security issue Dash 05-15-2007
Posted by Dash on May 15, 2007, 2:13 pm
Please log in for more thread options
 On Windows 2k3 SP1 Server I have an FTP server with a Notification service
capable of triggering conditional activity. i.e. sending emails or run a
program when a condition is satisfied. eg. run an unzip script when *.zip is
uploaded.
1. The FTP server log shows it is triggering the script - but nothing
happens. I then had a test file of a .bat which echoed some text and then
paused.
It would not run from the FTP server trigger but ran fine from Start, Run..
2. Finally got it to run from the FTP Server Notify service by setting it up
as a scheduled task under an Admin account and having the Notify service run
the scheduled task.
3. Both the ftp server and the Notify manager are currently running as
services under the 'ftpadmin' account which currently is an Administrator
account (temporarily, I hope)

4. If I then add a line to the test.bat file to call the unzip.vbs the
scheduled task launches the bat file but it exits in a fraction of a second.
This new test.bat functions normally when run from Start, Run ... and
performs the requested unzip function.

It thus appears to me to be a Windows Permissions issue regarding allowing a
program to call another program.

I will much appreciate any comments or suggestions.



Posted by jwgoerlich on May 16, 2007, 8:29 am
Please log in for more thread options
 If the service is running batch jobs, then the user account it runs
under needs permissions to the command prompt.

Find %systemroot%\System32\cmd.exe, right-click, Properties.
Open the Security tab.
Grant your user account [x] Read and [x] Read & Execute permissions.

Regards,

J Wolfgang Goerlich

> On Windows 2k3 SP1 Server I have an FTP server with a Notification service
> capable of triggering conditional activity. i.e. sending emails or run a
> program when a condition is satisfied. eg. run an unzip script when *.zip is
> uploaded.
> 1. The FTP server log shows it is triggering the script - but nothing
> happens. I then had a test file of a .bat which echoed some text and then
> paused.
> It would not run from the FTP server trigger but ran fine from Start, Run..
> 2. Finally got it to run from the FTP Server Notify service by setting it up
> as a scheduled task under an Admin account and having the Notify service run
> the scheduled task.
> 3. Both the ftp server and the Notify manager are currently running as
> services under the 'ftpadmin' account which currently is an Administrator
> account (temporarily, I hope)
>
> 4. If I then add a line to the test.bat file to call the unzip.vbs the
> scheduled task launches the bat file but it exits in a fraction of a second.
> This new test.bat functions normally when run from Start, Run ... and
> performs the requested unzip function.
>
> It thus appears to me to be a Windows Permissions issue regarding allowing a
> program to call another program.
>
> I will much appreciate any comments or suggestions.



Posted by Dash on May 17, 2007, 10:50 pm
Please log in for more thread options
Hello
Unfortunately it seems to be a bit more than that!
Both the ftp server and the notify service are running as services under a
user account, 'ftpadmin' which, until I get this resolved, is an
Administrator acount.
An Administrator account already has Full Control over cmd.exe

When called by the Notify service as a scheduled task and the batch file
only displays a text msg it works - if it tries to run a vbs script it
doesn't.

The batch file with the vbs script runs ok from Start, Run ..
Just not when called from the Notify service!!??

Any thoughts, please - anyone??

Thanks


> If the service is running batch jobs, then the user account it runs
> under needs permissions to the command prompt.
>
> Find %systemroot%\System32\cmd.exe, right-click, Properties.
> Open the Security tab.
> Grant your user account [x] Read and [x] Read & Execute permissions.
>
> Regards,
>
> J Wolfgang Goerlich
>
>> On Windows 2k3 SP1 Server I have an FTP server with a Notification
>> service
>> capable of triggering conditional activity. i.e. sending emails or run a
>> program when a condition is satisfied. eg. run an unzip script when *.zip
>> is
>> uploaded.
>> 1. The FTP server log shows it is triggering the script - but nothing
>> happens. I then had a test file of a .bat which echoed some text and then
>> paused.
>> It would not run from the FTP server trigger but ran fine from Start,
>> Run..
>> 2. Finally got it to run from the FTP Server Notify service by setting it
>> up
>> as a scheduled task under an Admin account and having the Notify service
>> run
>> the scheduled task.
>> 3. Both the ftp server and the Notify manager are currently running as
>> services under the 'ftpadmin' account which currently is an Administrator
>> account (temporarily, I hope)
>>
>> 4. If I then add a line to the test.bat file to call the unzip.vbs the
>> scheduled task launches the bat file but it exits in a fraction of a
>> second.
>> This new test.bat functions normally when run from Start, Run ... and
>> performs the requested unzip function.
>>
>> It thus appears to me to be a Windows Permissions issue regarding
>> allowing a
>> program to call another program.
>>
>> I will much appreciate any comments or suggestions.
>
>



Posted by jwgoerlich on May 18, 2007, 9:42 am
Please log in for more thread options
Since it works under Start > Run, conceivably the Vbscript requires a
desktop to work. Is the script making any calls to Explorer? Can you
post some (or all) of the script?

J Wolfgang Goerlich

> When called by the Notify service as a scheduled task and the batch file
> only displays a text msg it works - if it tries to run a vbs script it
> doesn't.
>
> The batch file with the vbs script runs ok from Start, Run ..
> Just not when called from the Notify service!!??


Similar ThreadsPosted
Win 2003 application access issue - Please Help June 27, 2006, 3:05 pm
Application Level Security January 3, 2006, 9:18 am
Security issue about NTUSER.MAN November 25, 2006, 12:45 pm
Security Issue/Question April 28, 2007, 12:12 am
Folder Security Issue November 1, 2007, 10:53 am
Windows 2003 security issue January 25, 2006, 3:50 am
IIS or directory security issue on 2003 E server January 12, 2007, 9:56 pm
Re: Ntbackup Windows 2003 SP1 issue (VSS/Security) June 13, 2005, 6:37 pm
Re: Ntbackup Windows 2003 SP1 issue (VSS/Security) May 13, 2007, 5:47 pm
Re: Server 2008 Domains - Security issue February 15, 2008, 2:51 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap