do u know perhaps a way (via script or program) to find out if e.g. a WMI script runs from a remote PC1 and performs some tasks in another PC2 when I am seating in a third PC: PC3
Assume that all PC belong to the same network and domain and have windows xp installed.
The reason for this that I administer a small network and I think that one student shuts down the PC where another student works, via WMI scripting.
Is there a way to monitor (via script or program) such a thing, without disabling wmi remote access.
Thanks everybody
You can get the credentials used to perform the shutdown by looking at verbose WMI logs.
1) Enable verbose WMI logging
Run 'Wmimgmt.msc' (also available under My Computer > 'Manage' > 'Services and Applications' > 'WMI Control')
Select 'WMI Control (Local)', right click --> select 'Properties'
Select 'Logging' Tab, set 'Logging level' to Verbose
2) Look at the WMI log files (Default location: %WINDIR%\system32\wbemLogs) to see record of remote access and actions taken. Specifically, look at wbemcore.log
Example: When I logged in remotely I saw the following entry [<domain> and <username> here were the real ones used for the remote connection]:
(Thu Aug 13 <time>) : DCOM connection from <domain>\<username>
at authentiction level Packet, AuthnSvc = 9, AuthzSvc = 1, Capabilities = 0
Then, to execute the WMI method the student would need to GetObject Win32_OperatingSystem, which showed up like this:
(Thu Aug 13 <time>): CALL CWbemNamespace::GetObject
BSTR ObjectPath = win32_operatingsystem
long lFlags = 0
And finally you'd look for executing the Win32Shutdown method, which should log something like this:
(Thu Aug 13 <time>) : CALL CWbemNamespace::ExecMethodAsync
BSTR ObjectPath = Win32_OperatingSystem
BSTR MethodName = Win32Shutdown
Related
my project using QTcpSocket and the function setSocketDescriptor(). The code is very normal
QTcpSocket *socket = new QTcpSocket();
socket->setSocketDescriptor(this->m_socketDescriptor);
This coding worked fine most of the time until I ran a performance testing on Windows Server 2016, the crash occurred. I debugging with the crash dump, here is the log
0000004f`ad1ff4e0 : ucrtbase!abort+0x4e
00000000`6ed19790 : Qt5Core!qt_logging_to_console+0x15a
000001b7`79015508 : Qt5Core!QMessageLogger::fatal+0x6d
0000004f`ad1ff0f0 : Qt5Core!QEventDispatcherWin32::installMessageHook+0xc0
00000000`00000000 : Qt5Core!QEventDispatcherWin32::createInternalHwnd+0xf3
000001b7`785b0000 : Qt5Core!QEventDispatcherWin32::registerSocketNotifier+0x13e
000001b7`7ad57580 : Qt5Core!QSocketNotifier::QSocketNotifier+0xf9
00000000`00000001 : Qt5Network!QLocalSocket::socketDescriptor+0x4cf7
00000000`00000000 : Qt5Network!QAbstractSocket::setSocketDescriptor+0x256
In the stderr log, I see those logs
CreateWindow() for QEventDispatcherWin32 internal window failed (Not enough storage is available to process this command.)
Qt: INTERNAL ERROR: failed to install GetMessage hook: 8, Not enough storage is available to process this command.
Here is the function, where the code was stopped on the Qt codebase
void QEventDispatcherWin32::installMessageHook()
{
Q_D(QEventDispatcherWin32);
if (d->getMessageHook)
return;
// setup GetMessage hook needed to drive our posted events
d->getMessageHook = SetWindowsHookEx(WH_GETMESSAGE, (HOOKPROC) qt_GetMessageHook, NULL, GetCurrentThreadId());
if (Q_UNLIKELY(!d->getMessageHook)) {
int errorCode = GetLastError();
qFatal("Qt: INTERNAL ERROR: failed to install GetMessage hook: %d, %s",
errorCode, qPrintable(qt_error_string(errorCode)));
}
}
I did research and the error Not enough storage is available to process this command. maybe the OS (Windows) does not have enough resources to process this function (SetWindowsHookEx) and failed to create a hook, and then Qt fire a fatal signal, finally my app is killed.
I tested this on Windows Server 2019, the app is working fine, no crashes appear.
I just want to know more about the meaning of the error message (stderr) cause I don't really know what is "Not enough storage"? I think it is maybe the limit or bug of the Windows Server 2016? If yes, is there any way to overcome this issue on Windows Server 2016?
