I have a requirement to add a user to my windows 2019 web server from a PHP web application
I am using a command line command:
NET USER sbarker mypassword /ADD /FULLNAME:"Sue Barker" /PASSWORDCHG:NO /PASSWORDREQ:YES /LOGONPASSWORDCHG:NO /EXPIRES:NEVER
This works fine from a standard command line when logged on as administrator on the server (as you would expect).
To implement this from PHP I am using the following, which I believe to be the correct syntax/format:
<?php
$username = "sbarker";
$userpass = "secure1";
$fullname = "Sue Barker";
echo exec("start cmd /C:\Users\Administrator NET USER $username $userpass /ADD /FULLNAME:$fullname /PASSWORDCHG:NO /PASSWORDREQ:YES /LOGONPASSWORDCHG:NO /EXPIRES:NEVER");
?>
This produces no new user, probably because of permissions.
What permissions do I need to set to allow user creation?
What are my liabilities from a security point of view?
Is there a better way of creating a windows user from a PHP web application.
EDIT:
Tried the following with no success:
<?php
$test = shell_exec('C:\\WINDOWS\\system32\\cmd.exe /c 2>&1 "NET USER test test /ADD"');
echo "<pre>$test</pre>";
?>
The result was a System error 5 has occurred. Access is denied. error
After extensive research and dead ends, it looks like Microsoft has locked this down to such an extent that programmatically adding users is not possible. Personally I wish they would give developers the choice to execute batch scripts with elevated privileges rather than 'just saying no'.
The basic answer is that it looks like this is not possible.
Related
PHP file
<?php
echo exec("rules.bat");
?>
BAT file
net user username Welcome12! /ADD /FULLNAME:Test /PASSWORDCHG:NO
When I try to run the php script I get the following
C:\inetpub\wwwroot\e\sso\home>net user username Welcome12! /ADD /FULLNAME:Test /PASSWORDCHG:NO
But no user is added. I can run the BAT file from the same directory and the user is added. I've also tried to run the following in my php script and it doesn't work
<?php
echo exec("net user username Welcome12! /ADD /FULLNAME:Test /PASSWORDCHG:NO");
?>
I've also tried using system, shell_exec, passthru
When I run
echo exec("whoami");
it shows my user that has admin rights
What windows version?
Does it have Admin Rights? as to add a user to windows you will have to run in Admin mode / Root Rights.
Even running net user username Welcome12! /ADD /FULLNAME:Test /PASSWORDCHG:NO
in Command, returns: Access is denied.
Web server has 1User with rights, When logged into the Device i.e. RDP you possibly have Admin rights.
Stating the obvious here, But this is what it sounds to me
echo exec(" start cmd /c net user $directoryname $password /ADD /FULLNAME:$username /PASSWORDCHG:NO");
this resolved it
I use an IIS server and I want to execute some shell commands, but do not know exactly what the problem is.
For example, you want to set the time, or to create a new user, or whatever, does absolutely nothing (return null)
<?php
$output = shell_exec("time 11:50 PM");
echo '<pre>';
print_r($output);
echo '</pre>';
?>
And I thought to show username that is connected to see if with Administrator rights or not.
"echo %username%"
instead return my username, it returns me "COMPUTERNAME-PC$"
How can I run shell commands as administrator?
The short answer is you can't as it's configured now. You're restricted to the application pool identity. More than likely you're using the NETWORK SERVICE user, which is why you're getting the PC name as the username.
The solution would be to change the application pool identity to a user that the permissions you need. But you could still run into issues if User Account Control (UAC) is enabled, and you run a command that requires elevation which it sounds like you want to do.
Im Trying to run typeperf.exe with an php function exec();
this is the command ( for cpu load % )
typeperf -sc 1 "processor(_Total)\% Processor Time"
When im runing the command through a command prompt it is returning me the wanted result.
But when calling it trough exec();
Im getting
So I ran the command whoami through php to know what is the php user,
I got nt authority\iusr
So I setted the username to be in the Performance Log User Group as mentioned.
And deseperatly added everyone in the group since this was not working.
What can I do to let php run a typeperf.exe comand ?
You mention it does work when using command prompt. But even when using command prompt you need to start it as administrator (windows 8, possibly 7). If you dont you get the same error message.
