WMI Impersonation levels within vbscript / ASP code

security web iis wmi asp

Solution 1:

First is the trust level of your web site in IIS. Go into IIS and make sure it's set to full so your site can access internal server resources.

Next would be to double check that the users accessing the site are actually being authenticated and not running the code anonymously. Just to be sure check that anonymous authentication is disabled in iis and your site is forcing users to authenticate (disable ntlm automatic logon in your browser or write a user identification piece into your app to be doubly sure authentication is occuring).

Next would be to check wmi permissions for the type of users who are accessing your site. You can use wmimgmt.msc to open up the wmi security settings for your server. You can test out your wmi permissions by logging into your server with a regular user and try to execute wmi commands (you can use either powershell's get-wmiobject, wbemtest.exe or vbscript).

Related

Postgres WAL files clean up
HAProxy check port 443
preseed command string fail with newline character using virt-install initrd-inject
Apache other_vhosts_access.log and access.log log files
Nginx permission denied upstream error, even after 777
Unxeplainably high disk IO caused by nginx worker processes
SSH unresponsive after stopping Tomcat, many ksoftirqd CPU usage
How to create an else statement with the expect command?
ADFS SAML Single Logout
What are some main specs to look for when choosing enterprise routers?
haproxy and keepalived on Amazon EC2
npm install, but can't run