Run batch files with impersonation

D

dd.squad

When creating a new process, the aspnet worker process always runs it
under the ASPNET user instead of the user that is being impersonated.
After some research, I got around this by invoking the
CreateProcessAsUser win api call. That works ok for executables, but
trying to run batch files gave me an Access is Denied return code (5).
This is apparently because creating a process from a .bat file actually
uses c:\windows\system32\cmd.exe. So I gave the impersonated user
account permission to run cmd.exe, but it still returns with
-1073741502 (0xC0000142 in hex) which has something to do with dll's
not initializing. Looks to me like cmd.exe may require access to some
system dll's that the impersonated user has no access to. If I don't
impersonate, and just let it run with the ASPNET user, it works. We
have a large number of batch files that really need to be run from
impersonated asp.net app. Does anyone have any insight into how to
make this work?
 
M

MikeS

Did you change the command being executed to be something like "cmd.exe
/c myJob.bat" ?

Also, since this is .NET forum not win32,

It looks like you can use a System.Diagnostics.Process and it's
StartInfo property to specifiy the credentials to run with.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,999
Messages
2,570,247
Members
46,844
Latest member
JudyGvh32

Latest Threads

Top