How can I disable command shell from within IIS?

A. Its possible to use #exec commands from within a HTML page to enable calling commands on the web server. By default this is enabled in IIS 4.0 but DISABLED by default in IIS 5.0. The default state change was changed to prevent the running of unauthorized server-side executables. To manually set/confirm the state perform the following:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters
  3. If SSIEnableCmdDirective does not exist create it of type REG_DWORD
  4. Double click SSIEnableCmdDirective value and set to 1 to enable or 0 to disable. Click OK
  5. Close the registry editor
  6. Stop and start the WWW service (or reboot) for the change to take effect

To stop and start from the command line perform the following:

C:\&gt;<b> net stop w3svc</b><br>
C:\&gt;<b> net start w3svc</b>

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish