Running PHP as an Administrator in Windows

[sover]

Hi, I'm new to the forums.

 

I'm setting up a Terminal Service server using Windows Server 2008.

 

I would like to use the Windows command "net user [username] [password]" to create user accounts on that machine.

This way I won't have to mess with Active Directory or an LDAP system.

 

The idea is to create a web form that will allow users to create their own user accounts on this machine.

I'm trying to use the PHP system() function to pass those commands into windows, but I am not able to get it to run these commands as an administrator. 

 

My  means of troubleshooting have involved passing "dir > c:\itworked.txt" through PHP, where the root of c:\ is only writable to by administrators.  I've gone as far as installing the Privilege Elevation Powertoys and using the "elevate" command to bypass UAC.

 

<?php
echo "Hello World";  //make sure PHP is installed.

system('dir > c:\itworked.txt',$output);
echo $output;
?>

 

I've installed php as a cgi module in windows server 2008 using 'php-cgi.exe' and set that program to run as administrator.

I've also configured the php module to run with script and execution privileges.

 

Does anyone have any ideas?

Any help would be greatly appreciated.

 

Thanks,

David.

[jonsjava]

I have a batch file that runs a PHP script with $PATH set so it can see the php-cgi.  I then run that batch file in an infinate loop with 5 second sleeps and have it serviced as running as administrator.  If you need help/pointers, let me know.

[jonsjava]

forgot to mention, I have a database that stores next commands to execute, and that's what the php script runs. This way, you set up a front-end, it posts data to the DB, the script kicks every so often, finds un-run scripts, and runs them. 

[sover]

Your solution sounds like one that could very well work for me.

 

Though to be honest, I'm still pretty new to both PHP and programming in general.

Could you explain in detail how I could emulate this system?

 

Thanks for the speedy reply,

David.

[jonsjava]

Glad to be of service.

 

First, create a batch file:

@echo off
$PATH="C:\path_to_PHP_exec\";
:loop
php your_script_to_execute.php
@ping -5 127.0.0.1 > nul
goto loop

 

Next, create the php file to execute the file:

<?php
$link = mysql_connect("localhost","some_user","some_pass");
mysql_select_db("some_db",$link);
$sql = "SELECT * FROM `commands` WHERE `executed` = 0;";
$res = mysql_query($sql);
while ($row = mysql_fetch_assoc($res)){
$command = $row['command'];
$id = $row['id'];
shell_exec($command);
mysql_query("UPDATE `commands` SET `executed`=1 WHERE `id`=$id LIMIT 1;");
}
?>

Now, you need a database that has a table called "commands" and it should have this schema:

id (int) length 5 auto increment primary key

command(varchar) length 255 not null

Now, when someone wants to set up their user, just store the command that will need to be run in the database, and it will be run in the next 5 minutes.

 

I kinda bashed this script together, because I can't post the one I use. IP and all. Company wouldn't be happy with me if I was to share trade secrets *yawn*