The error ‘Not enough storage is available to process this command’ usually occurs in Windows servers when the registry value is set incorrectly or after a recent reset or reinstallations, the configurations are not set correctly.
Below is verified procedure for this issue:
Click on Start > Run > regedit & press Enter
Find this key name HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters
Locate IRPStackSize
If this value does not exist Right Click on Parameters key and Click on New > Dword Value and type in IRPStackSize under the name.
The name of the value must be exactly (combination of uppercase and lowercase letters) the same as what I have above.
Right Click on the IRPStackSize and click on Modify
Select Decimal enter a value higher than 15(Maximum Value is 50 decimal) and Click Ok
You can close the registry editor and restart your computer.
Reference
After researching for a few days I finally can configure the Windows Server 2016 setting (registry) to prevent the crash.
So basically it is a limitation of the OS itself, it is called desktop heap limitation.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/performance/desktop-heap-limitation-out-of-memory
(The funny thing is the error message is Not enough storage is available to process this command but the real problem came to desktop heap limitation. )
So for the solution, flowing the steps in this link: https://learn.microsoft.com/en-us/troubleshoot/system-center/orchestrator/increase-maximum-number-concurrent-policy-instances
I increased the 3rd parameter of SharedSection to 2048 and it fix the issue.
Summary steps:
Desktop Heap for the non-interactive desktops is identified by the third parameter of the SharedSection= segment of the following registry value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\Windows
The default data for this registry value will look something like the following:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
The value to be entered into the Third Parameter of the SharedSection= segment should be based on the calculation of:
(number of desired concurrent policies) * 10 = (third parameter value)
Example: If it's desired to have 200 concurrent policy instances, then 200 * 10 = 2000, rounding up to a nice memory number gives you 2048as the third parameter resulting in the following update to be made to the registry value:
SharedSection=1024,3072,2048
I'd like to access the Structure Sensor (https://structure.io) via OpenNI 2 (https://github.com/occipital/openni2) from an UWP App running on a Windows 10 Desktop.
The Setup
For this very reason I created a Windows Runtime Component (Universal Windows) in C++ besides my actual UWP App. This component exports several functions basically miming the initialization behavior of one of the samples in above OpenNI Github repo.
I extended the code to also iterate through all available devices:
// Initialize OpenNI
Status rc = OpenNI::initialize();
if (rc != STATUS_OK)
{
logError("Initialize failed + " + std::string(OpenNI::getExtendedError()));
return false;
}
// Get all attached sensors supported by OpenNI
Array<DeviceInfo> deviceList;
OpenNI::enumerateDevices(&deviceList);
for (int i = 0; i < deviceList.getSize(); i++) {
logInfo(deviceList[i].getName());
logInfo(deviceList[i].getUri());
}
// Actual open device
Device device;
rc = device.open(deviceList[0].getUri());
if (rc != STATUS_OK)
{
logError("Error = " + to_string(rc));
logError("Couldn't open device " + std::string(OpenNI::getExtendedError()));
return false;
}
The Problem
Calling above code from my UWP app through the Windows Runtime Component is successful when initializing OpenNI and enumerating over all available devices:
[INFO] PS1080
[INFO] \\?\usb#vid_1d27&pid_0600#13261#{c3b5f022-5a42-1980-1909-ea72095601b1}
Actually Opening the device via device.open is the actual problem (Error 1 = STATUS_ERROR)
[ERROR] Error = 1
[ERROR] Couldn't open device Could not open "\\?\usb#vid_1d27&pid_0600#13261#{c3b5f022-5a42-1980-1909-ea72095601b1}": USB device not found!
I'm also under the impression that above error message is a bit misleading, as the actual message when having no device attached is:
[ERROR] Error = 1
[ERROR] Couldn't open device DeviceOpen using default: no devices found
I already tried to add a USB device capability to the package mainifest without any success.
<DeviceCapability Name="usb">
<Device Id="vidpid:1D27 0600">
<!--<Function Type="classId:ff * *" />-->
<Function Type="name:vendorSpecific"/>
</Device>
</DeviceCapability>
I also verified that above code is working when directly building a classic C++ program without targeting UWP at all.
I would be very happy for any direction/hint you can provide me with
The Solution
Microsoft's UWP policy simply doesn't allow access to USB devices. But you can workaround that by grant the UWP AppContainer Process access to the Structure IO sensor.
