Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Miscellaneous Utilities : Acceschk - Problem with path

March 7, 2014, 2:01 am
$
0
0
Author: goszki
Subject: Acceschk - Problem with path
Posted: 07 March 2014 at 10:01am

Hi,
I have problem with using accesschk. I'm trying to audit path which has dots and spaces in the folders names:
eg. o:\1. text\2. text\5. text
and when i'm running "accesschk -l -i -s o:\1. text\2. text\5. text" i got only information about using accesschk.
Anny suggestions?
Search

Process Monitor : Procmon spawns itself infinitely

March 7, 2014, 2:46 am
$
0
0
Author: tlkristensen
Subject: Procmon spawns itself infinitely
Posted: 07 March 2014 at 10:46am

Hi,

I am havingthe same issue and it is reproducible. Does anyone have a solution for it.

I can runprocmon using an administrative account but not as a “normal” user. If I try,procmon64 just keeps spawn new threads. It actually appears to be spawning newprocesses as well. It keeps doing this until I kill it using “End Process Tree”in task manager.

I have successfullycaptured a procmon dump of the situation by running procmon as anadministrative account and opening procmon as a “normal” user. Due to file size restrictions, I cannot attach the dump.

We onlyhave the issue on one machine, which is used to test one of our own programs.If it helps, we are able to verify any fixes.

And thanksfor some really great tools. They have saved my day many times!

Anotherremark: I had to register to post the reply. Did I really just send me passwordback to me in cleartext?

Miscellaneous Utilities : Acceschk - Problem with path

March 7, 2014, 3:21 am
$
0
0
Author: rmetzger
Subject: Acceschk - Problem with path
Posted: 07 March 2014 at 11:21am

Quote I'm trying to audit path which has dots and spaces in the folders names:
eg. o:\1. text\2. text\5. text and when i'm running "accesschk -l -i -s o:\1. text\2. text\5. text" i got only information about using accesschk.


A quick glance at the problem, I see, has to do with your quotes. Consider this instead:
accesschk -l -i -s "o:\1. text\2. text\5. text"
or
"C:\My Tools Folder\accesschk" -l -i -s "o:\1. text\2. text\5. text"

I think those spaces require proper quotations to make it work.

Hope that helps.
Ron Metzger

Miscellaneous Utilities : Acceschk - Problem with path

March 7, 2014, 4:12 am
$
0
0
Author: goszki
Subject: Acceschk - Problem with path
Posted: 07 March 2014 at 12:12pm

Thanks for quick answer Ron.
I tried to do it witch quotes and now I got message "No matching objects found"
I copied the path so there shouldn't be any mistake (the same path works with f.eg. "cd" command)
I think the problem is with the dots in the path because it works with folders without them.

Miscellaneous Utilities : Acceschk - Problem with path

March 7, 2014, 5:30 am
$
0
0
Author: rmetzger
Subject: Acceschk - Problem with path
Posted: 07 March 2014 at 1:30pm

That may be the answer. I get the same response on a local drive.

accesschk -l -i -s E:\

spins it's wheels for a while then responds with "No matching objects found" which I believe means no security info was found on E:\ and it's recursed subdirectories (-s).

but if I do this on:
AccessChk -l -i -s "c:\windows\downloaded program files"

I get a reasonable response.

Good luck.
Ron Metzger

Miscellaneous Utilities : handle.exe crash

March 7, 2014, 7:10 am
$
0
0
Author: fhebert
Subject: handle.exe crash
Posted: 07 March 2014 at 3:10pm

We are using handle.exe version 3.51 and it still generate blue screen similar to those described here.

The BSOD happened on Windows 7 x64 and they are not reproducible but enough frequent to avoid using this tool. I hope it will be fixed soon.

BgInfo : BgInfo and Roaming Profiles

March 7, 2014, 7:15 am
$
0
0
Author: rcohen
Subject: BgInfo and Roaming Profiles
Posted: 07 March 2014 at 3:15pm

Hiya,

We have set up Bginfo to run via a Group Policy that runs a bginfo bat script on user logon which works fine and calls bginfo.exe and a bginfo.bgi files on the C:\Bginfo folder of each of our Terminal servers

We were then asked to change a background colour for a certain set of Terminal Servers servers

However you can't change the background of a Remote Desktop Server when you are logged into it on a Terminal Server session so we tried changing the background on the certain set of servers within Bginfo > Background > Use these settings instead of Copy users wallpaper settings but when you log into the other servers, it still retains the new colour.

Not sure whether the background is being saved under a roaming profile folder but currently it is set to bitmap > location > Users temporary files directory.

Any assistance greatly appreciated Thanks

PsTools : Psshutdown enquiry

March 7, 2014, 8:54 am
$
0
0
Author: kbskbs
Subject: Psshutdown enquiry
Posted: 07 March 2014 at 4:54pm

Hi All,

Just need to initially ask if the following is possible. I'm struggling to get it working but thought I did this some time ago.

Please could a guru confirm if I can use PsShutDown as follows?

A (basic) user account on PC1 calls PsShutDown to shut down PC2.

PC2 has an admin account specifically for PsShutDown to use.

Works when local admin of PC1 sends command (this admin is not on PC2) but not when PC1 is logged in as a user.

Thanks

Keith



Search

Troubleshooting : Find when system hangs ?

March 7, 2014, 9:02 am
$
0
0
Author: trebly
Subject: Find when system hangs ?
Posted: 07 March 2014 at 5:02pm

Hi,

I am really newbie in SysInternals.

Since a few time, a computer using still XP SP3, which is used as a little server (with a motherboard designed for) after a while (some hours, sometimes two days) stops working.
Exactly like disk errors, processors stopping (heat) etc. not any control, no blue screen.

Disks have been scanned, memory checks etc. Nothing found

To try to find the problem, I think that a system activity (processes, disk accesses, network) which will trace on disk (not buffered) will stop writing when system will stop.
So I could read back the state before failure.
May be I will find something which happens repeatedly.

Note (subsidiary question) : I have on this system a "watchdog". To implement it I would need to survey all running processes and services and stop updating the timer (remaining time before reboot, at defined system address, I have the assembler routine). If the hang doesn't come from a processor hang, (but for example 100% processor used by priority task...) the system will reboot automatically. I don't know if any standard soft is able to do it.

Autoruns : autoruns help file is missing...

March 7, 2014, 11:30 am
$
0
0
Author: aziangirly
Subject: autoruns help file is missing...
Posted: 07 March 2014 at 7:30pm

Thank you Dax1792!!!  Not sure how the forum works but I hope it's ok to ask you another question here.  I've been trying to access my start-up options to disable somethings but no matter what I do a window keeps popping up saying  "Windows defender is turned off" but it shows it's running...   Am I losing my mind or in your professional opinion have I been hacked into??  I already had a call from my bank saying that there's been attempted logins to my bank acct from my home... facebook activity not by me and a p/w change apparently, and my hotmail acct only opens up so that all you see is the border and I can't see any of my emails...  and my system has been running really slow and wonky and all my media players are now not working... tell me i'm still sane Stern Smile

Autoruns : autoruns help file is missing...

March 7, 2014, 11:43 am
$
0
0
Author: aziangirly
Subject: autoruns help file is missing...
Posted: 07 March 2014 at 7:43pm

uh oh I hope I didn't post a reply to myself!!!! So sorry if you getting this twice... i just wanted to add that I tried to do a system restore but it said it failed which is a first for me!!!  thanks again for just letting me get this off my chest!!  Where ever you are have a good weekend!!  TGIF  Smile




Autoruns : autorunsc for offline systems

March 7, 2014, 4:26 pm
$
0
0
Author: F0117375
Subject: autorunsc for offline systems
Posted: 08 March 2014 at 12:26am

!! autoruns 11.70.0.0 - Analyzing Offline Systems - moves Reg-entry's unlawful to local, ONLINE system !!
I wont to repair a WinXP32he on a Win8.0-64pro.
The first step is to disable autorun entry's to prevent OS from malware.
Insert disk > Load registry from offline OS > go to "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" >>
Uncheck untrustworthy entry's (known that they will be moved to ...\Run\AutorunsDisabled)
If I wont to RMT-'Jump to Entry...' it can't find the entry!
A RMT-'Properties...' displays an ERROR message like this: # "c:\path\program.exe" could not be found. Make sure that you have typed the name correctly and try again. #

What happened? Look manually in the registry...
The WinXP32he-Run was mapped to "[HKEY_LOCAL_MACHINE\autoruns.software\Microsoft\Windows\CurrentVersion\Run]"
The WinXP32he-Run\AutorunsDisabled was mapped to "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]" <--But this is the path for the online Win8.0-64pro !!
To repair the AutorunsDisabled, I export from wrong place, edit and import to the right place.

Next problem is to load the user registry, it failed! # Cannot load user registry hive of the offline system #

I think this is a design fault, or is that not so provided?
If it is possible, which should be solved.
Thank you


Edited by F0117375 - 16 hours 10 minutes ago at 12:50am

Troubleshooting : How to diagnosis the cause of User Mode driver cra

March 7, 2014, 7:40 pm
$
0
0
Author: KCav
Subject: How to diagnosis the cause of User Mode driver cra
Posted: 08 March 2014 at 3:40am

Event Viewer reports "Critical Error – the device MTP USBDevice is offline due to a user mode driver crash."

I plugged a USB cable into my Samsung, Galaxy S3 and connectedthe other end to my PC.  When I did this it showed-up in DeviceManager under Other Devices as SAMSUNG_Android_SCH_1535.  However, about three minutes later DeviceManager changed.  Under Other Devices a new item appeared - CDCAbstract Control Model, and the status of SCH-1535 changed to “notconfigured properly.”  Then they disappearedfrom Other Devices and under Portable Devices a new item appeared – MTP USBDevice.  It’s status was “cannot start.”  

How should I diagnosis the problem? What is a User Mode Driver Crash?

Troubleshooting : Find when system hangs ?

March 7, 2014, 9:51 pm
$
0
0
Author: MagicAndre1981
Subject: Find when system hangs ?
Posted: 08 March 2014 at 5:51am

press the CAP LOCKS key during the freeze and look if the light on the keyboard toggles or not.

BgInfo : BgInfo and Roaming Profiles

March 7, 2014, 10:52 pm
$
0
0
Author: WindowsStar
Subject: BgInfo and Roaming Profiles
Posted: 08 March 2014 at 6:52am

One way to do this is have different BGINFO.BGI files for different servers.

Something like:

TSGroup1.bgi
TSGroup2.bgi
TSGroup3.bgi

Then use your batch file to call the correct group for the server you are logged into.

Enjoy -WS

Search

Miscellaneous Utilities : desktops 1.02 taskbar lost, how to restart taskbar

March 8, 2014, 11:19 am
$
0
0
Author: cv98
Subject: desktops 1.02 taskbar lost, how to restart taskbar
Posted: 08 March 2014 at 7:19pm

FOUND THE SOLUTION!!!

1. Open taskmgr.exe in a windows that has a taskbar
2. Kill ALL the explorer.exe's
3. Restart desktops.exe or kill it and then run it
4. go to the desktop where you dont have a taskbar

remember to leave all the windows open, closing them is not necessary

Process Explorer : ** Feature Requests **

March 8, 2014, 3:33 pm
$
0
0
Author: Himmelssonne
Subject: ** Feature Requests **
Posted: 08 March 2014 at 11:33pm

Feature Request: Voice setting

It would be for future versions also be nice if there is a language and the Process Explorer would be available not only in English but also in other languages.

Process Explorer : Process Expl Search Online

March 8, 2014, 9:06 pm
$
0
0
Author: rhabdomantist
Subject: Process Expl Search Online
Posted: 09 March 2014 at 5:06am

Same for me since v.16.00, no change with with v.16.02. Get no response at all.

Process Explorer : Process Expl Search Online

March 9, 2014, 10:31 am
$
0
0
Author: MaggieL
Subject: Process Expl Search Online
Posted: 09 March 2014 at 5:31pm

On Win8.1 with Chrome as default browser and PE V16.01, "Search online" appears to suffix the process name with a slash before searching, which of course doesn't work. It's possible that this is Chrome's fault, but I'm betting it has something to do with the "virustotal.com" support. 

Just a hunch.   

Process Explorer : Process Expl Search Online

March 9, 2014, 2:39 pm
$
0
0
Author: rhabdomantist
Subject: Process Expl Search Online
Posted: 09 March 2014 at 9:39pm

VirusTotal integration works fine for me (XP Home & Pro-IE8) But I also thought VirusTotal may be part of the problem. Don't have a problem if using 15.40.
Wonder how many others are experiencing this issue.
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>