Execute VBS file 1

[mainmast]

Hi all,

I have a VBS script called ResetPword.vbs. To run it, I would normally go to a command prompt and type:

cscript ResetPword.vbs AccountName NewPassword

How can I run that script from an ASP page? Basically, I want staff members at my school to be able to reset Active Directory accounts. We already have a staff only section to our website and I want to create a form that takes the students account name that needs a password reset and sends it to the ResetPword.vbs file to execute. How would I go about doing this?

Thanks!

 

[Sheco]

Maybe something like this:[tt]
Set oWShell = CreateObject("WScript.Shell")
oWShell.Exec("ResetPword.vbs AccountName NewPassword")
Set oWShell = Nothing [/tt]

You might need to change the IIS authentication scheme for this particular ASP since by default it would run under the IUSR_MachineName account... which is a local account on the web server and won't have any permissions to change accounts on the Active Directory.

 

[mainmast]

I've tried that and it hasn't worked. I don't think WScript is working right or something. IUSR has full access.

 

[Sheco]

Did you put IUSR into the AD? It is local to the server machine by default.

 

[mainmast]

Ok, it is saying Access is denied now. What directories would IUSR have to have full access to? I have it on the directory with the VBS, but I figure I need it on the Active Directory as well, how do I set this?

 

[Sheco]

Really you probably don't want IUSR to be in your domain... it is a local account for security reasons.

It might be better to choose a different AD account, or even make a special account for this purpse. Then use the IIS Admin tool to set this particular ASP to use this different account rather than IUSR for anonymous security.

 

[mainmast]

I went into AD and made IUSR a member of the Bultin administrator group as well as Domain Admins. I did the same for IWAM account. Still no go. Any ideas?

 

[mainmast]

OK, I created an account called StudentReset. I added it to the administrator group and more. I went to the directory security settings in IIS and unchecked anonymous access and went to the directory and gave StudentReset full access.

It works now, and I can't thank you enough. This is going to save me a ton of headaches in the future. I don't know how many emails I get a day, "I need the password for x reset" over and over and over again.

Thanks!!

 

[mainmast]

Wait, nevermind. I spoke too soon.

Here is my code:

Set oWShell = CreateObject("WScript.Shell")
oWShell.Exec("C:\inetpub\[URL unfurl="true"]wwwroot\PwordReset\ResetPw.bat")[/URL]
Set oWShell = Nothing

When I go to that page (blah.asp) it just shows a blank page, and doesn't reset my password. ResetPw.bat is:

@Echo off
Cls
resetpassword.vbs davieb mckeel
Exit

Any thoughts?

 

[mainmast]

Ok I forgot cscript:

Set oWShell = CreateObject("WScript.Shell")
oWShell.Exec("cscript C:\inetpub\[URL unfurl="true"]wwwroot\PwordReset\resetpassword.vbs[/URL] davieb mckeel")
Set oWShell = Nothing

Works now. Thanks again!

 

[Sheco]

For the best security, you only want to turn off anonymous access on the single ASP that performs this operation... the rest of the site should still use the IUSR account... and that IUSR should not be in the AD and it shouldn't even have permissions to the rest of the web server beyond the /Inetpub directory.