0

I am trying to develop a PHP application which executes a Powershell command via shell_exec().

However Once the command is executed, it doesn't work because it says it doesn't have permission. Any ideas what I have to do?

My code:

    $psscriptpath = "C:\inetpub\htdocs\school_panel\scripts\change.ps1";
    $cmdlet = "powershell.exe -executionpolicy remotesigned -File {$psscriptpath} -username {$username} -password {$password} < NUL";
    echo $cmdlet;           
    $output = shell_exec($cmdlet);
    echo $output;

There error message:

powershell.exe -executionpolicy remotesigned -File C:\inetpub\htdocs\school_panel\scripts\change.ps1 -username testingacount -password TestingTest321 < NULSet-ADAccountPassword : Access is denied
At C:\inetpub\htdocs\school_panel\scripts\change.ps1:18 char:22
+ Set-ADAccountPassword <<<<  $username -NewPassword $newpwd -Reset
    + CategoryInfo          : PermissionDenied: (testingacount:ADAccount) [Set-ADAccountPassword], UnauthorizedAccessException
    + FullyQualifiedErrorId : Access is denied,Microsoft.ActiveDirectory.Management.Commands.SetADAccountPassword

What I have already tried:

  • Set execution policy to unrestricted on both versions of powershell
  • Give full permissions to IUSER for CMD, Powershell, PHP-cgi.exe, PHP.exe and the folder containing the website
  • Rearranging and doing variety of changes with code.
Cœur
  • 37,241
  • 25
  • 195
  • 267
user3714214
  • 27
  • 1
  • 9

1 Answers1

0

Allowing a web server / engine to run commands directly in a shell is a bad idea in any way I can think of. Allowing said commands to be run with high privileges is an even worse idea.

Source: http://www.w3.org/Security/faq/wwwsf3.html (check Q3 for details. It refers to unix root user but I guess the system of root startup -> fork to nobody user is shared among multiple webservers on multiple platforms)

Luca B.
  • 638
  • 4
  • 13