How to run executable from PHP website as a specific Windows user?

Question

By default PHP runs under IUSR account. When executed directly:

$lastline = exec(\'D:\\\\MyProgram.exe\', $output, $return_var);

Answer 1

I kept digging and found out that the only thing that works is a dedicated application pool.

1. Create a new Application Pool under IIS
2. Set username and password in Advanced Settings > Identity > Custom account
3. Set Advanced Settings > Load User Profile to true (this one is important)
4. Choose this pool under Basic Settings of a site,

-or- for a better security:

. 5.Move all command-relatied code to one section within your website, convert it to application and apply that Application Pool to it. Then you can restrict any public access to that part and safely call that functionality from the other parts of your site.

Important note (!):

If you're running PHP via FastCGI, you must set fastcgi.impersonate = 0 in php.ini file.

---

Test batch file:

To test who is running the process you can save the following code to a *.bat file and call it from PHP.

@echo off
SET now=%date% %time%
SET out=[%now%] %userdomain%\%username%
echo %out%
echo %out% > D:\hello.txt
::msg * "%out%"

if %username%=="SpecificUser" (
  exit /B 100
) else (
  exit /B 200
)

Replace SpecificUser with your desired user name. Sometimes you'll see no output. The exit codes will help you then.

In case you can't see any output or exit code at all, this script will output the username to a text file. Replace D:\hello.txt with your desired path.