Applies ToGeneral

Summary

When attempting to call a Visual Basic Script from a Web server in the context of a CGI script, the script may fail to run properly. The most likely reason for this is that the scripting engine is typically executed in the security context of the IUSR_Machine created by IIS when it is installed.Unfortunately, the Cscript.exe (the scripting engine) requires the presence of certain registry entries for IUSR_Machine user. Since a HKEY_CURRENT_USER hive is not available for the IUSR_Machine, IIS will load the HKEY_USERS\.DEFAULT hive in its place. However, the HKEY_USERS\.DEFAULT hive does not contain the neccessary keys and entries for the scripting engine. In these cases, a CGI error will occur, without any additional information. Or if the Cscript.exe file was launched in batch mode, an error will appear indicating it was unable to load the settings for the specified user. This document will show how to configure the IIS machine to allow Visual Basic Scripts to be executed as a CGI script.

More Information

This article assumes that the Windows Script Host is installed on the IIS server machine; the default installation option of NT Option Pack will do this.Use the following steps to enable VBScript support:

  1. Open a command prompt. To do this, follow these steps:

    1. Click Start, and then click Run.

    2. Type cmd, and then click OK.

  2. Locate the Inetpub\AdminScripts folder. (This location may vary depending on your installation of Internet Information Server).

  3. Type the following commands:

    cscript adsutil.vbs SET w3svc/CreateCGIWithNewConsole "1"

    cscript adsutil.vbs SET w3svc/CreateProcessAsUser "0"

  4. Configure the .vbs extension to be mapped to the Cscript.exe located in the %SYSTEMROOT%\System32 directory. Do this through the Microsoft Management Console. Specifically, the configuration steps for IIS4 are as follows:

    1. Run the IIS4 Management Console application.

    2. Edit the properties for your Web site (right-click on your Web site in the tree display and select Properties).

    3. Select the Home Directory tab.

    4. In the Application Settings box, select Configuration.

    5. On the App Mappings tab select Add.

    6. The executable will be the following on a WinNT 4.0 machine (make sure to use correct path to Cscript.exe on your WinNT installation):

      C:\WINNT\system32\CSCRIPT.EXE.exe %s %s

    Enter .vbs for the extension.

    1. Make sure that the Script Engine and Check that files exists check boxes are selected.

    2. Save the file by clicking OK, Apply, OK, and OK again.

  5. Using the Registry Editor, create the following Keys and Entries:

    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Script HostHKEY_USERS\.DEFAULT\Software\Microsoft\Windows Script Host\Settings

    Verify that Everyone has Read access to these two keys.Now create the following entries under:

    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Script Host\SettingsBatchMode: REG_DWORD: 0DisplayLogo: REG_DWORD: 0Timeout: REG_DWORD: 0
  6. Now copy the .vbs script file to a virtual directory on the server which has execute/script permissions. By default the /scripts directory will have the neccessary permissions.

You should be able to test whether the configuration works or not by creating the following script:

Option ExplicitWScript.Echo "Content-Type: text/html"WScript.EchoWScript.Echo "If you see this, it worked."

Save the above script in the /scripts directory as Test.vbs. Now invoke the script using any browser with the following URL:

http://server/scripts/test.vbs.

NOTE: Similar limitations apply to all situation where a Cscript.exe script is launched from the security context of a local system or a local system impersonating a user. The above changes to the Registry should remedy these situations.

References

Microsoft Internet Information Server Online Documentation.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.