I kept digging and found out that the only thing that works is a dedicated application pool.
- Create a new Application Pool under IIS
- Set username and password in
Advanced Settings > Identity > Custom account
- Set
Advanced Settings > Load User Profile
totrue
(this one is important) - Choose this pool under Basic Settings of a site,
-or- for a better security:
. 5.Move all command-relatied code to one section within your website, convert it to application and apply that Application Pool to it. Then you can restrict any public access to that part and safely call that functionality from the other parts of your site.
Important note (!):
If you're running PHP via FastCGI, you must set fastcgi.impersonate = 0
in php.ini
file.
Test batch file:
To test who is running the process you can save the following code to a *.bat
file and call it from PHP.
@echo off
SET now=%date% %time%
SET out=[%now%] %userdomain%\%username%
echo %out%
echo %out% > D:\hello.txt
::msg * "%out%"
if %username%=="SpecificUser" (
exit /B 100
) else (
exit /B 200
)
Replace SpecificUser
with your desired user name. Sometimes you'll see no output. The exit codes will help you then.
In case you can't see any output or exit code at all, this script will output the username to a text file. Replace D:\hello.txt
with your desired path.