Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Troubleshooting : "The delayed auto-start flag could not be set."

August 18, 2014, 1:22 pm
$
0
0
Author: tamahome
Subject: "The delayed auto-start flag could not be set."
Posted: 18 August 2014 at 8:22pm

Anyone know why certain services can't be set to "Automatic (Delayed Start)", and yet they can be disabled with no seeming harm?  One example is "NVIDIA Display Driver Service".  The full error message is:

  The delayed auto-start flag could not be set.  Error 87: The parameter is incorrect.


Search

Troubleshooting : "The delayed auto-start flag could not be set."

August 18, 2014, 4:58 pm
$
0
0
Author: LMiller7
Subject: "The delayed auto-start flag could not be set."
Posted: 18 August 2014 at 11:58pm

Many services are members of service groups. Many of these groups have entries in the ServiceGroupList in the registry that controls the order in which the services are started. Many services must be started in a specific order. Services that are members of such a group cannot be set to Delayed start.


Autoruns : COMPATIBILITY

August 18, 2014, 5:16 pm
$
0
0
Author: mario_sp23
Subject: COMPATIBILITY
Posted: 19 August 2014 at 12:16am

I have windows 7 home premium sp1 and autoruns  when downloading it crashes only openning  command pronpt and runing it quickly!!!  Thanks!!

Edited by mario_sp23 - 14 hours 12 minutes ago at 12:34am

Autoruns : COMPATIBILITY

August 18, 2014, 9:58 pm
$
0
0
Author: MagicAndre1981
Subject: COMPATIBILITY
Posted: 19 August 2014 at 4:58am

Mark is currently investigating crashes of AutoRuns

BgInfo : BGInfo making an awkward change

August 19, 2014, 12:03 am
$
0
0
Author: WindowsStar
Subject: BGInfo making an awkward change
Posted: 19 August 2014 at 7:03am

@RoshanEjaz: Ok, strange question....it is right there in the software. Click Background, click one of the standard colors or custom, check "make wallpaper visiable behind text" and then OK and OK. -WS

 

Miscellaneous Utilities : Bugs in Sysmon (event manifest)

August 19, 2014, 3:53 am
$
0
0
Author: CoreSenses
Subject: Bugs in Sysmon (event manifest)
Posted: 19 August 2014 at 10:53am

Been playing around with Sysmon too. I can see this tool could fill in some gaps.

As for me, I didn't mind very light amount of information on the General tab as there is more information in the Details tab. I didn't have any problem with the manifest during installation of the service. It shows up as intended and survives reboots.

I agree if it could capture the activities within a batch script as well that would be great.

I managed to round up a few machines and loaded Sysmon on them and they all report to a Windows Event Collector. These logs are then collected by the SIEM with all the details.

The only caveat though, in my case, is that you have to configure your Windows Event Collector to save the logs in 'Applications'. Then have the SIEM extract the logs from Application.


PsTools : psinfo can not display information in chinese

August 19, 2014, 7:07 am
$
0
0
Author: zjw
Subject: psinfo can not display information in chinese
Posted: 19 August 2014 at 2:07pm

not work,
 chcp already be Chinese Simplified

Is there any plan to update the tool?


Internals : Question about Sysinternal Tools in Enterprise

August 19, 2014, 7:40 am
$
0
0
Author: indianboy08
Subject: Question about Sysinternal Tools in Enterprise
Posted: 19 August 2014 at 2:40pm

Have a question about putting several of the Sysinternal Tools on all user desktops within the Enterprise as we have seen several benefits using it to troubleshoot issues.
 
  • Which of the tools would you recommend have on all workstations for troubleshooting issues
  • What is the preferred folder location to place them for security purposes? We were thinking C:\Windows\system32
  • Are there certain tools that should not be placed on user workstations because of potential security concerns if a user's system is compromised that would provide additional information (ie. ADExplorer, ADInsight, etc.)

