start process as impersonated account for NETSH DHCP?

[Monroe]

Am trying to automatically query and update DHCP servers via a web
application with VB.NET. Testing with a privileged account, defined
thus in web.config:

<identity impersonate="true" userName="<domain>\<user>"
password="<password>" />

Have also modified machine.config thusly, and restarted IIS (but
haven't rebooted):

<processModel enable="true" ... userName="<domain>\<user>"
password="<password>" />

I can run NETSH commands interactively when logged in. Also, in code
below, I confirm that I am impersonating the user rather than running
as ASPNET. It still seems that the process is running with limited
rights of ASPNET; output reads: "Unable to determine the DHCP Server
version for the Server <ip>.Server may not function properly."

Dim proc As New System.Diagnostics.Process()
proc.StartInfo.FileName = "netsh"
proc.StartInfo.Arguments = "dhcp server <ip> show scope"
proc.StartInfo.WindowStyle =
System.Diagnostics.ProcessWindowStyle.Hidden
proc.StartInfo.UseShellExecute = False
proc.StartInfo.RedirectStandardOutput = True
proc.Start()
TextBox1.Text = proc.StandardOutput.ReadToEnd.ToString & " " &
System.Security.Principal.WindowsIdentity.GetCurre nt().Name.ToString
proc.Close()
proc.Dispose()

How can I ensure/confirm that the System.Diagnostic.Process is running
as the impersonated account, and not the parent? Assistance greatly
appreciated!

[Joe Kaplan \(MVP - ADSI\)]

Processes created by the Process class will be started with current process
token's account, not the impersonated account. The thing I don't understand
is why your ASP.NET worker process is still running as ASPNET as that change
should have allowed you to accomplish your goal. Is it possible that there
are multiple versions of the framework installed and you changed the wrong
config file? Is this IIS 6, 5.1 or 5? 6 doesn't use the processModel
section but is configured via the MMC in the AppPool settings.

Another good option I've seen for starting a process as a specific user is
to use WMI to accomplish this, but I haven't been able to find the code
sample that was posted here that shows how.

HTH,

Joe K.

"Monroe" <monroe.golden@bellsouth.com> wrote in message
news:722dd0b8.0411231227.48fba9ae@posting.google.c om...

> Am trying to automatically query and update DHCP servers via a web
> application with VB.NET. Testing with a privileged account, defined
> thus in web.config:
>
> <identity impersonate="true" userName="<domain>\<user>"
> password="<password>" />
>
> Have also modified machine.config thusly, and restarted IIS (but
> haven't rebooted):
>
> <processModel enable="true" ... userName="<domain>\<user>"
> password="<password>" />
>
> I can run NETSH commands interactively when logged in. Also, in code
> below, I confirm that I am impersonating the user rather than running
> as ASPNET. It still seems that the process is running with limited
> rights of ASPNET; output reads: "Unable to determine the DHCP Server
> version for the Server <ip>.Server may not function properly."
>
> Dim proc As New System.Diagnostics.Process()
> proc.StartInfo.FileName = "netsh"
> proc.StartInfo.Arguments = "dhcp server <ip> show scope"
> proc.StartInfo.WindowStyle =
> System.Diagnostics.ProcessWindowStyle.Hidden
> proc.StartInfo.UseShellExecute = False
> proc.StartInfo.RedirectStandardOutput = True
> proc.Start()
> TextBox1.Text = proc.StandardOutput.ReadToEnd.ToString & " " &
> System.Security.Principal.WindowsIdentity.GetCurre nt().Name.ToString
> proc.Close()
> proc.Dispose()
>
> How can I ensure/confirm that the System.Diagnostic.Process is running
> as the impersonated account, and not the parent? Assistance greatly
> appreciated!