PHP running external processes

Hi,

I don't believe this is a PHP issue, so you may be able to ignore the
fact that I'm using it and see if this sounds like something more
generalised.

On a development machine I've been using (XP Pro, IIS 5.1, latest
version of PHP), I have a PHP script which uses the shell_exec command
to run c:\windows\system32\reg.exe to query a remote computer's
registry. I'm developing a web based asset tracking and management
system, and I'm using this as a method to gain a list of software
installed on a remote computer. It works excellently. Here's the
command I'm using, if you're interested.

$o = shell_exec("c:/windows/system32/reg.exe QUERY \"\\\\{$hostname}\
\HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninsta ll\" /s");

I then parse the returned data appropriately. All well and good, and
it works brilliantly on the XP machine.

So, I move it to the production server (Windows Server 2003 with IIS6)
and it doesn't work. There are no errors that I can find, I simply
don't get any data returned. I've checked that reg.exe exists, and
uses the same syntax and everything. I've checked privileges as well
as I know how. The only thing I could think of was that I needed to
use IIS5 application isolation mode, so I tried that, and it still
didn't work. So I'm a little stuck.

Any ideas what I can try to get this working?

Thanks in advance,
Neil.

Re: PHP running external processes

On Jul 7, 3:16 pm, tro...@gmail.com wrote:
> Hi,
>
> I don't believe this is a PHP issue, so you may be able to ignore the
> fact that I'm using it and see if this sounds like something more
> generalised.
>
> On a development machine I've been using (XP Pro, IIS 5.1, latest
> version of PHP), I have a PHP script which uses the shell_exec command
> to run c:\windows\system32\reg.exe to query a remote computer's
> registry. I'm developing a web based asset tracking and management
> system, and I'm using this as a method to gain a list of software
> installed on a remote computer. It works excellently. Here's the
> command I'm using, if you're interested.
>
> $o = shell_exec("c:/windows/system32/reg.exe QUERY \"\\\\{$hostname}\
> \HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninsta ll\" /s");
>
> I then parse the returned data appropriately. All well and good, and
> it works brilliantly on the XP machine.
>
> So, I move it to the production server (Windows Server 2003 with IIS6)
> and it doesn't work. There are no errors that I can find, I simply
> don't get any data returned. I've checked that reg.exe exists, and
> uses the same syntax and everything. I've checked privileges as well
> as I know how. The only thing I could think of was that I needed to
> use IIS5 application isolation mode, so I tried that, and it still
> didn't work. So I'm a little stuck.
>
> Any ideas what I can try to get this working?
>
> Thanks in advance,
> Neil.



It depends on the Win32 API that shell_exec() uses as well as the
impersonated user identity used to execute the EXE.

In general, launching EXE from IIS6 (and later) is not really going to
work except under a few situations of elevated privileges. Mostly it
is due to:
1. IIS6 no longer does interactive logon
2. ACLs on the System32 EXEs themselves
3. CMD.EXE has restrictions inside of it.

Depending on shell_exec() implementation, you can try:
1. Running Application Pool with LocalSystem custom Identity
2. Authenticate as user in the Administrators group

Personally, I do not launch REG.EXE to do this because one of the
first things I shutdown is the RemoteRegistry service that this
approach depends on. Also, you are assuming that the installed
applications actually write an uninstall string. Unless I was stuck
writing a limited batch-script to do this, I would use the MSI or WMI
APIs to do this, without requiring elevation of privileges.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Re: PHP running external processes

On Jul 7, 11:41 pm, David Wang wrote:
> On Jul 7, 3:16 pm, tro...@gmail.com wrote:
>
>
>
>
>
> > Hi,
>
> > I don't believe this is a PHP issue, so you may be able to ignore the
> > fact that I'm using it and see if this sounds like something more
> > generalised.
>
> > On a development machine I've been using (XP Pro, IIS 5.1, latest
> > version of PHP), I have a PHP script which uses the shell_exec command
> > to run c:\windows\system32\reg.exe to query a remote computer's
> > registry. I'm developing a web based asset tracking and management
> > system, and I'm using this as a method to gain a list of software
> > installed on a remote computer. It works excellently. Here's the
> > command I'm using, if you're interested.
>
> > $o = shell_exec("c:/windows/system32/reg.exe QUERY \"\\\\{$hostname}\
> > \HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninsta ll\" /s");
>
> > I then parse the returned data appropriately. All well and good, and
> > it works brilliantly on the XP machine.
>
> > So, I move it to the production server (Windows Server 2003 with IIS6)
> > and it doesn't work. There are no errors that I can find, I simply
> > don't get any data returned. I've checked that reg.exe exists, and
> > uses the same syntax and everything. I've checked privileges as well
> > as I know how. The only thing I could think of was that I needed to
> > use IIS5 application isolation mode, so I tried that, and it still
> > didn't work. So I'm a little stuck.
>
> > Any ideas what I can try to get this working?
>
> > Thanks in advance,
> > Neil.
>
> It depends on the Win32 API that shell_exec() uses as well as the
> impersonated user identity used to execute the EXE.
>
> In general, launching EXE from IIS6 (and later) is not really going to
> work except under a few situations of elevated privileges. Mostly it
> is due to:
> 1. IIS6 no longer does interactive logon
> 2. ACLs on the System32 EXEs themselves
> 3. CMD.EXE has restrictions inside of it.
>
> Depending on shell_exec() implementation, you can try:
> 1. Running Application Pool with LocalSystem custom Identity
> 2. Authenticate as user in the Administrators group
>
> Personally, I do not launch REG.EXE to do this because one of the
> first things I shutdown is the RemoteRegistry service that this
> approach depends on. Also, you are assuming that the installed
> applications actually write an uninstall string. Unless I was stuck
> writing a limited batch-script to do this, I would use the MSI or WMI
> APIs to do this, without requiring elevation of privileges.
>
> //Davidhttp://w3-4u.blogspot.comhttp://blogs.msdn.com/David. Wang
> //- Hide quoted text -
>
> - Show quoted text -

Hi,

Thanks for the quick response. I agree, doing it through remote
registry isn't ideal. I would do it with WMI, but that doesn't store
information about non-MSI applications, does it? Unfortunately we
have a lot of non-MSI based applications that I need to find.

Thanks for the pointers anyway, I'll see if I can get it to work, or
maybe I'll have to come up with another way...

Neil.