Thx in advance for any suggestions provided.

Search

Miscellaneous Utilities : Bugs in Sysmon (event manifest)

August 19, 2014, 10:07 pm
$
0
0
Author: MagicAndre1981
Subject: Bugs in Sysmon (event manifest)
Posted: 20 August 2014 at 5:07am

Try the Update 1.0.1:

Sysmon v1.01: This fixes the manifest registration so that Sysmon event logs can be interpreted without installing Sysmon, and now includes unique UDP connections within 15-minute intervals.

http://blogs.technet.com/b/sysinternals/archive/2014/08/19/updates-autoruns-v12-02-coreinfo-v3-31-sysmon-v1-01-whois-v1-12.aspx

PsTools : psexec v2.0: working after second time in cmd

August 19, 2014, 11:31 pm
$
0
0
Author: gabim
Subject: psexec v2.0: working after second time in cmd
Posted: 20 August 2014 at 6:31am

Hi All,
i struggle some problem.
i open a cmd window and run a psexec command to some remote machine.
at the first time i got the message "PsExce could not start c:\xxx\zzz.bat on 190.2.3.4:
                                                        No process is on the other end of the pipe."
so immediately i run it again and it work's fine and start my process at remote machine.

i tried to do this again .
start a new cmd window and repeat all previuos actions and the same results(just after seocnd time start working).

is anybody has an idea what can cause this behavior.

Autoruns : Image path not found since version 12 (or 12.01?)

August 20, 2014, 1:06 am
$
0
0
Author: Hofila
Subject: Image path not found since version 12 (or 12.01?)
Posted: 20 August 2014 at 8:06am

Hello,

It seems that latest versions of AutoRuns doesn't find

"file:///C:/Program Files (x86)/Test/TestShell.DLL" as ImagePath.

This path is used in HKEY_CLASSES_ROOT\CLSID\{b298a367-cb1d-3dbe-856d-a2b68c3d366e}\InprocServer32\CodeBase.

All this is created with https://sharpshell.codeplex.com/ and extension is working fine.

Process Monitor : Procmon spawns itself infinitely

August 20, 2014, 2:08 am
$
0
0
Author: McNetic
Subject: Procmon spawns itself infinitely
Posted: 20 August 2014 at 9:08am

This issue is around since like years. It obviously affects many users. I also provided a log file above. Do you intend to do anything about this?

Process Explorer : INSTALLER for Process Explorer

August 20, 2014, 2:47 am
$
0
0
Author: Tony TCG
Subject: INSTALLER for Process Explorer
Posted: 20 August 2014 at 9:47am

I have made a setup which installs Process Explorer with improved settings... Desktop shortcut, Start menu shortcut, start from Run menu (Win+R) by typing PX , Uninstaller, registry files to reset settings to default and/or back to custom again, utility to restart Process Explorer, etc. 

here's a screenshot of how Process Explorer looks with these settings:

DOWNLOAD LINK: www.gg.gg/PROCEXP



and here's a screenshot of the setup itself:



DOWNLOAD LINK: www.gg.gg/PROCEXP



Edited by Tony TCG - 5 hours 2 minutes ago at 9:54am

Troubleshooting : Windows cannot access the specified device path or

August 20, 2014, 3:54 am
$
0
0
Author: GrofLuigi
Subject: Windows cannot access the specified device path or
Posted: 20 August 2014 at 10:54am

Yeah, and the key HKCR\Applications\FOXIT PHANTOMPDF.EXE is present on the system, which means the app is already installed or was not uninstalled. Smile

Troubleshooting : Windows cannot access the specified device path or

August 20, 2014, 6:38 am
$
0
0
Author: david.lynch
Subject: Windows cannot access the specified device path or
Posted: 20 August 2014 at 1:38pm

Yes, error occured while the trace was being captured. The same error happens for any location:





Edited by david.lynch - 1 hour 9 minutes ago at 1:47pm
Search

Autoruns : Stopping driver loads at startup

August 20, 2014, 6:44 am
$
0
0
Author: Pendaws
Subject: Stopping driver loads at startup
Posted: 20 August 2014 at 1:44pm

Hi there, as anyone can see I am a newbie. Smile

I have been using Autoruns for a while and I have always wondered about the driver section.
When I look through it there are SO many drivers there that I KNOW I don't have on my machine and wonder why they are being loaded at start up?

