start process as impersonated account for NETSH DHCP?

M

Monroe

Am trying to automatically query and update DHCP servers via a web
application with VB.NET. Testing with a privileged account, defined
thus in web.config:

<identity impersonate="true" userName="<domain>\<user>"
password="<password>" />

Have also modified machine.config thusly, and restarted IIS (but
haven't rebooted):

<processModel enable="true" ... userName="<domain>\<user>"
password="<password>" />

I can run NETSH commands interactively when logged in. Also, in code
below, I confirm that I am impersonating the user rather than running
as ASPNET. It still seems that the process is running with limited
rights of ASPNET; output reads: "Unable to determine the DHCP Server
version for the Server <ip>.Server may not function properly."

Dim proc As New System.Diagnostics.Process()
proc.StartInfo.FileName = "netsh"
proc.StartInfo.Arguments = "dhcp server <ip> show scope"
proc.StartInfo.WindowStyle =
System.Diagnostics.ProcessWindowStyle.Hidden
proc.StartInfo.UseShellExecute = False
proc.StartInfo.RedirectStandardOutput = True
proc.Start()
TextBox1.Text = proc.StandardOutput.ReadToEnd.ToString & " " &
System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString
proc.Close()
proc.Dispose()

How can I ensure/confirm that the System.Diagnostic.Process is running
as the impersonated account, and not the parent? Assistance greatly
appreciated!
 
J

Joe Kaplan \(MVP - ADSI\)

Processes created by the Process class will be started with current process
token's account, not the impersonated account. The thing I don't understand
is why your ASP.NET worker process is still running as ASPNET as that change
should have allowed you to accomplish your goal. Is it possible that there
are multiple versions of the framework installed and you changed the wrong
config file? Is this IIS 6, 5.1 or 5? 6 doesn't use the processModel
section but is configured via the MMC in the AppPool settings.

Another good option I've seen for starting a process as a specific user is
to use WMI to accomplish this, but I haven't been able to find the code
sample that was posted here that shows how.

HTH,

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Delegating a impersonated account with ASP.NET 3
Impersonation wont work to remote server 1
ASPNet Process Token flowing with Impersonated Identity 0
process StandardOutput Security Inquiry 0
Please, Please help me 5
impersonate web service process account - ASPNET 0
machine.config process identity problem 0
anonymous access account for sqlConnection 1

Members online

No members online now.
Total: 38 (members: 2, guests: 36)
Robots: 334

Forum statistics

Threads
473,969
Messages
2,570,161
Members
46,710
Latest member
bernietqt

Latest Threads

Top