ASP run external .exe gives permission error

Hi,

I have a Windows Server 2003 x64 with IIS 6.0 installed (running with 32bit
compatibillity flag due to an old asp application and jet drivers not
available for x64).
There is a page that needs to run an external .exe file. Although in the
past , on this machine i managed to make it run but i don't remember how, and
now i get a permission error "Microsoft VBScript runtime error '800a0046'".
I have done the following, but nothing helped:
1) Enabled "Allow interact with desktop on both WWW service and IWADMIN
(Desperation move)
2) Gave permissions to NETWORK SERVICE and IUSR_xxx on all .exe files that
are being executed
3) Gave permissions even on system32\cscript.exe and wscript.exe (on both
system32 and syswow64 dir's)
4) Enabled "Allow unknown CGI extensions" and ISAPI extension on Web
Extensions to be able to run
5) Add only the .exe i want on the Allowed Web Extensions.

That's the code:
set objWSH = Server.CreateObject("WScript.Shell")
intRtnVal=objWSH.Run(MYEXE,0, true)
set objWSH = Nothing

MyExe contains the full path and some parameters for the .exe file.
The exact same thing works perfectly on other machine, which is not x64 (i
don't know if it has anything to do). I tried to replicate all settings but
no luck.

Let me know if you have any suggestions. I can even provide access to the
webserver if someone needs to review it better. It's be driving me crazy
because i already "fixed it" twice and broke twice...

Thank you,
Panagiotis Kefalidis

Re: ASP run external .exe gives permission error

Please identify the EXACT line number that triggered 800a0046 -- the
error page should tell you. Then, please identify the EXACT line of
code that corresponds to that line number.

Until you do this, everything you have done is just guessing, and
since there are a gazillion wrong guesses that don't fix the issue and
only one right answer, it is not surprising that nothing you've done
has helped.

For example, I don't even need to know that line number and exact line
of code to know that what you have done CANNOT have helped. Here's
why:

1. If it worked before without this setting and you did not change
binaries involved, it won't be necessary now.
2. Which EXEs are you talking about, and how are you certain that
Network Service and IUSR are the user identities reading/executing
those binaries? I'm pretty certain Network Service is not the
impersonated user identity of ASP, and IUSR is the user identity of
anonymous authentication unless some COM object or other configuration
changed the anonymous user identity. Without looking up the configured
IIS Authentication Protocol applicable to that URL namespace and the
EXE involved, this sort of shotgun blasting ACL changes is very
insecure and defeats the purpose of security.
3. CSCRIPT.EXE and WSCRIPT.EXE are command shell hosts for the Windows
Script Runtime. ASP directly loads and uses the Windows Script Runtime
DLLs, so these hosts are not involved and thus ACL changes do not
apply
4. WebServiceExtension applies only to EXE that IIS directly runs.
MyEXE is launched by the ASP script, not IIS, so it does not apply
5. Same reason as #4.


Based on 800a0046, I suspect the problematic line number is on this
line of code:
> set objWSH =3D Server.CreateObject("WScript.Shell")

In which case the problem is the ACLs on %windir%\SYSWOW64\wshom.ocx
not being accessible to the impersonated identity (based on configured
IIS authentication method) used to execute the request.

Since Windows does not change ACLs on that file, I suspect some third-
party personal security product may have tweaked security settings on
your computer to "prevent script execution" and caused issues. Such
products commonly cause strange, unexpected failures.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//





On Dec 24, 11:28=A0am, Panagiotis Kefalidis Kefali...@discussions.microsoft.com> wrote:
> Hi,
>
> I have a Windows Server 2003 x64 with IIS 6.0 installed (running with 32bi=
t
> compatibillity flag due to an old asp application and jet drivers not
> available for x64).
> There is a page that needs to run an external .exe file. Although in the
> past , on this machine i managed to make it run but i don't remember how, =
and
> now i get a permission error "Microsoft VBScript runtime error '800a0046'"=
..
> I have done the following, but nothing helped:
> 1) Enabled "Allow interact with desktop on both WWW service and IWADMIN
> (Desperation move)
> 2) Gave permissions to NETWORK SERVICE and IUSR_xxx on all .exe files that=

