Thanks for the reply. But I have a couple follow ups
1. Can you explain what you mean by "delegatable"?
2. I have tried the following on the virtual folder containing my asp page:
fields for anonymous use. Didn't work, still access denied.
exactly... it's the last check mark in Document Securities), Didn't work,
still access denied.
-Combination of the two. Didn't work.
(p.s. Ignore any security-vulnerablity implication for the moment. This is
on a intranet, and I'll probably set up IP restrictions later... The key
3. You mentioned a difference in Xp and '03. Fortunately that doesn't
apply... (yet.)
The "server" computer in question is running IIS4 with NT4. We are in the
middle of upgrading to '03 (ETA another months or so) still.
"David Wang [Msft]" wrote:
> Sure. You just need to configure IIS to run with the credentials that you
> want, and you need to ensure that the credentials are properly delegatable
> such that it can be used to access remote servers.
>
> If you configured IIS to use anonymous authentication, then the configured
> anonymous credentials is used to perform the action. If you configured IIS
> using delegatable authentication, then that remotely authenticated identity
> can be used. Otherwise, what you are doing is not possible since an
> identity cannot be delegated to perform that action.
>
> On XP and WS03, you cannot indirectly launch batch files from IIS using
> WScript.Shell or objects like AspExec (anything that uses CreateProcess,
> really, due to code in cmd.exe). You can launch batch files directly from
> IIS, which are subject to the above rules.
>
>
> What all of this means is that you can probably assign your
> username/password as the anonymous credential in IIS, so anyone running your
> web page can launch the command. This has the obvious drawback that *anyone*
> can run this command as "you", and you need to make sure to re-synchronize
> this username/password in IIS when you change your password (essentially,
> you have delegated your credentials to the web server to do as it wishes,
> which may/not be a security issue depending on your server configuration).
>
> --
> //David
> IIS
>
http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights.
> //
> "3dot14" <3dot14@discussions.microsoft.com> wrote in message
> news:D3352173-A2CB-41F7-8BF9-74C53A172254@microsoft.com...
> Hi all!
>
> Here is my situation in a nutshell:
> I have three computers. Server, Source and Destination.
> All Source and Destination each has a shared folder, say "\shared". I
> personally have permissions into both of them, but they are not accessible
> to
> everyone.
> I have a batch file on Server, that does something like (it includes a
> couple more commands, but the main purpose is copying files)
> "copy \\source\shared\poo.txt \\destination\shared\"
> (the batch file works, because if I manually launch it, it completes its
> task no problem)
>
> I have been trying to run this batch file on the server.
> I have write Server.CreateObject (WScript.WShell) and 3rd party component
> (AspExec from
http://www.serverobjects.com/products.htm#free)
>
> But seems they have the same problem. They receive "access denied" error
> when accessing the remote directories.
>
> Is there a way I can enforce IIS to run the bat file with my authentication?
>
> Thanks in advance!
>
>
