Python’s urandom as non-admin

A few weeks ago I set up a new mercurial server fronted by “hgweb-cgi”. The application pool is, as python 2.66, in x64 mode. It has a dedicated ad account from the Managed Service Accounts OU. I set the privileges to deny logon locally and run as service and batch. Everything works fine… until you want to push: HTTP 502 Bad Gateway. IIS failed request tracing lead me to the relevant python source line: So I opened up the file in notepad and looked at the line… The “_urandom” is the one that’s breaking the thing. So I took a look at the os.py from the lib directory. Funky nice UNIX path. So I tried to create the directory “C:\dev\” set permission to everybody “full access” and added a dummy file called “urandom” - Still no success. I ended up with editing the Random.py: I’m amazed shocked that I need to edit the base library file.