I've changed the default administrator account name to increase security on a Windows Server 2019, but now I can't run anymore some applications, like:
Uninstall programs
The default search bar in the taskbar
Administrative tools
How can I solve it?! I can't even find a way to start the "run" window to run secpol.msc and try to restore the original username.
I've tried using powershell, but it tels me the command is wrong:
C:\Users\Administrator> Rename-LocalUser -UserName 'Administrator79' -NewUserName 'Administrator'
Rename-LocalUser : A parameter cannot be found that matches parameter name 'UserName'.
At line:1 char:18
+ Rename-LocalUser -UserName 'Administrator79' -NewUserName 'Administra ...
+ ~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Rename-LocalUser], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.RenameLocalUserCommand
Please help me, I've the server stucked!
Right click on My computer > computer management > local users and
groups
Then select your user and provide administrative rights.
I hope it will work for you
Solved by running secpol.msc from the PowerShell and then changing back the Administrator name to its original name
Related
I've launched a new AWS EC2 instance (m5.large) based on Matillion's latest AMI (Matillion v1.56.9). The instance is coming up fine and I can reach Matillion's login page at https://[internal IP], but I cannot login with the default credentials which are supposed to be "ec2-user" and the instance id ("i-xxxxxx"). Error message is "Invalid username or password".
The EC2 instance has no public IP, that's why I use a private IP.
I can also ssh into the instance.
Can anyone help me find out why login using the default user doesn't work?
I believe the way it's supposed to work is at first boot the ec2-user password in /usr/share/tomcat8/conf/tomcat-users.xml gets set to the sha512sum of the instance ID. As per your comment Tobie that's a good spot but I think the Matillion documentation is just out of date there, from right back when instance IDs really were just 10 characters long!
I guess it uses the instance metadata service v1 to do that, so if IMDS v1 is not available it might not get created correctly.
In any case, as long as you can SSH into your server and the Admin / User Configuration is in Internal mode (which is the default)
you can fix the password manually like this...
Become root with sudo -i
Create the sha512sum of your chosen password like this.
echo -n "schepo" | sha512sum
Make sure you use the -n otherwise it adds a newline and gets the hash wrong. Mine comes out like 55aa...a1cf -
Then stop Tomcat so you can update the password
systemctl stop tomcat8
Fix the relevant line in /usr/share/tomcat8/conf/tomcat-users.xml or add a new one. You have to be really careful to keep the XML valid. Mine ends up like this:
<user username="schepo" password="55aa00778ccb153bc05aa6a8d7ee7c00f008397c5c70ebc8134aa1ba6cf682ac3d35297cbe60b21c00129039e25608056fe4922ebe1f89c7e2c68cf7fbfba1cf" roles="Emerald,API,Admin"/>
Then restart Tomcat
systemctl restart tomcat8
It normally takes about 60 seconds to restart. After that you should be able to login via the UI with your new user and/or password.
I am trying to get a federated user access to AWS API using PowerShell. (Link provided below)
AWS is properly configured to work with AD. (It works for bunch of my colleagues)
I am using PowerShell script to access the AWS API's.
The problem occurs when I try to run the command Set-AWSSamlRoleProfile.
Error:
C:\Windows\system32> Set-AWSSamlRoleProfile -EndpointName $EndpointName -PrincipalARN $PrincipalARN -RoleARN $RoleARN -StoreAs 'SAMLUser' > $null
Set-AWSSamlRoleProfile : Unable to set credentials: "choices" should have at least one element.
At line:1 char:1
+ Set-AWSSamlRoleProfile -EndpointName $EndpointName -PrincipalARN $Pri ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (Amazon.PowerShe...leProfileCmdlet:SetSamlRoleProfileCmdlet) [Set-AWSSamlRoleProfile], ArgumentException
+ FullyQualifiedErrorId : ArgumentException,Amazon.PowerShell.Common.SetSamlRoleProfileCmdlet
Any help or guidance appreciated.
In my case, the issue was that the user (me) was not part of the group by AD.
Hope it helps someone else.
I've just had a bit of fun trying to connect to a new VM I'd created, I've found loads of posts from people with the same problem, the answer details the points I've found
(1) For me it worked with
<VMName>\Username
Password
e.g.
Windows8VM\MyUserName
SomePassword#1
(2) Some people have just needed to use a leading '\', i.e.
\Username
Password
Your credentials did not work Azure VM
(3) You can now reset the username/password from the app portal. There are powershell scripts which will also allow you to do this but that shouldn't be necessary anymore.