Some manual work is required though:
Open the registry editor and go to the USB entry of the Structure IO sensor HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_1D27&PID_0600
Uncollapse this node and right click on the node below this one and copy the whole key in to clipboard. The last digit is very important here and differs from machine to machine (e.g. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_1D27&PID_0600\13261)
Copy this key into following registry file where the brackets are. The following registry modification basically allows every UWP app access to the structure I/O sensor.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_1D27&PID_0600\13261]
"Security"=hex:1,0,4,90,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,2,0,60,0,4,0,0,0,0,0,14,0,0,0,0,10,1,1,0,0,0,0,0,5,12,0,0,0,0,0,18,0,0,0,0,10,1,2,0,0,0,0,0,5,20,0,0,0,20,2,0,0,0,0,14,0,0,0,0,10,1,1,0,0,0,0,0,5,B,0,0,0,0,0,18,0,0,0,0,10,1,2,0,0,0,0,0,F,2,0,0,0,1,0,0,0
Modify the following batch script to point to the full path(!) of above registry file. This script is needed to modify the registry with the security string. This is only allowed by Window's SYSTEM account. That's why we need to create a task for that.
call schtasks /create /RU SYSTEM /SC ONCE /TN DeviceAC /TR "reg import c:\full\path\to\registry\file.reg" /ST 00:00
call schtasks /run /tn DeviceAC
call schtasks /delete /tn DeviceAC /f
Run the above batch script with Administrator privileges
After successfully executing the script, make sure there's a new entry called "Security" below you node from 2.
If the sensor is already connected to your PC you'll need to reconnect it.
Now the code from my Question above should work :)
You'll find a detailed read on how to solve this problem here:
https://developer.microsoft.com/en-us/windows/iot/Samples/CustomDeviceAccessor
Is it possible to avoid the use of passwords when using the SAS Metadata Batch Export Tool?
I am building a feature in my STP web app (SAS 9.2, IWA, Kerberos) for auto-exporting metadata items. As per the documentation, the ExportPackage utility requires credentials either directly (-user and -password etc options) or via a connection profile (-profile).
Logging onto the application server as sassrv, the contents of my connection profile are as follows:
#Properties file updated on: Thu Mar 12 16:35:07 GMT 2015 !!!!! DO NOT EDIT !!!!!!!
#Thu Mar 12 16:35:07 GMT 2015
Name=SAS
port=8561
InternalAccount=false
host=DEV-SASMETA.somecompany.int
AppServer.Default=A5MNZZZZ.AR000666
AllowLocalPasswords=true
authenticationdomain=DefaultAuth
SingleSignOn=true
Running my code however results in the following:
44 +%put Batch tool located at: &platform_object_path;
Batch tool located at: C:\Program Files\SAS/SASPlatformObjectFramework/9.2
45 +filename inpipe pipe
46 + " ""&platform_object_path\ExportPackage"" -profile MyProfile
47 + -package 'C:\Temp\TestPackage.spk' -objects '/SomeFolder/ARCHIVE(Folder)' -includeDep -subprop";
48 +data _null_;
49 + infile inpipe;
50 + input; putlog _infile_;
51 +run;
NOTE: The infile INPIPE is:
Unnamed Pipe Access Device,
PROCESS="C:\Program Files\SAS/SASPlatformObjectFramework/9.2\ExportPackage" -profile MyProfile -package 'C:\Temp\TestPackage.spk' -objects '/SomeFolder/ARCHIVE(Folder)' -includeDep
-subprop,
RECFM=V,LRECL=256
The export process has failed. The native implementation module for the security package could not be found in the path.
For more information, view the export log file: C:\Users\sassrv\AppData\Roaming\SAS\Logs\Export_150427172003.log
NOTE: 2 records were read from the infile INPIPE.
The minimum record length was 112.
The maximum record length was 121.
The log file was empty.
Presumably my options here are limited to:
Requesting the user password from the front end
Using a system account in the connection profile
Using a system account in the -user & -password options
??
I verified this some time ago with SAS Technical Support; it's currently not possible.
I entered a SASWare Ballet item for it: https://communities.sas.com/t5/SASware-Ballot-Ideas/Add-Integrated-Windows-Authentication-IWA-support-to-Batch/idi-p/220474
please vote!
This was initially resolved by embedding a username / password in the profile, but now it works by taking the (modified) template profile below, and adding the host= / port= parameters dynamically at runtime (so can use the same profile in different environments).
IWA is now used to connect to the metadata server!
