By default PHP runs under IUSR account. When executed directly:
$lastline = exec('D:\\MyProgram.exe', $output, $return_var);
It runs, but the program is unable to do it's tasks due to insufficient privileges. My question is: How do I run an executable under a specific Windows account from a PHP website?
When executed through Sysinternals PsExec:
$lastline = exec('D:\\PsExec.exe -u UserName -p Password -accepteula "D:\\MyProgram.exe"', $output, $return_var);
MyProgram.exe does not even execute at all. PHP throws empty output and return_var is -1073741502
. I assume this is some sort of unhandled exception.
When executed through lsrunas:
$lastline = exec('D:\\lsrunas.exe /user:UserName /password:Password /domain:DOMAIN /command:"D:\\MyProgram.exe" /runpath:D:\\', $output, $return_var);
MyProgram.exe does not execute either. PHP throws empty output and return_var is 0
.
Microsoft's built in runas
command doesn't work because it doesn't accept password as a parameter.
Tried using different PHP functions like shell_exec
, system
and passthru
Tried creating a new Application Pool under IIS, to run the website under LOCAL SERVICE, SYSTEM, or a specific user. EDIT: This is where I went wrong. It should work, but fails when Load User Profile setting is not enabled (step 3 in my answer).
Does anyone have working suggestions?
Note: All commands are working and tested through command line directly.
I kept digging and found out that the only thing that works is a dedicated application pool.
Advanced Settings > Identity > Custom account
Advanced Settings > Load User Profile
to true
(this one is important)-or- for a better security:
. 5.Move all command-relatied code to one section within your website, convert it to application and apply that Application Pool to it. Then you can restrict any public access to that part and safely call that functionality from the other parts of your site.
Important note (!):
If you're running PHP via FastCGI, you must set fastcgi.impersonate = 0
in php.ini
file.
To test who is running the process you can save the following code to a *.bat
file and call it from PHP.
@echo off
SET now=%date% %time%
SET out=[%now%] %userdomain%\%username%
echo %out%
echo %out% > D:\hello.txt
::msg * "%out%"
if %username%=="SpecificUser" (
exit /B 100
) else (
exit /B 200
)
Replace SpecificUser
with your desired user name. Sometimes you'll see no output. The exit codes will help you then.
In case you can't see any output or exit code at all, this script will output the username to a text file. Replace D:\hello.txt
with your desired path.