> are being executed
> 3) Gave permissions even on system32\cscript.exe and wscript.exe (on both
> system32 and syswow64 dir's)
> 4) Enabled "Allow unknown CGI extensions" and ISAPI extension on Web
> Extensions to be able to run
> 5) Add only the .exe i want on the Allowed Web Extensions.
>
> That's the code:
> set objWSH =3D Server.CreateObject("WScript.Shell")
> intRtnVal=3DobjWSH.Run(MYEXE,0, true)
> set objWSH =3D Nothing
>
> MyExe contains the full path and some parameters for the .exe file.
> The exact same thing works perfectly on other machine, which is not x64 (i=

> don't know if it has anything to do). I tried to replicate all settings bu=
t
> no luck.
>
> Let me know if you have any suggestions. I can even provide access to the
> webserver if someone needs to review it better. It's be driving me crazy
> because i already "fixed it" twice and broke twice...
>
> Thank you,
> Panagiotis Kefalidis

RE: ASP run external .exe gives permission error

Hi,

First of all, thank you for this amazing reply.

The answers:

The error occurs on the .Run statement, not at the instancation. I verified
this by changing the .exe name , to something that does not exist and i got
the error "file not found".

1) I'm not 100% certain that IUSR is accessing the .exe file but i can
assume that it's the one, because the only authentication method enabled is
anonymous access for that specific application. Network service was a
"desperation" move, along with some others like permissions on cscript and
wscript exe's.
2) read #1
3) read #1
4) Thank you. I wasn't sure that this is the way it works.

Nothing is installed (from security view) on the server so ACL was not
changed on wshom.ocx.

Thank you and happy holidays,

Panagiotis Kefalidis

"Panagiotis Kefalidis" wrote:

> Hi,
>
> I have a Windows Server 2003 x64 with IIS 6.0 installed (running with 32bit
> compatibillity flag due to an old asp application and jet drivers not
> available for x64).
> There is a page that needs to run an external .exe file. Although in the
> past , on this machine i managed to make it run but i don't remember how, and
> now i get a permission error "Microsoft VBScript runtime error '800a0046'".
> I have done the following, but nothing helped:
> 1) Enabled "Allow interact with desktop on both WWW service and IWADMIN
> (Desperation move)
> 2) Gave permissions to NETWORK SERVICE and IUSR_xxx on all .exe files that
> are being executed
> 3) Gave permissions even on system32\cscript.exe and wscript.exe (on both
> system32 and syswow64 dir's)
> 4) Enabled "Allow unknown CGI extensions" and ISAPI extension on Web
> Extensions to be able to run
> 5) Add only the .exe i want on the Allowed Web Extensions.
>
> That's the code:
> set objWSH = Server.CreateObject("WScript.Shell")
> intRtnVal=objWSH.Run(MYEXE,0, true)
> set objWSH = Nothing
>
> MyExe contains the full path and some parameters for the .exe file.
> The exact same thing works perfectly on other machine, which is not x64 (i
> don't know if it has anything to do). I tried to replicate all settings but
> no luck.
>
> Let me know if you have any suggestions. I can even provide access to the
> webserver if someone needs to review it better. It's be driving me crazy
> because i already "fixed it" twice and broke twice...
>
> Thank you,
> Panagiotis Kefalidis

Re: ASP run external .exe gives permission error

To be certain, VBSCRIPT error handling is controlled by things like
"ON ERROR ***" , so you need to tell us which is applicable in your
ASP page. Depending on its setting, the error may occur on the
instantiation statement *OR* the first use statement. We need to know
which.

You can verify the identity used for anonymous authentication in the
UI. Or with the
CSCRIPT //nologo %SYSTEMDRIVE%\Inetpub\AdminScripts\ADSUTIL.VBS FIND
AnonymousUserName
to see where it is set in the metabase -- it is inherited from the
nearest parent "folder" of the URL, including override at the URL
itself. This will allow you to determine what the real Anonymous
Username value used for the ASP page, and assuming only Anonymous
Authentication, the user that is making the CreateProcess() Win32 API
call.

