Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    Join Date
    Sep 2003
    Posts
    3

    Question Unanswered: create remote folder

    Hi,

    I am looking for information on how to create a remote folder with asp (and adsi) My situation is as follows:

    I connect from my client pc with the webserver. Here an asp page is loaded, which lets me create a new active directory user. I want this page to create a homedirectory, but the homedirectory must reside on a fileserver (which is not the same as the dc or the webserver I connected to)

    Now I understood there's something as the double hop problem, and that this can be worked around by using specific user credentials. This is actually how I created the AD user, but I do not know how (and if it's possible) to create folders this way.

    Is there anybody who can help me out a bit ??

    Thanks in advance!

    Martijn.
    Last edited by martijnb; 09-05-03 at 03:48.

  2. #2
    Join Date
    Feb 2002
    Location
    San Francisco, CA
    Posts
    441
    I belive you can run a system command (i.e. send a command to a DOS prompt), which you could run that command from.

    Sure this would work - just can't remeber the command!

    Search google for some thing like - ASP system command

  3. #3
    Join Date
    Sep 2003
    Posts
    3
    Originally posted by rhs98
    I belive you can run a system command (i.e. send a command to a DOS prompt), which you could run that command from.

    Sure this would work - just can't remeber the command!

    Search google for some thing like - ASP system command
    Thanks, but unfortunately that does not do the job. I get a pemission denied error when I try to create a remote folder through the shell command.

    Also when I try

    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objFolder = objFSO.CreateFolder("C:\FSO")

    Locally it works, but when I try to create the folder on a remote server it fails.

    Any suggestions ??

    Cheers,

    Martijn.

  4. #4
    Join Date
    Jul 2003
    Location
    SoCal
    Posts
    721
    This isn't gospel or anything, but ASP runs under the anonymous user account (IUSER). You may want to try giving the IUSER account R/W access on the fileserver. Then when you shell out the command to create the directory on the remote server, IUSER is validated, and the directory is created. That MIGHT work... not sure though...

  5. #5
    Join Date
    Feb 2002
    Location
    San Francisco, CA
    Posts
    441
    Hmm, not sure - I will have a think about this one...

  6. #6
    Join Date
    Jul 2003
    Location
    Ohio/Chicago
    Posts
    75
    Seppuku is correct. But to be anal (mainly because this gets hairy sometimes) the part that actually needs permission is the active x object (FSO) and the easiest way to reassign it's login permissions is through making the asp page run as IUSR_MachineName.

    You should probably change your web application to run as a specific web application account so the entire IIS doens't have access to this file server which would be a slight security flaw. You'd have to create this account at the AD domain level so that it could be validated against the domain, I don't think it's possible to do it at a local account to the machine....

    this will work.

    if you get an error, you probably have a header due to authentication. In which case this will be another story that i won't dive into unless you say "This isn't working, please fix it"
    Last edited by unatratnag; 09-09-03 at 17:25.

  7. #7
    Join Date
    Jul 2003
    Location
    SoCal
    Posts
    721
    I got it to work. It wouldn't function with the IUSR_<computer name> account (since IUSR is a local account). What I had to do was setup IIS to use a different account (domain account) that had rights to the file server and the IIS server.

    First create a new account on your domain where the account and the password do NOT expire. Set a secure password on it (mixed case letters, numbers, and punctuation) - remember it, you'll need it later

    Go to your file server and create a share, or open the permissions on an existing share, and give your new user R/W access.

    Now go to your IIS Server.

    Navigate to Start > Settings > Administrative Tools > Local Security Policy

    Expand "Local Policies" and select "User Rights Assignment"

    You'll want to go through all of these policies adding your new user to the policies that "IUSR_<computer name>" belongs to. (Access this computer from the network, Log on as batch job, Log on locally)

    ** If you don't do this, the account may not be able to execute ASP files or run when you're not logged in **

    Close the Local Policies and Settings Window

    Right Click "My Computer" and select "Manage"

    Expand "System Tools", Expand "Local Users and Groups", select "Groups"

    You may need to add the new user to the group "Guests" (probably not, I didn't try it - I just saw that IUSR is in that group)

    Scroll down and expand "Internet Information Services"

    Right Click your web service and select "Properties"

    Select the "Directory Security" tab

    Under the section "Anonymous access and authentication control" click "Edit"

    A new window will appear. Under "Anonymous access" click "Edit" again.

    Another window will pop up. Click "Browse" and find the new user you created and click "Ok". Make sure the check box "Allow IIS to control password" is de-selected (it should be already). Type in the password for the new user and click "Ok".. you'll need to re-type the password again for verification.

    Click "Ok" through the rest of the menus to get you back to the IIS admin, and you should be good to go.

    Try your ASP code using the path: \\servername\share\newfolder

    If everything works as it should, "newfolder" should be created. Make sure you test again when you log out of your IIS server. It should still execute when you're not logged into the server.

    I hope that helps!

  8. #8
    Join Date
    Jul 2003
    Location
    Ohio/Chicago
    Posts
    75
    good job =P

  9. #9
    Join Date
    Jul 2003
    Location
    SoCal
    Posts
    721
    Thank you.. thank you..

  10. #10
    Join Date
    Sep 2003
    Posts
    3

    It works now!

    I got it all to work now. Thank you very much !!

  11. #11
    Join Date
    Jul 2003
    Location
    SoCal
    Posts
    721
    That's a great way to start the morning.. heh heh
    That which does not kill me postpones the inevitable.

  12. #12
    Join Date
    May 2003
    Location
    Atlanta, GA
    Posts
    187
    Hi,
    I am having somewhat of a same problem. I can't create or see folders on my fileserver. When I try to follow the instructions you have. It doesn't work for me.After I creat a user on the fileserver, I can not add him in the IIS server. I have 2 IIS servers on the same domain with load balancing. I want to be able to create folders on IIS2, so the code on both IIS servers should be accessing only IIS2 to create the folders.
    Something like \\IIS2\FTP\UserName

    How would I do that????

  13. #13
    Join Date
    Jul 2003
    Location
    SoCal
    Posts
    721
    Originally posted by bpolunin
    After I creat a user on the fileserver, I can not add him in the IIS server.
    You need to create the new user on your domain, not on the fileserver.
    That which does not kill me postpones the inevitable.

  14. #14
    Join Date
    May 2003
    Location
    Atlanta, GA
    Posts
    187
    Hi,
    I am having somewhat of a same problem. I can't create or see folders on my fileserver. When I try to follow the instructions you have. It doesn't work for me.After I creat a user on the fileserver, I can not add him in the IIS server. I have 2 IIS servers on the same domain with load balancing. I want to be able to create folders on IIS2, so the code on both IIS servers should be accessing only IIS2 to create the folders.
    Something like \\IIS2\FTP\UserName

    How would I do that????

  15. #15
    Join Date
    Mar 2004
    Posts
    2
    Ok, how about this situation... Our company has 2 IIS 4.0 servers that are not apart of a domain. we have a fileserver (again, not part of a domain) that contains files that I want my IIS servers to have access to (thru FSO). This is very similar to the original posters dilemma, but in my situation, i do not have my servers apart of any domain. Is there anyway that i can access files on the fileserver thru my 2 IIS machines?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •