|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Need basic help authenticating remote wmi call from an asp webpage
I am attempting to create a web-page that will check several servers and verify that the local admin account has been renamed properly. I've written a .vbs (command file) to do it - I have the necessary rights on each server - and it works just fine (portion shown below) My problem is converting it to an asp web page. When I try, I always get a security failure. I've checked and the page is running under a domain id with admin rights to the servers. I am assuming its something I just can't find the answer to, about the way ASP handles security impersonation. Can someone point me to where I need to look? Original .vbs code (which works) Set WmiObjSet = GetObject("winmgmts:\\" & strComputer) Set colItems = WmiObjSet.ExecQuery ("Select * from Win32_Account) Code in test.asp which fails with: Permission Denied: 'GetObject' Response.Write Request.ServerVariables("LOGON_USER") set IPConfigSet = GetObject("winmgmts://xxxxxxxxxxxx").ExecQuery("SELECT * from Win32_Account") Based on some examples on MSDN, I have also tried (with no luck): set IPConfigSet = GetObject("winmgmts:{impersonationLevel=impersonate}!//xxxxxxxxxxxx/root/cimv2").ExecQuery("SELECT * from Win32_Account") set IPConfigSet = GetObject("winmgmts:{impersonationLevel=delegate,authority=ntlmdomain:xxxx}//xxxxxxxxxxxx/root/cimv2").ExecQuery("SELECT * from Win32_Account") Any help would be greatly appreciated Mark Show quote
"Mark" <mark_but***@verizon.net> wrote in message GetObject("winmgmts://xxxxxxxxxxxx").ExecQuery("SELECTnews:8F335599-ADDE-4525-9986-10C3DBEB6CC4@microsoft.com... > Hi all, > I am attempting to create a web-page that will check several servers and > verify that the local admin account has been renamed properly. I've written > a .vbs (command file) to do it - I have the necessary rights on each > server - and it works just fine (portion shown below) > > My problem is converting it to an asp web page. When I try, I always get a > security failure. I've checked and the page is running under a domain id > with admin rights to the servers. I am assuming its something I just can't > find the answer to, about the way ASP handles security impersonation. Can > someone point me to where I need to look? > > > > Original .vbs code (which works) > > Set WmiObjSet = GetObject("winmgmts:\\" & strComputer) > Set colItems = WmiObjSet.ExecQuery ("Select * from Win32_Account) > > > Code in test.asp which fails with: Permission Denied: 'GetObject' > > Response.Write Request.ServerVariables("LOGON_USER") > set IPConfigSet = > * from Win32_Account") GetObject("winmgmts:{impersonationLevel=impersonate}!//xxxxxxxxxxxx/root/cim> > > Based on some examples on MSDN, I have also tried (with no luck): > > set IPConfigSet = > v2").ExecQuery("SELECT > * from Win32_Account") GetObject("winmgmts:{impersonationLevel=delegate,authority=ntlmdomain:xxxx}/> > set IPConfigSet = > /xxxxxxxxxxxx/root/cimv2").ExecQuery("SELECT > * from Win32_Account") You say "I've checked and the page is running under a domain id with admin> > > Any help would be greatly appreciated rights to the servers". How have you done that? What happens if you turn off anonymous access and turn on Windows intergrated then visit the page using the same logon credentials you used in script testing? -- Anthony Jones - MVP ASP/ASP.NET Anthony, thanks for responding.
The website uses Windows integrated authentication and I placed a Response.Write Request.ServerVariables("LOGON_USER") in the code, it shows that my id running the page is the domain account with admin rights over both the webserver and the server I am trying to attach to. I'm fairly confident the code is right, if I remove the remote server name the code runs just fine. I tried the sample code found at http://msdn2.microsoft.com/en-us/library/aa389395.aspx but it gives the same error if I try to run it against a remote computer, which implies I have some kind of environment setting incorrect or I don't have the remoteserver syntax exactly correct. A missing group from some local security policy or registry key is my fear. I created a web.config and added <identity impersonate="true" /> based on http://support.microsoft.com/kb/307901 but it hasn't helped. I guess WMI just won't run remotely from inside of a web page - probably a security thing - and I will have to go back to batch files. Mark Show quote "Anthony Jones" <A**@yadayadayada.com> wrote in message news:u6UsuxiHIHA.1164@TK2MSFTNGP02.phx.gbl... > "Mark" <mark_but***@verizon.net> wrote in message > news:8F335599-ADDE-4525-9986-10C3DBEB6CC4@microsoft.com... >> Hi all, >> I am attempting to create a web-page that will check several servers and >> verify that the local admin account has been renamed properly. I've > written >> a .vbs (command file) to do it - I have the necessary rights on each >> server - and it works just fine (portion shown below) >> >> My problem is converting it to an asp web page. When I try, I always get >> a >> security failure. I've checked and the page is running under a domain id >> with admin rights to the servers. I am assuming its something I just >> can't >> find the answer to, about the way ASP handles security impersonation. Can >> someone point me to where I need to look? >> >> >> >> Original .vbs code (which works) >> >> Set WmiObjSet = GetObject("winmgmts:\\" & strComputer) >> Set colItems = WmiObjSet.ExecQuery ("Select * from Win32_Account) >> >> >> Code in test.asp which fails with: Permission Denied: > 'GetObject' >> >> Response.Write Request.ServerVariables("LOGON_USER") >> set IPConfigSet = > GetObject("winmgmts://xxxxxxxxxxxx").ExecQuery("SELECT >> * from Win32_Account") >> >> >> Based on some examples on MSDN, I have also tried (with no luck): >> >> set IPConfigSet = >> > GetObject("winmgmts:{impersonationLevel=impersonate}!//xxxxxxxxxxxx/root/cim > v2").ExecQuery("SELECT >> * from Win32_Account") >> >> set IPConfigSet = >> > GetObject("winmgmts:{impersonationLevel=delegate,authority=ntlmdomain:xxxx}/ > /xxxxxxxxxxxx/root/cimv2").ExecQuery("SELECT >> * from Win32_Account") >> >> >> Any help would be greatly appreciated > > You say "I've checked and the page is running under a domain id with > admin > rights to the servers". How have you done that? > > What happens if you turn off anonymous access and turn on Windows > intergrated then visit the page using the same logon credentials you used > in > script testing? > > -- > Anthony Jones - MVP ASP/ASP.NET > >  
Other interesting topics
|
|||||||||||||||||||||||