(4) You can also try redeploying the VM, you can do this from the app portal
(5) This blog says that "Password cannot contain the username or part of username", but that must be out of date as I tried that once I got it working and it worked fine
https://blogs.msdn.microsoft.com/narahari/2011/08/29/your-credentials-did-not-work-error-when-connecting-to-windows-azure-vms/
(6) You may find links such as the below which mention Get-AzureVM, that seems to be for classic VMs, there seem to be equivalents for the resource manager VMs such as Get-AzureRMVM
https://blogs.msdn.microsoft.com/mast/2014/03/06/enable-rdp-or-reset-password-with-the-vm-agent/
For complete novices to powershell, if you do want to go down that road here's the basics you may need. In the end I don't believe I needed this, just point 1
unInstall-Module AzureRM
Install-Module AzureRM -allowclobber
Import-Module AzureRM
Login-AzureRmAccount (this will open a window which takes you through the usual logon process)
Add-AzureAccount (not sure why you need both, but I couldn’t log on without this)
Select-AzureSubscription -SubscriptionId <the guid for your subscription>
Set-AzureRmVMAccessExtension -ResourceGroupName "<your RG name>" -VMName "Windows8VM" -Name "myVMAccess" -Location "northeurope" -username <username> -password <password>
(7) You can connect to a VM in a scale set as by default the Load Balancer will have Nat Rules mapping from port onwards 50000, i.e. just remote desktop to the IP address:port. You can also do it from a VM that isn't in the scale set. Go to the scale set's overview, click on the "virtual network/subnet", that'll give you the internal IP address. Remote desktop from the other one
Ran into similar issues. It seems to need domain by default. Here is what worked for me:
localhost\username
Other option can be vmname\username
Some more guides to help:
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/quick-create-portal#connect-to-virtual-machine
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/connect-logon
In April 2022 "Password cannot contain the username or part of username" was the issue.
During the creation of VM in Azure, everything was alright but wasn't able to connect via RDP.
Same in Nov 2022, you will be allowed to create a password that contains the user name but during login it will display the credential error. Removing the user name from the password fixed it.
I tried creating a Windows service in C++ using this code sample on MSDN. I opened the solution file in Visual Studio 2013 as admin. The build was successful. Then I installed the service, as per the description provided with the code sample, from a command prompt opened as administrator. The service is now shown in the Services tool in my system. However, when I try to start the service, I get error 5: Access is denied.
The output of sc qc CppWindowsService is as follows:
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: CppWindowsService
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Users\Aaa\Documents\CppWindowsService\C++\Debug\CppWindowsService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : CppWindowsService Sample Service
DEPENDENCIES :
SERVICE_START_NAME : NT AUTHORITY\LocalService
Why does this happen, and how can I fix it?
Because the executable file is in your personal Documents folder, the local service account doesn't have access to it.
The easiest resolution would be to change the permissions on the Debug folder to give SERVICE read and execute access, with inheritance enabled. From the command line:
icacls Debug /grant SERVICE:(OI)(CI)(RX)
(Because Windows does not do traverse checking in the default configuration, you do not need to change the permissions for the parent folders.)
Another option is to copy the executable file to a public location (such as inside Program Files) and install it there, but you then have to remember to manually update the copy each time you recompile.
Edit: yet another option, as you suggest, is to change the account to local system so that the service is running with administrative privileges. Best practice is to run services with the least privilege necessary, but at this stage it doesn't matter much.
The comment provided by #Pumkko helped to solve the issue... The service account was specified as LocalService (#define SERVICE_ACCOUNT L"NTAUTHORITY\\LocalService"). From here:
The Local Service account didn't have permissions to the output .exe
file, and this was why the error was occuring.
I changed the account type to LocalSystem (#define SERVICE_ACCOUNT L"LocalSystem") and now my service can be started.
Thankyou #Pumkko and #Harry Johnston.
I would like to list all Modern UI apps installed on my Windows 8 machine.
Is there a way to list all installed Modern UI apps from a standard desktop application (with administrator permissions).
You can do this with Powershell and the Get-AppxPackage command.
Nigel has the correct answer ;)
This is a complement to launch automatically with administrator permissions :
(I'm using this trick a few month ago, so i don't have any longer the source. I will edit this post if I'll found it.)
# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))
{
# We are running "as Administrator" - so change the title and background color to indicate this
$Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
$Host.UI.RawUI.BackgroundColor = "DarkBlue"
clear-host
}
else
{
# We are not running "as Administrator" - so relaunch as administrator
# Create a new process object that starts PowerShell
$newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
# Specify the current script path and name as a parameter
$newProcess.Arguments = $myInvocation.MyCommand.Definition;
# Indicate that the process should be elevated
$newProcess.Verb = "runas";
# Start the new process
[System.Diagnostics.Process]::Start($newProcess);
# Exit from the current, unelevated, process
exit
}
# List all apps
Get-AppxPackage -AllUsers