I see that there  is a warning about disabling thse through Autoruns but, I would like some insight into stopping ones that I KNOW I don't use, eg:
Intel Pro Adaptor ( I don't have intel networking)
Adaptec SAS and SATA Stor Port driver (don't have adaptec anything)
Hauppage Win TV (huh)
Intel Matrix Storage Driver ( my machine is AMD)

There are more but I would more than likely fill the page. :) This is a FRESH install of Win 7 Ultimate raid 0. would anyone like to advise me please?  Big smile

BgInfo : Custom WMI to eclude (none) and IPv6

August 20, 2014, 7:04 am
$
0
0
Author: PPlys
Subject: Custom WMI to eclude (none) and IPv6
Posted: 20 August 2014 at 2:04pm

First of all: So sorry for reopening such an old subject.

I also got the problem solved with the (none) and the IPv6, thanks to you.

But the string 'SELECT IPSubnet FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=True' leaves this line: 255.255.255.0 64.
I am trying to get rid of the 64 but have no success. :(

Can anybody please help?

Yours

BgInfo : Custom WMI to eclude (none) and IPv6

August 20, 2014, 7:45 am
$
0
0
Author: Pepé Le Pew
Subject: Custom WMI to eclude (none) and IPv6
Posted: 20 August 2014 at 2:45pm

Originally posted by PPlys PPlys wrote:

First of all: So sorry for reopening such an old subject.

I also got the problem solved with the (none) and the IPv6, thanks to you.

But the string 'SELECT IPSubnet FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=True' leaves this line: 255.255.255.0 64.
I am trying to get rid of the 64 but have no success. :(

Can anybody please help?

Yours


The string you refer to,do you use the WMI Query directly in BGInfo settings or does it point to a script file?  If you use the the script files, then it should work fine.  If you look at the first page, you will see that WindowsStar provided them there.  You simply copy it to notepad and save as with the .vgs extension.  Make sure all your different config scripts are in the same location as the bginfo.exe and bginfo.config files.

As an example, the link as it shows in bginfo config for my script shows the path as %SystemDrive%\BGInfo\OnlyIPv4Address.vbs

Miscellaneous Utilities : Bugs in Sysmon (event manifest)

August 20, 2014, 9:55 am
$
0
0
Author: krikkit
Subject: Bugs in Sysmon (event manifest)
Posted: 20 August 2014 at 4:55pm

<quote>
The only caveat though, in my case, is that you have to configure your Windows Event Collector to save the logs in 'Applications'. Then have the SIEM extract the logs from Application.
</quote>

Ah - but I didn't want to do that. All my events are being channeled to the "Forwarded Events" log on the Collector, and Splunk already happily collects them from there.

I wanted to keep the config as simple as possible: "Workstation events end up in log X and are sent to Y."

Looking at the v1.01 update - it looks better.

Miscellaneous Utilities : Bugs in Sysmon (event manifest)

August 20, 2014, 10:06 am
$
0
0
Author: krikkit
Subject: Bugs in Sysmon (event manifest)
Posted: 20 August 2014 at 5:06pm

v1.01 fixed the issue I was having.

I uninstalled v1.00, installed v1.01
sysmon -i -h md5 -n -accepteula

Events are collected and forwarded to our Windows Event Collector "Forwarded Events" log; Splunk Universal Forwarder picks them up from there and sends them to an Indexer. Searches in Splunk return the full event details.
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>