Previous Next

• 09-01-2008, 5:33 AM

  jerzym Joined on 04-17-2008, 11:21 AM Poland Posts 6

  WSH, WinExec from asp.net - how to block them in IIS7? Reply Contact Hello,  I have not found an answer for my question among the posts of this forum so I will ask about it.  I would like to know how to prevent users from launching local (system or uploaded by users) applications via asp.net scripts using WSH or WinExec methods.  I am able to run notepad.exe (appears in process list) from within asp.net code using those scripts: WSH: http://pastebin.com/m661e6270 WinExec: http://pastebin.com/m43aaef76 How can I block something like that? Best regards

  Tags: ASPIIS 7.0IIS 7

• 09-03-2008, 8:47 AM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 2,581

  Re: WSH, WinExec from asp.net - how to block them in IIS7? Reply Contact Have you tried locking down NTFS access to the scripting DLL? Do you want to run some of the WSH commands and block others?  I'm not certain you can block certain method calls out of the box.  My initial suggestion is to run filemon and regmon in a isolated environment to see what is access and see what can be blocked.  That should help you understand what is access and locked down. Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 09-05-2008, 6:21 AM

  In reply to

  WenJun Zhang - MSFT Joined on 08-27-2008, 2:53 AM Posts 80

  Re: WSH, WinExec from asp.net - how to block them in IIS7? Reply Contact You may try this: Disabling Windows Script Host http://www.microsoft.com/technet/scriptcenter/guide/sas_sbp_lhak.mspx?mfr=true   WenJun Zhang - MSFT Sincerely Microsoft Online Community Support “Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”