winston6071
Programmer
Hello!
What would be the security impact if we would create a user group for some domain users and give this group access rights to the local "cmd.exe" which is called by an cgi application for doing some conversions in background ?
We tried this with the IUSR.... it worked, but the Admin for this page wants to have the Integrated windows authenticaton enabled and then its not working anylonger, cause the users has to less rights for this kind of call.
With enabling the IWA, the application is runnning, but only if the users getting local access rights to the "cmd.exe".
are we thinking paranoid or is there a nice recommended way how to solve this kind of issue correctly.
thanks in advance
What would be the security impact if we would create a user group for some domain users and give this group access rights to the local "cmd.exe" which is called by an cgi application for doing some conversions in background ?
We tried this with the IUSR.... it worked, but the Admin for this page wants to have the Integrated windows authenticaton enabled and then its not working anylonger, cause the users has to less rights for this kind of call.
With enabling the IWA, the application is runnning, but only if the users getting local access rights to the "cmd.exe".
are we thinking paranoid or is there a nice recommended way how to solve this kind of issue correctly.
thanks in advance