So perhaps you could try to disable user account control to allow access without specific administrator privileges.. Check how-do-i-disable-administrator-prompt-in-windows-8 for some tips.
Also it mentions that the rights are only updated after logging in with the account. So it could very well be that your changes never do anything as you never log in using 'Everyone' or 'IUSR'.
By default PHP runs under IUSR account. When executed directly:
$lastline = exec('D:\\MyProgram.exe', $output, $return_var);
It runs, but the program is unable to do it's tasks due to insufficient privileges. My question is: How do I run an executable under a specific Windows account from a PHP website?
I've tried:
When executed through Sysinternals PsExec:
$lastline = exec('D:\\PsExec.exe -u UserName -p Password -accepteula "D:\\MyProgram.exe"', $output, $return_var);
MyProgram.exe does not even execute at all. PHP throws empty output and return_var is -1073741502. I assume this is some sort of unhandled exception.
When executed through lsrunas:
$lastline = exec('D:\\lsrunas.exe /user:UserName /password:Password /domain:DOMAIN /command:"D:\\MyProgram.exe" /runpath:D:\\', $output, $return_var);
MyProgram.exe does not execute either. PHP throws empty output and return_var is 0.
Microsoft's built in runas command doesn't work because it doesn't accept password as a parameter.
Tried using different PHP functions like shell_exec, system and passthru
Tried creating a new Application Pool under IIS, to run the website under LOCAL SERVICE, SYSTEM, or a specific user.
EDIT: This is where I went wrong. It should work, but fails when Load User Profile setting is not enabled (step 3 in my answer).
Does anyone have working suggestions?
Note: All commands are working and tested through command line directly.
I kept digging and found out that the only thing that works is a dedicated application pool.
Create a new Application Pool under IIS
Set username and password in Advanced Settings > Identity > Custom account
Set Advanced Settings > Load User Profile to true (this one is important)
Choose this pool under Basic Settings of a site,
-or- for a better security:
. 5.Move all command-relatied code to one section within your website, convert it to application and apply that Application Pool to it. Then you can restrict any public access to that part and safely call that functionality from the other parts of your site.
Important note (!):
If you're running PHP via FastCGI, you must set fastcgi.impersonate = 0 in php.ini file.
Test batch file:
To test who is running the process you can save the following code to a *.bat file and call it from PHP.
#echo off
SET now=%date% %time%
SET out=[%now%] %userdomain%\%username%
echo %out%
echo %out% > D:\hello.txt
::msg * "%out%"
if %username%=="SpecificUser" (
exit /B 100
) else (
exit /B 200
)
Replace SpecificUser with your desired user name. Sometimes you'll see no output. The exit codes will help you then.
In case you can't see any output or exit code at all, this script will output the username to a text file. Replace D:\hello.txt with your desired path.
How do we determine which user the php script is running under when I run the script on server? Is it running under the same user as apache or phpmyadmin by chance? My question maybe wrongly framed but I want to know which user so that I set appropriate permission for different folders in /var
Execute whoami:
<?php echo exec('whoami'); ?>
If you have posix functions available (enabled by default in most Linux-based environments) then you can use posix_geteuid and posix_getpwuid to get the name of the user (at least in non-Windows environments) like so:
$pwu_data = posix_getpwuid(posix_geteuid());
$username = $pwu_data['name'];
Another (more expensive) way to do it would be to use a shell-executing function like exec to run whoami:
$username = exec('whoami');
or even the backticks (although you may need to trim the linebreak off):
$username = `whoami`;
I personally have only ever needed to get the username of the user running the script for PHP scripts that run in the shell (on the command-line). Typically, scripts that run in the process of building the response to a request that the web server is handling will be run as the web server user, such as www-data, apache, etc. In Apache, the user that runs the apache/httpd processes is set with the User directive.
Important note: get_current_user does NOT give you the username of the user running the script, but instead gives you the OWNER of the script. Some of the answers here (appropriately down-voted) are suggesting to use get_current_user, but that will not give you the username of the user running the current script.
Do not use "whoami". When you execute a process the user will not necessarily be the same as the effective user during running of a script. But in any case "id" would provide much more useful information. Instead call get_current_user(). So simple!
Use this:
echo get_current_user();
Make sure to read the comments because it looks like this answer doesn't actually do what you want.
Use this:
$_SERVER['REMOTE_USER'];
this variable may or may not be set.