It might actually be a Good Thing™ that the 2008 server has better security than the 2003 model. The fact that it gets in the way of doing what you need to do is sad, but it might be even sadder if, by allowing needful things to be easier for you, it also allowed bad things to be easier for bad people.
If the "web-server-userid" vs. "admin-user-id" conflict is the problem, I wonder if there might be a way to run a daemon process on the 2008 server (under the admin account) that, say, monitors a directory, and if anything gets placed in that directory, it reads it as a set of dnscmd instructions and runs them.
If you promise to be very careful about setting up that directory, and configuring the web-server process that could place files into that directory, then you might be able to do what needs to be done without completely defeating the "enhanced security" of the 2008 system.
(Update: you would of course also need to be very careful about setting up the admin daemon process - basically, you want to make sure that both processes are very rigorously scrupulous about what can be placed into that directory and what kinds of actions can be taken as a result. Every conceivable safeguard is needed, and the lingering problem is the set of exploits that someone else could conceive before you do.)
Again, I'm not a windows guy - and I'm quite poorly informed about DNS security issues in general. Please keep looking for advice from a "higher authority." (Not just perl hackers, but also real sysadmins with windows 2008 experience.)
In reply to Re^3: DNSCMD will not work in Perl script
by graff
in thread DNSCMD will not work in Perl script
by velocitygirl13
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |