Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

BgInfo : Restict access to BGinfo database (logon / logoff)

March 28, 2014, 3:21 am
$
0
0
Author: skhudy
Subject: Restict access to BGinfo database (logon / logoff)
Posted: 28 March 2014 at 10:21am

... I know NTFS permissions ... this is that if users can read the .bgi file then they can see the db / sql credentials set in the file and potentially do things to the DB
Search

Process Explorer : system information

March 28, 2014, 6:57 am
$
0
0
Author: wolfpix
Subject: system information
Posted: 28 March 2014 at 1:57pm

Hy, where I can find a manual for "system information"? I would know difference from "I/O" and "Disk" graph.
Thank you

BgInfo : BGinfo on surface pro2

March 28, 2014, 9:28 am
$
0
0
Author: rbowman8387
Subject: BGinfo on surface pro2
Posted: 28 March 2014 at 4:28pm

Running into an issue with getting BGInfo to display correctly on a Surface Pro2.

My background is centered but when i run my batch file to apply the bginfo overlay, it changes from centered to tiled and it displays 1 full image (top left corner) and then the parts of duplicate images due to the tiled effect

BgInfo : Restict access to BGinfo database (logon / logoff)

March 28, 2014, 9:30 am
$
0
0
Author: WindowsStar
Subject: Restict access to BGinfo database (logon / logoff)
Posted: 28 March 2014 at 4:30pm

@skudy, then you have to make some decisions. #1 Don't use BGInfo. #2 Don't use the DB part. #3 If you have a domain put the files on a server with hidden shares and only allow software to launch from there. Users will still could see it but it is much harder if they don't know the structure. #4 Use a different software to obtain your goal. #5 Create a DB on a special server that if someone did get into it and change something you could fix it easily with backups, maybe a server that only uses this BD. #6 etc. etc. etc. etc.

Not sure what to tell you, because you are thinking correctly about your network and security but could be using the wrong software (because of its security flaws) to do what you need. -WS

Process Explorer : Process Explorer and Virus Total

March 28, 2014, 9:34 am
$
0
0
Author: nellswor
Subject: Process Explorer and Virus Total
Posted: 28 March 2014 at 4:34pm

I have this problem also. Does PE simply use the local IE settings? My company requires use of a proxy server to get out to the Internet. Is there a way to check whether PE is trying to go direct or use the proxy, or a way to configure this?

Thanks

PsTools : PSExec from 2008R2, access is denied.

March 28, 2014, 10:17 am
$
0
0
Author: jhuegen
Subject: PSExec from 2008R2, access is denied.
Posted: 28 March 2014 at 5:17pm

Local Machine - Old: Windows 2003. New: Windows 2008R2
Remote Machine: Windows 2008R2

We're migrating our provisioning server scripts from Windows 2003 to a new Windows 2008R2 host. The PSExec commands that ran perfectly under Windows 2003 fail running under Windows 2008R2 with:

Access is denied.Connecting to <server>... Starting PsExec service on <server>... Could not start PsExec service on <server>

I haven't done anything to the remote machine because it works perfectly when a Windows 2003 server PSExecs to it. I've tried a half dozen remote machines, all with the same outcome, which leads me to believe the problem lies within the local Windows 2008R2 machine.

Here's the things I've checked:

The version of PSExec is the same on both local machines.
The command structure is the same on both local machines.
The same domain account is used to run the command on both local machines.
The domain account used to run the commands have local admin rights on both local machines.

What am I missing?

Process Explorer : "Temp" entry in the process context menu

March 29, 2014, 9:47 am
$
0
0
Author: zakk
Subject: "Temp" entry in the process context menu
Posted: 29 March 2014 at 4:47pm

What's the purpose of the entry "Temp"
that appears in the process context menu?

Help file doesn't mention it.
I've tried it and it does nothing.

PsTools : object already exists error PSEXEC

March 29, 2014, 2:13 pm
$
0
0
Author: CBWPowder
Subject: object already exists error PSEXEC
Posted: 29 March 2014 at 9:13pm

Yes when I try to run this in command line-

psexec -i -d -s c:\windows\regedit.exe

It comes back with-

"Error deriving session key:
Object already exists."

It worked for me once but never again.

If I take out -s argument regedit opens but can't delete keys as I am trying to do.

Please help.
Search

Process Explorer : "Temp" entry in the process context menu

March 30, 2014, 12:38 am
$
0
0
Author: MagicAndre1981
Subject: "Temp" entry in the process context menu
Posted: 30 March 2014 at 7:38am

I can see it, too. I wrote Mark a Mail. Thanks for reporting it.

PsTools : PsExec to launch admin-level task from LU account

March 30, 2014, 4:40 am
$
0
0
Author: AndyA
Subject: PsExec to launch admin-level task from LU account
Posted: 30 March 2014 at 11:40am

I revised my strategy for running programs locally as an admin from an LU account under Windows 7.

RunAsRob worked correctly, but it installs a service.

Instead, I use a script that works in XP/Vista/7/8 for both Admin and LU (Normal User) accounts that allows VBS scripts and other executables (with or without an argument) to be launched without entering a password. If UAC is configured, a simple UAC prompt will need to be acknowledged.

The script uses CPAU.EXE and Microsoft's own ELEVATE.VBS/ELEVATE.CMD.

RUNAS.EXE /savecred can be used instead of CPAU.EXE, but a black screen briefly appears when RUNAS.EXE is launched. CPAU.EXE can be invoked with the -hide parameter so that only the target executable's window is viewed.

FYI, there are two third party alternatives to ELEVATE.VBS/ELEVATE.CMD:

ELEVATE.EXE by Johannes Passing and ELEVATE.EXE by John Robbins

Unless a question is posted here, I will not add to this topic.

regards, AndyA

Troubleshooting : TCPView network monitoring question

March 30, 2014, 6:03 am
$
0
0
Author: doveblack
Subject: TCPView network monitoring question
Posted: 30 March 2014 at 1:03pm

I use TCPView to monitor what im connected to on my PC. I noticed something odd today. There was a system process i couldnt get the properties of that said it was connected to the router as a remote address at 10.0.0.1. I have network discovery and netbios off. It disappeared after a while. Anyone know what that is?

Process Monitor : error opening snapshot

March 30, 2014, 6:08 am
$
0
0
Author: Merav Kochavi
Subject: error opening snapshot
Posted: 30 March 2014 at 1:08pm

You should clear the Logfile registry key.

Close Process Monitor.

Open regedit.

Go to the folder HKEY_CURRENT_USER/Software/SysInternals/ProcessMonitor/

You will find a Key named Logfile

Right click on the key to modify.

Set the Value data to an empty string and click OK.

Open Process Monitor.

Process Monitor : Error Message when I launch process monitor

March 30, 2014, 6:12 am
$
0
0
Author: Merav Kochavi
Subject: Error Message when I launch process monitor
Posted: 30 March 2014 at 1:12pm

Clearing the Registry entry worked for me as well.

First you need to close all instances of Process Montior.

Then open regedit.

Find the key located under

HKEY_CURRENT_USER/Software/SysInternals/ProcessMonitor/       for 64 bit version

or

HKEY_CURRENT_USER/Software/SysInternals/ProcessMonitor32/   for 32 bit version

The Key is named Logfile.

Right click on the key to modify.

Set the Value data to an empty string and click OK.

Open Process Monitor.

Process Monitor : Unable to capture!

March 30, 2014, 6:20 am
$
0
0
Author: Merav Kochavi
Subject: Unable to capture!
Posted: 30 March 2014 at 1:20pm

Clearing the Logfile Registry entry worked for me.

First you need to close all instances of Process Monitor.

Then open Regedit.

Find the Logfile registry entry located under

HKEY_CURRENT_USER/Software/SysInternals/ProcessMonitor/       for 64 bit version

or

HKEY_CURRENT_USER/Software/SysInternals/ProcessMonitor32/   for 32 bit version

The key is named Logfile.

Right click on the key and select modify.

Set the Value data to an empty string and click OK.

Open Process Monitor.

Process Explorer : High CPU utilization with Process Explorer 16.02

March 30, 2014, 6:38 am
$
0
0
Author: rhatsaruck
Subject: High CPU utilization with Process Explorer 16.02
Posted: 30 March 2014 at 1:38pm

Yes, I am using a ThinkPad T500 equipped as follows:

Intel Core 2 Duo P8600 processor running at 2.4 Ghz
8 GB of RAM
500 GB Hitachi SATA hard drive
ATI Radeon HD 3650 video adapter
Intel ICH9M-E/M SATA AHCI controller
internal CD-DVD burner
Intel 82567LF Gigabit network adapter
Intel WiFi 5100 AGN.

The O/S was installed with AHCI enabled. The machine was running on external power and connected via the Ethernet wired port when I experienced the problems.

Search

Process Explorer : High CPU utilization with Process Explorer 16.02

March 30, 2014, 10:01 am
$
0
0
Author: MagicAndre1981
Subject: High CPU utilization with Process Explorer 16.02
Posted: 30 March 2014 at 5:01pm

ok, this issue is caused by the cycle based CPU usage calculation which is used in ProcExp for a while. Use ProcessHacker, here you can disable this new calculation:

http://processhacker.sourceforge.net/

Process Explorer : "Temp" entry in the process context menu

March 30, 2014, 10:02 am
$
0
0
Author: MagicAndre1981
Subject: "Temp" entry in the process context menu
Posted: 30 March 2014 at 5:02pm

I got a reply from Mark. The issue will be fixed in the next ProcExp Update.

Thanks for finding it :)

Process Explorer : "Temp" entry in the process context menu

March 30, 2014, 2:05 pm
$
0
0
Author: zakk
Subject: "Temp" entry in the process context menu
Posted: 30 March 2014 at 9:05pm

You're welcome :)

Troubleshooting : W7 permission denied

March 31, 2014, 10:05 am
$
0
0
Author: sweatshirt09
Subject: W7 permission denied
Posted: 31 March 2014 at 5:05pm

Hi,

(MSaccess 2000 app; 32-bit on W7-prof 64-bit)

MSAccess application gives me "permission denied" error.
With ProcessMonitor I am trying to find the cause (and solution).
From the listing attached: the error occurs after the first IRP_MJ_CREATE operation.

Does anyone have a hint for the cause?
Is it the KernelBase.dll.mui that gives problems or the netmsg.dll?

To add to the confusion: the application works well on a different Windows7 computer.
The Windows7 installed here is more or less an out-of-the-box installation.
No error occurs and the events relating to KernelBase.dll.mui and netmsg.dll do not show up with ProcessMonitor.

Things that I can think of that cause this behaviour:
- some security setting
- some MS update changing
- ?


Thanks
------------------------------------------------------------------------------------
uploads/48476/LogFileDEBUG_sendkeys2.zip


Edited by sweatshirt09 - 6 hours 51 minutes ago at 8:09pm

BgInfo : BGinfo on surface pro2

March 31, 2014, 11:36 am
$
0
0
Author: DTMiner
Subject: BGinfo on surface pro2
Posted: 31 March 2014 at 6:36pm

Happens on every Win8.1 machine I've tried, but it's the worst on tablets that are docking and undocking all the time.

It seems as if BGInfo is forcing Tiled when ever it updates.
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>