I have a web app that uses PHP on the back-end, and the PHP executes powershell scripts to reset AD passwords through system calls.
EX:
shell_exec("powershell.exe -file C:\inetpub\wwwroot\script.ps1 -param $var")
In order for me to get this to work I had to set the Anonymous Authentication user to run as an account with permissions to reset AD passwords. I did a bit of googleing about it and didn't find anything explicitly about not giving the Anonymous Authentication these kinds of rights but my gut instinct tells me this is a security problem. It works perfectly, however, and I'd like to keep it that way if I can. But I'd like to know whether or not this is a large security issue or horrible practice before I publish it.