Finally, what is the Application Pool identity of the app pool that
this ASP page is running under?


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//





On Dec 25, 11:06=A0am, Panagiotis Kefalidis
wrote:
> Hi,
>
> First of all, thank you for this amazing reply.
>
> The answers:
>
> The error occurs on the .Run statement, not at the instancation. I verifie=
d
> this by changing the .exe name , to something that does not exist and i go=
t
> the error "file not found".
>
> 1) I'm not 100% certain that IUSR is accessing the .exe file but i can
> assume that it's the one, because the only authentication method enabled i=
s
> anonymous access for that specific application. Network service was a
> "desperation" move, along with some others like permissions on cscript and=

> wscript exe's.
> 2) read #1
> 3) read #1
> 4) Thank you. I wasn't sure that this is the way it works.
>
> Nothing is installed (from security view) on the server so ACL was not
> changed on wshom.ocx.
>
> Thank you and happy holidays,
>
> Panagiotis Kefalidis
>
>
>
> "Panagiotis Kefalidis" wrote:
> > Hi,
>
> > I have a Windows Server 2003 x64 with IIS 6.0 installed (running with 32=
bit
> > compatibillity flag due to an old asp application and jet drivers not
> > available for x64).
> > There is a page that needs to run an external .exe file. Although in the=

> > past , on this machine i managed to make it run but i don't remember how=
, and
> > now i get a permission error "Microsoft VBScript runtime error '800a0046=
'".
> > I have done the following, but nothing helped:
> > 1) Enabled "Allow interact with desktop on both WWW service and IWADMIN
> > (Desperation move)
> > 2) Gave permissions to NETWORK SERVICE and IUSR_xxx on all .exe files th=
at
> > are being executed
> > 3) Gave permissions even on system32\cscript.exe and wscript.exe (on bot=
h
> > system32 and syswow64 dir's)
> > 4) Enabled "Allow unknown CGI extensions" and ISAPI extension on Web
> > Extensions to be able to run
> > 5) Add only the .exe i want on the Allowed Web Extensions.
>
> > That's the code:
> > set objWSH =3D Server.CreateObject("WScript.Shell")
> > intRtnVal=3DobjWSH.Run(MYEXE,0, true)
> > set objWSH =3D Nothing
>
> > MyExe contains the full path and some parameters for the .exe file.
> > The exact same thing works perfectly on other machine, which is not x64 =
(i
> > don't know if it has anything to do). I tried to replicate all settings =
but
> > no luck.
>
> > Let me know if you have any suggestions. I can even provide access to th=
e
> > webserver if someone needs to review it better. It's be driving me crazy=

> > because i already "fixed it" twice and broke twice...
>
> > Thank you,
> > Panagiotis Kefalidis- Hide quoted text -
>
> - Show quoted text -

Re: ASP run external .exe gives permission error

Hi David,

There is no error handling inside that script. Any error is fatal error and
execution halts.

Anonymous identity: i already replied that in the UI, at the authentication
page it's set to IUSR_TEST1950 which is the anonymous user. If i'm not
correct on this one, which one do you need? Running the adsutil returns W3SVC
and the MSFTPxxx (don't remember exactly) users.

Application pool identity is the default one, Network Service.

Thank you,
Panagiotis Kefalidis

"David Wang" wrote:

> To be certain, VBSCRIPT error handling is controlled by things like
> "ON ERROR ***" , so you need to tell us which is applicable in your
> ASP page. Depending on its setting, the error may occur on the
> instantiation statement *OR* the first use statement. We need to know
> which.
>
> You can verify the identity used for anonymous authentication in the
> UI. Or with the
> CSCRIPT //nologo %SYSTEMDRIVE%\Inetpub\AdminScripts\ADSUTIL.VBS FIND
> AnonymousUserName
> to see where it is set in the metabase -- it is inherited from the
> nearest parent "folder" of the URL, including override at the URL
> itself. This will allow you to determine what the real Anonymous
> Username value used for the ASP page, and assuming only Anonymous
> Authentication, the user that is making the CreateProcess() Win32 API
> call.
>
> Finally, what is the Application Pool identity of the app pool that
> this ASP page is running under?
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
>
>
> On Dec 25, 11:06 am, Panagiotis Kefalidis
> wrote:
> > Hi,
> >
> > First of all, thank you for this amazing reply.
> >
> > The answers:
> >
> > The error occurs on the .Run statement, not at the instancation. I verified
> > this by changing the .exe name , to something that does not exist and i got
> > the error "file not found".
> >
> > 1) I'm not 100% certain that IUSR is accessing the .exe file but i can
> > assume that it's the one, because the only authentication method enabled is
> > anonymous access for that specific application. Network service was a
> > "desperation" move, along with some others like permissions on cscript and
> > wscript exe's.
> > 2) read #1
> > 3) read #1
> > 4) Thank you. I wasn't sure that this is the way it works.
> >
> > Nothing is installed (from security view) on the server so ACL was not
> > changed on wshom.ocx.
> >
> > Thank you and happy holidays,
> >
> > Panagiotis Kefalidis
> >
> >
> >
> > "Panagiotis Kefalidis" wrote:
> > > Hi,
> >
> > > I have a Windows Server 2003 x64 with IIS 6.0 installed (running with 32bit
> > > compatibillity flag due to an old asp application and jet drivers not
> > > available for x64).
> > > There is a page that needs to run an external .exe file. Although in the
> > > past , on this machine i managed to make it run but i don't remember how, and
> > > now i get a permission error "Microsoft VBScript runtime error '800a0046'".
> > > I have done the following, but nothing helped:
> > > 1) Enabled "Allow interact with desktop on both WWW service and IWADMIN
> > > (Desperation move)
> > > 2) Gave permissions to NETWORK SERVICE and IUSR_xxx on all .exe files that
> > > are being executed
> > > 3) Gave permissions even on system32\cscript.exe and wscript.exe (on both
> > > system32 and syswow64 dir's)
> > > 4) Enabled "Allow unknown CGI extensions" and ISAPI extension on Web
> > > Extensions to be able to run
> > > 5) Add only the .exe i want on the Allowed Web Extensions.
> >
> > > That's the code:
> > > set objWSH = Server.CreateObject("WScript.Shell")
> > > intRtnVal=objWSH.Run(MYEXE,0, true)
> > > set objWSH = Nothing
> >
> > > MyExe contains the full path and some parameters for the .exe file.
> > > The exact same thing works perfectly on other machine, which is not x64 (i
> > > don't know if it has anything to do). I tried to replicate all settings but
> > > no luck.
> >
> > > Let me know if you have any suggestions. I can even provide access to the
> > > webserver if someone needs to review it better. It's be driving me crazy
> > > because i already "fixed it" twice and broke twice...
> >
> > > Thank you,
> > > Panagiotis Kefalidis- Hide quoted text -
> >
> > - Show quoted text -
>
>

Re: ASP run external .exe gives permission error

Hi,

I added some lines and i found out that the error number is "70" and the
description is "Permission Denied".

I don't know if that helps.

"David Wang" wrote:

> To be certain, VBSCRIPT error handling is controlled by things like
> "ON ERROR ***" , so you need to tell us which is applicable in your
> ASP page. Depending on its setting, the error may occur on the
> instantiation statement *OR* the first use statement. We need to know
> which.
>
> You can verify the identity used for anonymous authentication in the
> UI. Or with the
> CSCRIPT //nologo %SYSTEMDRIVE%\Inetpub\AdminScripts\ADSUTIL.VBS FIND
> AnonymousUserName
> to see where it is set in the metabase -- it is inherited from the
> nearest parent "folder" of the URL, including override at the URL
> itself. This will allow you to determine what the real Anonymous
> Username value used for the ASP page, and assuming only Anonymous
> Authentication, the user that is making the CreateProcess() Win32 API
> call.
>
> Finally, what is the Application Pool identity of the app pool that
> this ASP page is running under?
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
>
>
> On Dec 25, 11:06 am, Panagiotis Kefalidis
> wrote:
> > Hi,
> >
> > First of all, thank you for this amazing reply.
> >
> > The answers:
> >
> > The error occurs on the .Run statement, not at the instancation. I verified
> > this by changing the .exe name , to something that does not exist and i got
> > the error "file not found".
> >
> > 1) I'm not 100% certain that IUSR is accessing the .exe file but i can
> > assume that it's the one, because the only authentication method enabled is
> > anonymous access for that specific application. Network service was a
> > "desperation" move, along with some others like permissions on cscript and
> > wscript exe's.
> > 2) read #1
> > 3) read #1
> > 4) Thank you. I wasn't sure that this is the way it works.
> >
> > Nothing is installed (from security view) on the server so ACL was not
> > changed on wshom.ocx.
> >
> > Thank you and happy holidays,
> >
> > Panagiotis Kefalidis
> >
> >
> >
> > "Panagiotis Kefalidis" wrote:
> > > Hi,
> >
> > > I have a Windows Server 2003 x64 with IIS 6.0 installed (running with 32bit
> > > compatibillity flag due to an old asp application and jet drivers not
> > > available for x64).
> > > There is a page that needs to run an external .exe file. Although in the
> > > past , on this machine i managed to make it run but i don't remember how, and
> > > now i get a permission error "Microsoft VBScript runtime error '800a0046'".
> > > I have done the following, but nothing helped:
> > > 1) Enabled "Allow interact with desktop on both WWW service and IWADMIN
> > > (Desperation move)
> > > 2) Gave permissions to NETWORK SERVICE and IUSR_xxx on all .exe files that
> > > are being executed
> > > 3) Gave permissions even on system32\cscript.exe and wscript.exe (on both
> > > system32 and syswow64 dir's)
> > > 4) Enabled "Allow unknown CGI extensions" and ISAPI extension on Web
> > > Extensions to be able to run
> > > 5) Add only the .exe i want on the Allowed Web Extensions.
> >
> > > That's the code:
> > > set objWSH = Server.CreateObject("WScript.Shell")
> > > intRtnVal=objWSH.Run(MYEXE,0, true)
> > > set objWSH = Nothing
> >
> > > MyExe contains the full path and some parameters for the .exe file.
> > > The exact same thing works perfectly on other machine, which is not x64 (i
> > > don't know if it has anything to do). I tried to replicate all settings but
> > > no luck.
> >
> > > Let me know if you have any suggestions. I can even provide access to the
> > > webserver if someone needs to review it better. It's be driving me crazy
> > > because i already "fixed it" twice and broke twice...
> >
> > > Thank you,
> > > Panagiotis Kefalidis- Hide quoted text -
> >
> > - Show quoted text -
>
>

Re: ASP run external .exe gives permission error

Is the Permission denied for this line:
> set objWSH =3D Server.CreateObject("WScript.Shell")

Or for this line:
> intRtnVal=3DobjWSH.Run(MYEXE,0, true)


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//




On Dec 26, 6:08=A0am, Panagiotis Kefalidis
wrote:
> Hi,
>
> I added some lines and i found out that the error number is "70" and the
> description is "Permission Denied".
>
> I don't know if that helps.
>
>
>
> "David Wang" wrote:
> > To be certain, VBSCRIPT error handling is controlled by things like
> > "ON ERROR ***" , so you need to tell us which is applicable in your
> > ASP page. Depending on its setting, the error may occur on the
> > instantiation statement *OR* the first use statement. We need to know
> > which.
>
> > You can verify the identity used for anonymous authentication in the
> > UI. Or with the
> > =A0CSCRIPT //nologo %SYSTEMDRIVE%\Inetpub\AdminScripts\ADSUTIL.VBS FIND
> > AnonymousUserName
> > to see where it is set in the metabase -- it is inherited from the
> > nearest parent "folder" of the URL, including override at the URL
> > itself. This will allow you to determine what the real Anonymous
> > Username value used for the ASP page, and assuming only Anonymous
> > Authentication, the user that is making the CreateProcess() Win32 API
> > call.
>
> > Finally, what is the Application Pool identity of the app pool that
> > this ASP page is running under?
>
> > //David
> >http://w3-4u.blogspot.com
> >http://blogs.msdn.com/David.Wang
> > //
>
> > On Dec 25, 11:06 am, Panagiotis Kefalidis
> > wrote:
> > > Hi,
>
> > > First of all, thank you for this amazing reply.
>
> > > The answers:
>
> > > The error occurs on the .Run statement, not at the instancation. I ver=
ified
> > > this by changing the .exe name , to something that does not exist and =
i got
> > > the error "file not found".
>
> > > 1) I'm not 100% certain that IUSR is accessing the .exe file but i can=