# This file is used by Release Management for connecting to the metadata server
# The host= and port= parameters are provided by the application at runtime
SingleSignOn=true
AllowLocalPasswords=true
InternalAccount=false
SecurityPackageList=Negotiate,NTLM
SecurityPackage=Negotiate
An important thing I discovered (not in SAS documentation) is that you can substitute a profile name with an absolute path to a profile (.swa file) in the ExportPackage commmand.
Edit (one year later):
As pointed out by #Stig Eide, the error does seem to relate to 32 vs 64 bit JREs. I also came across this issue in DI Studio today and solved it by copying the sspiauth.dll files as described here
I'm running a django-celery application on Ubuntu-12.04.
When I run a celery task from my web interface, I get the following error, taken form postgresql-9.3 logfile (maximum level of log):
2013-11-12 13:57:01 GMT tss_usr 8113 LOG: could not receive data from client: Connection reset by peer
tss_usr is the postgresql user of the django application database and (in this example) 8113 is the pid of the process who killed the connection, I guess.
Have you got any idea on why this happens or at least how to debug this issue?
To make things work again I need to restart postgresql which is extremely uncomfortable.
I know this is an older post, but I just found it because I had the same error today in my postgres logs. I narrowed it down to a PDO select statement. I'm using Zend Framework 1.10.3 on Ubuntu Precise.
The following pdo statement generated an error if $opinion is a long text string. The column opinion is type Text in my postgres table. The query succeeds if $opinion is under a certain number of characters. 1000 characters works fine. 2000 characters fails with "could not receive data from client: Connection reset by peer".
$select = $this->db->select()
->from( 'datauserstopics' )
->where("opinion = ?",trim($opinion))
->where("datatopicsid = ?",trim($tid))
->where("datausersid= ?",$datausersid);
$stmt = $this->db->query($select);
I circumvented the problem by using:
->where("substr(opinion,1,100) = ?",trim(substr($opinion,1,100)))
This is not a perfect solution, but for my purposes, the select statement using substr() suffices.
Note that I have no problem inserting long strings into the same table/column. The disconnect problem only appears for me on the PDO select with relatively long text strings.
I'm getting it in 2017 with 9.4, I have no text fields, don't know what a PDO is. My select statement is about 50 bytes long, I'm trying to fetch an int4 and a double precision. I suspect the error message can mean multiple things.
I've since found https://dba.stackexchange.com/questions/142350/postgres-could-not-receive-data-from-client-connection-reset-by-peer which indicates it could be a problem with the client configuration. My client is libpg and PQconnectdb() is giving me a CONNECTION_OK return. It works at least partly.
For me, restarting the hypervisor where both the Postgres and the application using it helped. I've seen stack traces in dmesg before, though.
I register a Bonjour service using
DNSServiceRegister(&dnssref, 0, 0, "Fortune Server on my-PC", "_trollfortune._tcp", 0, 0, bigEndianPort, 0, 0, 0, 0);
I then browse for it using
DNSServiceBrowse(&dnssref, 0, 0, "_trollfortune._tcp", 0, bonjourBrowseReplyCallback, this);
My callback function is called twice, with the same serviceName, regType and replyDomain, only the interfaceIndex is different, the first time it's 20, the second time it is 10000010. if_indextoname() returns ethernet_12 for both.
At the same time, Bonjour Browser (a tool I found on the Internet) shows my service listed only once.
Am I calling DNSServiceBrowse with wrong parameters?
I found the problem in my case.
The problem started after installing VMware. It created some virtual network interfaces. After disabling those interfaces the browser only showed one result.
But I think the problem is not related to the browsing. I think the problem is with the flag kDNSServiceInterfaceIndexAny (0 - 3rd parameter) send to the function DNSServiceBrowse maybe you need to set the interface to a fixed value instead of 0.
I found out that there is a command-line tool called dns-sd that ships with Bonjour, and you can register/browse services with it.
I registered a service using
dns-sd -R "Fortune Server on my-PC" _trollfortune._tcp local 1234
and browsing for it with the command
dns-sd -B _trollfortune._tcp
gives me the following output:
Browsing for _trollfortune._tcp
Timestamp A/R Flags if Domain Service Type Instance Name
19:48:23.674 Add 3 20 local. _trollfortune._tcp. Fortune Server on my-PC
19:48:23.674 Add 2 10000010 local. _trollfortune._tcp. Fortune Server on my-PC
Since the standard tool that comes with Bonjour lists the service twice, I guess this is the normal behavior.