Home page logo

basics logo Security Basics mailing list archives

From: Locher Thomas <Thomas.Locher () swarovski com>
Date: Wed, 7 Apr 2004 13:01:48 +0200

Dear list,

some of our users want to use ftp for changing files with external partners.
We use WS_FTP 4.02 Server and have a http frontend for our users. They
connect to our intranetserver and come to a page where they can create ftp
accounts which are automatically deleted after three days. The site is
programmed in php an the script runs the iftpaddu.exe to create the users.
Until now we used Apache on our intrantserver where everything worked fine.
Now we migrated to IIS6 on Windows 2003 and when a user without admin
permissions runs this script on the intranet page it doesn't work. Local
Admin Users can still use the feature and create users. 
Can you tell me in which user context such a script runs on the IIS and
where i can configure this permission? When logging on to a server with a
non admin user and running the iftpaddu.exe everything works fine - so the
error must be somewhere in the permissions of iis.


Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 

  By Date           By Thread  

Current thread:
  • IIS6 Locher Thomas (Apr 07)
    • <Possible follow-ups>
    • Re: IIS6 Nicholas Diotte (Apr 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]