> > > assume that it's the one, because the only authentication method enabl=
ed is
> > > anonymous access for that specific application. Network service was a
> > > "desperation" move, along with some others like permissions on cscript=
and
> > > wscript exe's.
> > > 2) read #1
> > > 3) read #1
> > > 4) Thank you. I wasn't sure that this is the way it works.
>
> > > Nothing is installed (from security view) on the server so ACL was not=

> > > changed on wshom.ocx.
>
> > > Thank you and happy holidays,
>
> > > Panagiotis Kefalidis
>
> > > "Panagiotis Kefalidis" wrote:
> > > > Hi,
>
> > > > I have a Windows Server 2003 x64 with IIS 6.0 installed (running wit=
h 32bit
> > > > compatibillity flag due to an old asp application and jet drivers no=
t
> > > > available for x64).
> > > > There is a page that needs to run an external .exe file. Although in=
the
> > > > past , on this machine i managed to make it run but i don't remember=
how, and
> > > > now i get a permission error "Microsoft VBScript runtime error '800a=
0046'".
> > > > I have done the following, but nothing helped:
> > > > 1) Enabled "Allow interact with desktop on both WWW service and IWAD=
MIN
> > > > (Desperation move)
> > > > 2) Gave permissions to NETWORK SERVICE and IUSR_xxx on all .exe file=
s that
> > > > are being executed
> > > > 3) Gave permissions even on system32\cscript.exe and wscript.exe (on=
both
> > > > system32 and syswow64 dir's)
> > > > 4) Enabled "Allow unknown CGI extensions" and ISAPI extension on Web=

> > > > Extensions to be able to run
> > > > 5) Add only the .exe i want on the Allowed Web Extensions.
>
> > > > That's the code:
> > > > set objWSH =3D Server.CreateObject("WScript.Shell")
> > > > intRtnVal=3DobjWSH.Run(MYEXE,0, true)
> > > > set objWSH =3D Nothing
>
> > > > MyExe contains the full path and some parameters for the .exe file.
> > > > The exact same thing works perfectly on other machine, which is not =
x64 (i
> > > > don't know if it has anything to do). I tried to replicate all setti=
ngs but
> > > > no luck.
>
> > > > Let me know if you have any suggestions. I can even provide access t=
o the
> > > > webserver if someone needs to review it better. It's be driving me c=
razy
> > > > because i already "fixed it" twice and broke twice...
>
> > > > Thank you,
> > > > Panagiotis Kefalidis- Hide quoted text -
>
> > > - Show quoted text -- Hide quoted text -
>
> - Show quoted text -

Re: ASP run external .exe gives permission error

I think it's for .Run. I verified this (i think it's a correct way) by
providing an .exe path that doesn't exist and it correctly returned File not
found error.

"David Wang" wrote:

