2

I have been trying to figure out a way to manage our domains at work and easily created a SimpleDNS class, but now I'm on the IIS Server Administration side of it and I'm just lost on what is going on.

Here is the PHP code I am running to test it.

<?php
$cmd = 'iisweb /create c:\websites\examplesite.com\www "Example Domain!" /d www.examplesite.com';

exec($cmd,$data);
print_r($data);
?>

But when I run it I get:

Array ( [0] => Error &H80041003: Access denied

I am completely stumped on how to set up permissions for this.

Here's the good part! When I run <?php exec('ping google.com',$data);?>: it works seamlessly.

I have no idea where to start when it comes to setting up the permissions for iisweb.vbs (the iisweb vbs file). I don't even know if I'm supposed to set up permissions on that file. I don't know if I'm supposed to setup a CGI option in the console. I'm lost.

Can someone help me out? What am I doing here?

hatfieldajoshua
  • 307
  • 1
  • 4
  • 15
  • os details please? also is PHP on IIS as well? – Sabeen Malik Oct 15 '09 at 22:44
  • It's the default IIS for Windows Server 2003. I'm not sure the version, I barely remote desktop in. PHP is on this machine as well. – hatfieldajoshua Oct 16 '09 at 04:53
  • @jhat - Did you read my answer? The most likely reason you can't run `iisweb` is because the user the PHP code is running under does't have administrator rights. To find out which user that is follow the steps in my answer. – Kev Oct 16 '09 at 05:56
  • Yes, I read it, but I answered his question at home last night. I'm at work now, so I can try your solution soon. – hatfieldajoshua Oct 16 '09 at 13:38

1 Answers1

6

Your code will be running under one of two identities.

  1. The identity of the Application Pool that the website runs in (NETWORK SERVICE for example if the defaults were used). You can find this out by opening the property window for an application pool and selecting the Identity tab.

  2. The identity of the website anonymous user which you can find in Website Properties -> Directory Security -> Authentication and access control (click the edit button).

FastCGI

If you're running PHP under FastCGI and the c:\php\php.ini configuration value fastcgi.impersonate = 1 then user identity be the site anonymous user (option 2) above. If fastcgi.impersonate = 0 then PHP scripts will execute under the identity of the application pool (option 1).

You can tell if PHP is configured to execute under FastCGI by looking at the .php scriptmap for the site (Website Properties -> Home Directory -> Configuration -> Application Extensions). If it's set to C:\WINDOWS\system32\inetsrv\fcgiext.dll then you're running FastCGI.

No FastCGI

If your .php script map is not configured to use C:\WINDOWS\system32\inetsrv\fcgiext.dll then scripts will run under the identity of the site anonymous user (option 2 above).

In all cases the account used must have Administrators rights to be able to run the IIS admin scripts.

Kev
  • 118,037
  • 53
  • 300
  • 385
  • I am not running FastCGI. I set the directory security in my /new directory which contains the PHP file to Administrator and it did not work. I saved the settings. Do I need to reboot? It really sucks to be the guy to have to do this when our contractor is out of town... – hatfieldajoshua Oct 16 '09 at 17:58
  • You know what. I made a new domain, started with a new user group, and IT WORKS. May the glorious women of Venus pray upon your soul and give you lust from me for you. – hatfieldajoshua Oct 16 '09 at 18:39
  • Just have to say- you are a life saver. Been trawling the internet for hours on this same problem the the php.ini impersonate = 0 did the trick! – Lock Apr 29 '14 at 12:33
  • @Lock glad to have been of service :) – Kev Apr 29 '14 at 16:03