Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • September 04, 2015, 11:38:28 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Processes running as IUSR_SERVER  (Read 7974 times)

benwylie

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 15
    • View Profile
    • Donate to Member
Processes running as IUSR_SERVER
« on: May 01, 2005, 03:58:23 PM »
Has anyone discovered how to get Process Tamer to be able to control processes which are run by the IUSR_SERVER user which is the anonymous internet user. I have processtamer running as a system service, so under the SYSTEM user, which i would have thought would be able to change the priority of those processes, as it is able to change the priority of processes running as Administrator.

PT is running as SYSTEM, and works well with other processes running as SYSTEM. If a process is running as ADMINISTRATOR its process priority is modified initially, but if it gets changed for whatever reason, it is not automatically reset to the priority PT is meant to force it to. Is there a reason for this? With processes running as SYSTEM, if their priority is manually changed, PT will automatically force it back to the set priority.

I am also unclear as to whether it is meant to be able to alter the priority of processes running as NETWORK SERVICE.

Any thoughts on any of these?

Cheers,
Ben

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 35,012
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Donate to Member
Re: Processes running as IUSR_SERVER
« Reply #1 on: May 01, 2005, 04:00:20 PM »
there are some tools for running an exe as a service..
maybe that would give it enought permission?
im not very good with permissions

Sentinel

  • Columnist
  • Joined in 2005
  • ***
  • Posts: 130
  • Generally confused
    • View Profile
    • www.donationcoder.com
    • Donate to Member
Re: Processes running as IUSR_SERVER
« Reply #2 on: May 10, 2005, 01:38:39 PM »

Yes, the only way for Process Tamer to control processes running as other users is to run a copy of Process Tamer as that user, so it has the ability to interact with that particular users processes.

As mouser said, you may be able to run the tray program as a service.  Alternatively you could run the process directly using 'runas'.  If you want the tray program to run automatically as a different user every time you start your server you could use RunAsPro or TQCRunAs.  I don't think that it is possible to run multiple copies of the ProcessTamerTray.exe, so it will only work for one user at the time.  That is unless mouser adds an option to run multiple instances.  ;)

TQCRunAs http://www.quimeras.com
RunAs Professional http://www.mast-comp...er.com/c_9-l_en.html
MakeService http://www.bitsum.com/ (I've found this to work well in the past and it is free!)

I hope this is of some help.
Designated "proofreading free" zone.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 35,012
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Donate to Member
Re: Processes running as IUSR_SERVER
« Reply #3 on: May 10, 2005, 01:58:28 PM »
first let's hear if running it as system service solves the problem.

if not.. one thing that could be done is just run 1 copy of process tamer, but have it invoke a commandline separate program using something like a RunAs, that would lower a target program's priority.

ie, i could make it so that process tamer tries to run a special helper utility as the same user as the target process, for thse kinds of processes.  however if running process tamer as a service solves this, that would be a much easier solution..

tenseiken

  • Columnist
  • Joined in 2005
  • ***
  • Posts: 136
    • View Profile
    • Boredom Solutions
    • Donate to Member
Re: Processes running as IUSR_SERVER
« Reply #4 on: May 10, 2005, 06:43:00 PM »
I know that there are 3rd party ways to do this (srvany.exe), but maybe in an upcoming version, you could have an option in the installation to have it run as a service.  Might make it easier for everyone.
-John

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 35,012
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Donate to Member
Re: Processes running as IUSR_SERVER
« Reply #5 on: May 10, 2005, 06:51:12 PM »
well we dont know if this works yet.  if running as a service solves the problem, then i can add help for this.

tenseiken

  • Columnist
  • Joined in 2005
  • ***
  • Posts: 136
    • View Profile
    • Boredom Solutions
    • Donate to Member
Re: Processes running as IUSR_SERVER
« Reply #6 on: May 11, 2005, 12:18:57 AM »
Well, I guess I was kind of derailing the topic.  Sorry about that.  Even if it doesn't solve the problem, it would be a neat addition.
-John

Sentinel

  • Columnist
  • Joined in 2005
  • ***
  • Posts: 130
  • Generally confused
    • View Profile
    • www.donationcoder.com
    • Donate to Member
Re: Processes running as IUSR_SERVER
« Reply #7 on: May 11, 2005, 01:32:49 AM »
I get a feeling that running the Tray as a service will only fix the problem for the user account that the service runs as (either LocalSystem or whichever credentials are specified for the service).  This should be ok for taming specific applications such as IIS on a dedicated server, but will not be a universal solution for machines running processes as many different users.  Citrix/Terminal Services is probably the best example of multiple users running processes this way.

I'll test this at work on Citrix and a 2003 application server and post some conclusive results tonight.
Designated "proofreading free" zone.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 35,012
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Donate to Member
Re: Processes running as IUSR_SERVER
« Reply #8 on: May 11, 2005, 02:19:00 AM »
yes, that is the critical question..
is there a way to run it as a service with uber permissions to modify all exes.
or does it have to run as a specific service tied to the target.

if the latter, then the only way i see to fix it is to make a little commandline helper util with same taming abilities, which the main process tamer could launch as a specific user, when targetting specific services. sounds a little involved unless this is something really needed.

Sentinel

  • Columnist
  • Joined in 2005
  • ***
  • Posts: 130
  • Generally confused
    • View Profile
    • www.donationcoder.com
    • Donate to Member
Re: Processes running as IUSR_SERVER
« Reply #9 on: May 11, 2005, 03:20:41 AM »

Unfortunately I believe it is the latter, but I'll confirm this from one of my contacts at Microsoft.
Designated "proofreading free" zone.

Sentinel

  • Columnist
  • Joined in 2005
  • ***
  • Posts: 130
  • Generally confused
    • View Profile
    • www.donationcoder.com
    • Donate to Member
Re: Processes running as IUSR_SERVER
« Reply #10 on: July 01, 2005, 03:47:20 PM »
It appears I was dead wrong on this.  I'm *still* waiting for some accurate feedback from Microsoft (and I do have some very good contacts there - yet it appears their own OS is a little complex for them ;) ).  It appears that it is possible for sessions owned by a user other than that which spawned a process can legitimately alter a processes settings.  Some of  this may be due to Local Security Settings, but I think some of it may be the result of features added to Windows in more recent times, such as 'Show processes from all uses'.  The fact that Process Tamer cannot see these appears to be the first stumbling block.

Mouser, it may be worth mailing JC from Bitsum (some excellent products for anyone interesting in EXE compression or process handling) to see how he avoided this problem with Process Lasso.
Designated "proofreading free" zone.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 35,012
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Donate to Member
Re: Processes running as IUSR_SERVER
« Reply #11 on: July 01, 2005, 04:15:18 PM »
im friends with jc so i will ask him :)
he's a good guy btw, and very knowledgeable.

(he coded one of the coding snacks btw, ROFUS).

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Donate to Member
Re: Processes running as IUSR_SERVER
« Reply #12 on: July 06, 2005, 02:08:00 PM »
Oh, does Process Lasso work for this? ;p.

Mouser, perhaps you need to acquire the SE_DEBUG priveledge at runtime?

Latez,
Jeremy