> Is the Permission denied for this line:
> > set objWSH = Server.CreateObject("WScript.Shell")
>
> Or for this line:
> > intRtnVal=objWSH.Run(MYEXE,0, true)
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
>
> On Dec 26, 6:08 am, Panagiotis Kefalidis
> wrote:
> > Hi,
> >
> > I added some lines and i found out that the error number is "70" and the
> > description is "Permission Denied".
> >
> > I don't know if that helps.
> >
> >
> >
> > "David Wang" wrote:
> > > To be certain, VBSCRIPT error handling is controlled by things like
> > > "ON ERROR ***" , so you need to tell us which is applicable in your
> > > ASP page. Depending on its setting, the error may occur on the
> > > instantiation statement *OR* the first use statement. We need to know
> > > which.
> >
> > > You can verify the identity used for anonymous authentication in the
> > > UI. Or with the
> > > CSCRIPT //nologo %SYSTEMDRIVE%\Inetpub\AdminScripts\ADSUTIL.VBS FIND
> > > AnonymousUserName
> > > to see where it is set in the metabase -- it is inherited from the
> > > nearest parent "folder" of the URL, including override at the URL
> > > itself. This will allow you to determine what the real Anonymous
> > > Username value used for the ASP page, and assuming only Anonymous
> > > Authentication, the user that is making the CreateProcess() Win32 API
> > > call.
> >
> > > Finally, what is the Application Pool identity of the app pool that
> > > this ASP page is running under?
> >
> > > //David
> > >http://w3-4u.blogspot.com
> > >http://blogs.msdn.com/David.Wang
> > > //
> >
> > > On Dec 25, 11:06 am, Panagiotis Kefalidis
> > > wrote:
> > > > Hi,
> >
> > > > First of all, thank you for this amazing reply.
> >
> > > > The answers:
> >
> > > > The error occurs on the .Run statement, not at the instancation. I verified
> > > > this by changing the .exe name , to something that does not exist and i got
> > > > the error "file not found".
> >
> > > > 1) I'm not 100% certain that IUSR is accessing the .exe file but i can
> > > > assume that it's the one, because the only authentication method enabled is
> > > > anonymous access for that specific application. Network service was a
> > > > "desperation" move, along with some others like permissions on cscript and
> > > > wscript exe's.
> > > > 2) read #1
> > > > 3) read #1
> > > > 4) Thank you. I wasn't sure that this is the way it works.
> >
> > > > Nothing is installed (from security view) on the server so ACL was not
> > > > changed on wshom.ocx.
> >
> > > > Thank you and happy holidays,
> >
> > > > Panagiotis Kefalidis
> >
> > > > "Panagiotis Kefalidis" wrote:
> > > > > Hi,
> >
> > > > > I have a Windows Server 2003 x64 with IIS 6.0 installed (running with 32bit
> > > > > compatibillity flag due to an old asp application and jet drivers not
> > > > > available for x64).
> > > > > There is a page that needs to run an external .exe file. Although in the
> > > > > past , on this machine i managed to make it run but i don't remember how, and
> > > > > now i get a permission error "Microsoft VBScript runtime error '800a0046'".
> > > > > I have done the following, but nothing helped:
> > > > > 1) Enabled "Allow interact with desktop on both WWW service and IWADMIN
> > > > > (Desperation move)
> > > > > 2) Gave permissions to NETWORK SERVICE and IUSR_xxx on all .exe files that
> > > > > are being executed
> > > > > 3) Gave permissions even on system32\cscript.exe and wscript.exe (on both
> > > > > system32 and syswow64 dir's)
> > > > > 4) Enabled "Allow unknown CGI extensions" and ISAPI extension on Web
> > > > > Extensions to be able to run
> > > > > 5) Add only the .exe i want on the Allowed Web Extensions.
> >
> > > > > That's the code:
> > > > > set objWSH = Server.CreateObject("WScript.Shell")
> > > > > intRtnVal=objWSH.Run(MYEXE,0, true)
> > > > > set objWSH = Nothing
> >
> > > > > MyExe contains the full path and some parameters for the .exe file.
> > > > > The exact same thing works perfectly on other machine, which is not x64 (i
> > > > > don't know if it has anything to do). I tried to replicate all settings but
> > > > > no luck.
> >
> > > > > Let me know if you have any suggestions. I can even provide access to the
> > > > > webserver if someone needs to review it better. It's be driving me crazy
> > > > > because i already "fixed it" twice and broke twice...
> >
> > > > > Thank you,
> > > > > Panagiotis Kefalidis- Hide quoted text -
> >
> > > > - Show quoted text -- Hide quoted text -
> >
> > - Show quoted text -
>
>