Jump to content

Running PHP as an Administrator in Windows


sover

Recommended Posts

Hi, I'm new to the forums.

 

I'm setting up a Terminal Service server using Windows Server 2008.

 

I would like to use the Windows command "net user [username] [password]" to create user accounts on that machine.

This way I won't have to mess with Active Directory or an LDAP system.

 

The idea is to create a web form that will allow users to create their own user accounts on this machine.

I'm trying to use the PHP system() function to pass those commands into windows, but I am not able to get it to run these commands as an administrator. 

 

My  means of troubleshooting have involved passing "dir > c:\itworked.txt" through PHP, where the root of c:\ is only writable to by administrators.  I've gone as far as installing the Privilege Elevation Powertoys and using the "elevate" command to bypass UAC.

 

<?php
echo "Hello World";  //make sure PHP is installed.

system('dir > c:\itworked.txt',$output);
echo $output;
?>

 

I've installed php as a cgi module in windows server 2008 using 'php-cgi.exe' and set that program to run as administrator.

I've also configured the php module to run with script and execution privileges.

 

Does anyone have any ideas?

Any help would be greatly appreciated.

 

Thanks,

David.

Glad to be of service.

 

First, create a batch file:

@echo off
$PATH="C:\path_to_PHP_exec\";
:loop
php your_script_to_execute.php
@ping -5 127.0.0.1 > nul
goto loop

 

Next, create the php file to execute the file:

<?php
$link = mysql_connect("localhost","some_user","some_pass");
mysql_select_db("some_db",$link);
$sql = "SELECT * FROM `commands` WHERE `executed` = 0;";
$res = mysql_query($sql);
while ($row = mysql_fetch_assoc($res)){
$command = $row['command'];
$id = $row['id'];
shell_exec($command);
mysql_query("UPDATE `commands` SET `executed`=1 WHERE `id`=$id LIMIT 1;");
}
?>

Now, you need a database that has a table called "commands" and it should have this schema:

id (int) length 5 auto increment primary key

command(varchar) length 255 not null

Now, when someone wants to set up their user, just store the command that will need to be run in the database, and it will be run in the next 5 minutes.

 

I kinda bashed this script together, because I can't post the one I use. IP and all. Company wouldn't be happy with me if I was to share trade secrets *yawn*

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.