Local Security policy using WMI - wmi

I need to retrieve list of users/groups who have access to perform volume maintain tasks using WMI objects on remote machine.
What I can do it explicitly is
On the Start menu, click Run. In the Open box, type secpol.msc.
Expand Local Policies.
Select the User Rights Assignment folder. The policies will be displayed in the details pane.
In the pane, double-click Perform Volume Maintenance Tasks.
In properties window, I can see user/group list who have access.
I need to get this exact list using WMI call in my C# application.

In order to get or modify the values of the windows security policy you must access the windows registry. Now to find the exact key which store the values which you are looking for you must check the Group Policy Settings Reference for Windows and Windows Server which contains a excel file with all the group policy settings and the location in the windows registry.

Password Policy, Account lockout policies are a part of secured registry settings. It cannot be read remotely until explicit permissions are given.

FYI that document doesn't actually work fully. Manually editing the values do not actually change the gp setting (still shows not set in gpedit), yet it does restrict the process you are setting. Also, if you manually set the value with gpedit while running procmon, the key it is hitting is not as listed in the document.

Related

How do I prevent Google Compute from creating new users when creating a new instance

I am using Packer to generate an image on the Google Cloud Platform. I want to use this image to create pre-provisioned instances that are configured for our build pipeline and projects.
As part of my provisioning, I set up a bunch of users and associated SSH keys. Most, if not all, of these users, already exist within GCP, and when the build instance is spun up the /home directory is already filled with user home directories (presumably GCP users). this is fine, my provisioning process merely adds some files and authorizes some SSH keys.
I debugged Packer's build process by SSH'ing into the build instance Packer created (using the same SSH key Packer is using) and manually verified each step completed as expected – it did. The relevant user home directories were there and contained the correct files as well as had the right keys set in authorized_keys. Furthermore, I verified each user's SSH configuration was valid by SSH'ing into the machine using that user's username and key – also worked.
At the end of the build process, my user directories are exactly how I want them to be, and each user could access the instance no problem. Packer completes its job, saves a snapshot, and destroys the build instance.
However, when I create a new instance from the image my user directories are bulldozed, I think (I can't actually access this new instance using the SSH users and keys I previously provisioned). I assume that GCP has helpfully bulldozed my /home directory and set it up again, erasing the changes made during provisioning.
Am I correct in this assumption (I can't connect to actually verify it), and if so is there a way I can instruct GCP to not set up users?
I have tried blocking project wide keys but that didn't seem to make a difference.
I don't think this is a Packer problem, but perhaps some metadata can be set when creating the instances?
Solved.
This was a two part problem: part missing a nuance in the docs and part face-palm.
Nuance: When setting block-project-ssh-keys the value must be "true", and not true.
Face-palm: Use the right image when you create a new instance.

Sitecore SIM Installation permission error

I am trying to install SIM version 13 rev 1404021 using Administrative priveleges
When i click on Grant button it give me error that " you dont have neccessary permission set".
Also i have given full permission to Network Service,IUSR, IIS_USR and network to the folder
C:\Inetpub\wwwroot
Kindly let me know whate else permission need to be given inorder to run sitecore instance manager succesfully.
It may be caused by bug in SIM that doesn't get actual SQL Server user account (LocalService or custom) and thinks that it is always NetworkService. So work around is to switch your SQL Server service from using LocalService or custom account to NetworkService.
Same context with Alen's answer, but in windows 10.
Use 'Local System account' and tick the 'Allow service to interact with desktop'.
Then, restart the service.
At this point, you don't need to reopen the SIM installation window. You can just click the Grant button and it would work.
Well, for me the issue was that the database user didn't have the dbcreator role so the wizard couldn't create databases in SQL Server.
Open SQL Server Management Studio
Expand Security > Logins
Double-click on the user to open the properties dialog
In Server Roles, check the dbcreator role
Press OK and enjoy
Source: http://sitecoreblog.patrickperrone.com/2015/04/a-simple-error.html
When you downloaded the SIM zip file from Marketplace, did you click "Properties" on the zip file and click the "Unblock" button before unzipping and running it?
I've found in the past that forgetting this step can be the cause of odd security related errors with applications.
I ran across a similar issue I had, but for me root issue was that the wwwroot folder was on a VM/Parallels and that folder was marked "compress" and "archive"
unset that for wwwroot and child items, and then SIM proceeded correctly.

How to get a list of Group Policy Objects applied to local workstation

My Windows service application runs on workstations belonging to the Active Directory domain. Once in a while I get user questions about some features of my program not working. Upon further investigation it usually turns out that certain Group Policy Object (GPO) settings are to blame.
So I was thinking, is there a way to list all GPOs applied to a local/member workstation? (I can then store them in the log file and quickly refer to it later if the problem comes up.)
The main problem is, that "group policy" is just a good name... it consists of many individual registry entries... the only way to see this is to dump all these indivudual registry entries...
A starting point might be:
Group Policy Registry Table
Group Policy Registry Key Entries for Windows 7/Vista/XP and Server
Alternatively you can use the GPO API (which might be a better starting point):
GetAppliedGPOList
You can check it by simple windows command "gpresult".
Just open console and type gpresult /r /scope computer and you can get your result.

Read and set Group Policy settings from C++ program

I have a standalone Windows-NT based machine (not connected to any network) and I want to be able to read and later set the Group Policy settings via a C++ program.
Here's what I would do manually. Run gpedit.msc as administrator, then say I want to prevent users from accessing registry. So in the "Local Group Policy Editor" I'll go to
User Configuration -> Administrative Templates -> System -> "Prevent access to registry editing tools"
and set it to Enabled.
Is there any way to do the same from a C++ program? Any code samples would be greatly appreciated!
You can use the Group Policy API.

Is there any way to read password policies via the WMI RSOP_XXX classes?

Those all reside in the root\RSOP\Computer namespace. The only class from which I got non-empty results is RSOP_RegistryPolicySetting, and that one only gave me settings for Windows Update and System Restore configuration.
I do know there are password policies in our network (age, length etc), but queries on the following classes only gave empty resilts:
RSOP_ScriptPolicySetting
RSOP_SecuritySettingNumeric
RSOP_SecuritySettingBoolean
RSOP_SecuritySettingString
Does it have to be via WMI?
If you're running a domain, Microsoft's Scripting Guys have an article How Long Until My Password Expires?... but it uses ADSI to read policies from Active Directory, rather than policies on the local machine.