Search code examples
phpiisiis-7service-control-manager

Provide IIS/PHP privileges to Windows Service Control Manager (SCM)

So I'm calling a PHP function to access the status of a Windows 7 service as follows:

win32_query_service_status($service_name);

When running under a locally-installed WAMP instance, the function returns an array of information, as expected.

When running under IIS, I get an error-status 5 returned, which, according to the documentation, corresponds to the following error:

WIN32_ERROR_ACCESS_DENIED   0x00000005
The handle to the SCM database does not have the appropriate access rights.

So using phpinfo(), I check the USERNAME under which the PHP environment is running. When on the WAMP site, the service is running under my user ID (who is in the Windows local Administrators group).

Under the IIS version, the user is F6729-44TP6S7$ (which is my computer's name, followed by a $). So presumably, the solution is simply to grant this user the necessary privileges on the Service Control Manager (SCM) in Windows.

The problem though, is that I don't know enough about the internal workings of IIS (or of Windows) to know where this user ID comes from (meaning that I don't know how to grant it the necessary privileges). The user doesn't exist in my computer management console, and neither can I find where it is defined in the IIS management tool.

So the question is: What do I need to do to allow this PHP function to run under IIS? How do I grant the necessary privileges to the PHP-manager under IIS. Or alternatively, how do I change the user-Id under which the PHP-manager runs?

Solution

  • So apparently this is simply a question of knowing what to google for. Once you know what you're searching for, it's more likely you'll find it.

    https://serverfault.com/questions/232907/wcf-service-hosted-in-iis7-with-administrator-rights

    The answer is:

    In the IIS Manager, go to:

    Sites > [Your Website]

    In "Features" view under the IIS subsection

    Authentication > Anonymous Authentication > [right-mouse "Edit..."] > Select: Application Pool Identity [OK]

    This allows anonymous connections to the web-site, run PHP (and other IIS services) as admin user on the OS level.

    If anyone wants to duplicate this answer or add any useful information to your answer to claim the bounty, then go ahead. Karma, the circle of life, and all that.