Vista UAP is blocking my ASP application

Discussion in 'Windows Vista Security' started by John, Jul 7, 2006.

  1. John

    John Guest

    Hi,

    I have an ASP (not an ASP.NET) application accessing Sql Server 2005
    database installed in Vista Beta 2 (Build : 5384). I am unable to access my
    application in server. UAP is blocking my application. I dont want to change
    system level UAP configuration using msconfig or secpol.msc.
    Can any one suggest me some idea to change application level UAP
    configuration, so that I can access by ASP application.

    Thanks in Advance.

    -John-
     
    John, Jul 7, 2006
    #1
    1. Advertisements

  2. John

    Jimmy Brush Guest

    Why do you think UAC is blocking your ASP application?

    - JB
     
    Jimmy Brush, Jul 7, 2006
    #2
    1. Advertisements

  3. John

    Robin Guest

    Have you tried running the ASP appilcation as a system administrator? I
    presume you are presently running it as a regular user?
     
    Robin, Jul 7, 2006
    #3
  4. John

    John Paul. A Guest

    Hi,

    Thanks for your reply.

    My ASP application is accessing data from Sql Server 2005 database (It is
    just .asp pages in the inetpub directory). When I log in as Administrator, my
    application is working fine.
    I added my domain account (domain\john) in the Administrators group and I
    logged in as domain\john. When I access my application in the server, it is
    giving me the following error. (But, I can able to access my application in
    the client.)

    Microsoft SQL Native Client error '80004005'
    SQL Network Interfaces: Error Locating Server/Instance Specified [xFFFFFFFF].

    When I disable UAP, it is working fine in server and client irrespective of
    the logged in account (either administrator or domain\john)

    -John-
     
    John Paul. A, Jul 11, 2006
    #4
  5. John

    John Paul. A Guest

    Hi,

    Thanks for your reply.

    My ASP application is accessing data from Sql Server 2005 database (It is
    just .asp pages in the inetpub directory). When I log in as Administrator, my
    application is working fine.
    I added my domain account (domain\john) in the Administrators group and I
    logged in as domain\john. When I access my application in the server, it is
    giving me the following error. (But, I can able to access my application in
    the client.)

    Microsoft SQL Native Client error '80004005'
    SQL Network Interfaces: Error Locating Server/Instance Specified [xFFFFFFFF].

    When I disable UAP, it is working fine in server and client irrespective of
    the logged in account (either administrator or domain\john)

    -John-
     
    John Paul. A, Jul 11, 2006
    #5
  6. John

    Jimmy Brush Guest

    Ok, interesting behavior ...

    I'm afraid I don't know much about configuration of ASP or SQL Server, but
    my guess is that either the IIS process that executes your ASP application
    or the SQL Server process(es?) is running in the context of a user who is a
    member of the administrators group.

    Here's my suggestions ...

    1) Make sure SQL Server is not running as an account that is a member of the
    Administrators group

    - Go to the Services MMC snapit (click start, type services, and then press
    enter)
    - Find the SQL server service entries
    - Right-click it, and click Properties
    - Click the Log On tab
    - If it is set to log in as a user who is a member of the administrator
    group, change the login info to that of "the" administrator, or one of the
    "local service" type accounts or local system (you may have to use the
    latter to get it to work, I'm not 100% sure of the bahavior of UAC in this
    case)

    2) Make sure IIS and your website are not running as an account that is a
    member of the Administrators group

    I'm not familiar with how IIS executes ASP scripts and how it determines
    what user context they run in. I would check the services entries for IIS as
    well as the IIS Manager snapin, using the same advice as above.

    Also, changing these settings probably has security implications that I am
    not aware of. I would suggest bugging this with the feedback tool on your
    desktop so hopefully Microsoft can get this to work out of the box by
    release :)

    - JB
     
    Jimmy Brush, Jul 11, 2006
    #6
  7. John

    John Paul. A Guest

    Hi JB,
    Thanks for your suggestions. Cheers!.. It is working now. I am getting the
    result. I changed the permission for the SQL Server and enabled the TCP/IP
    for my instance. It is working :)

    But only one problem persists...

    One of my ASP page calls a C++ dll that has some business logic and this dll
    fills the SQL Server 2005 database

    NOTE : When I access the page, it is giving me "Request Timed out" error
    when I logged in as domain\user.
    It is working fine when I logged in as MachineName\Administrator. [This, I
    dont want to do]
    It is working when I add "http://localhost" as a trusted site. [This, I dont
    want to do]
    It is working fine when I disable UAP. [This, I dont want to do]

    Can you pl. suggest me some solution for this problem.

    Thanks in Advance.

    -John-
     
    John Paul. A, Jul 11, 2006
    #7
  8. John

    Jimmy Brush Guest

    Ok ... Try this:

    - Click Start
    - Type: IIS Manager
    - Press enter
    - Expand your computer in the left pane
    - Expand Web Sites
    - Click on your web site
    - double-click CGI in the middle pane
    - Change Impersonate User to False

    Hopefully that will work :)

    - JB
     
    Jimmy Brush, Jul 11, 2006
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.