Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

PsTools : PSEXEC ICACLS issues on remote pc

December 17, 2014, 7:52 am
$
0
0
Author: brinza
Subject: PSEXEC ICACLS issues on remote pc
Posted: 17 December 2014 at 3:52pm

Hey All,

This is my first post on this forum so please be kind on me and my English :p.

My problem with PSEXEC is that I'm missing some little part of the code in the following oneliner (this is example and the names are masked... :

psexec \\pcname cmd /c (icacls "c:\program Files\something" /grant:r "domainName\domain users":(OI)(CI)F /t)

I have all needed rights on this and remote pc (domain admin), and to be honest don't think it is rights issues, should be something little that I'm missing ("" or - or something like this)

Output after execution :

C:\Windows\System32>psexec \\pcname cmd /c (icacls "c:\program Files\something" /grant:r "domainName\domain users":(OI)(CI)F /t)

PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

(CI)F was unexpected.
cmd exited on pcname with error code 1.

I hope there is another solution than copying bat file to remote pc and execute it there.... :/
Thank you in advance for sorting this out for me :p.

Search

PsTools : PSEXEC ICACLS issues on remote pc

December 17, 2014, 8:29 am
$
0
0
Author: brinza
Subject: PSEXEC ICACLS issues on remote pc
Posted: 17 December 2014 at 4:29pm

found it myself (sorry)
psexec \\pcname cmd /c ("icacls" "c:\program Files\something" /grant:r "domainName\domain users:(OI)(CI)F" /t)
 

BgInfo : Logon Wallpaper refresh

December 18, 2014, 6:45 am
$
0
0
Author: University_Deck
Subject: Logon Wallpaper refresh
Posted: 18 December 2014 at 2:45pm

Great script and ideas BKeadle. I recently went through trying to find a good solution to edit and apply the logon background using BGinfo. I got a few ideas from this post (check the last post). However, I wanted something more immediate that would update at each startup. 

You will need a screensaver file (.scr), PSExec.exe, NirCMD.exe, BGInfo.exe and configuration file, and i_view32.exe (only the .exe for i_view32 is needed). I created a directory in "C:\Program Files\BGInfo" and "C:\Program Files\BGInfo\LogonUI" to store my files. Finally, I created a task using the Task Scheduler which runs the following command: psexec -s -x -accepteula \\%computername% "%ProgramFiles%\BGInfo\LogonUI\LogonUI.bat" as the local system account at startup.

REM LogonUI.bat
REM Call this script at startup using "psexec -s -x -accepteula" 
REM Run BGInfo - The .bgi file outputs the image to Windows\BGInfo.bmp
"%ProgramFiles%\BgInfo\BgInfo.exe" /i "%ProgramFiles%\BgInfo\LogonUI\1920x1080-LogonUI.bgi" /timer:0 /NOLICPrompt /SILENT
REM Convert %WinDir%\BGInfo.bmp to jpg
"%ProgramFiles%\BgInfo\LogonUI\i_view32.exe" %windir%\BGInfo.bmp /jpgq=95 /convert=%WinDir%\TEMP\backgroundDefault.jpg
REM Overwrite background with new image
copy /y %WinDir%\TEMP\backgroundDefault.jpg %WinDir%\System32\oobe\info\backgrounds\backgroundDefault.jpg
REM Start screensaver
start "" "%ProgramFiles%\BgInfo\LogonUI\LogonUI.scr" -s
REM Kill LogonUI.exe process
taskkill /im:logonui.exe /f
REM Run NirCMD to trigger background to be applied
"%ProgramFiles%\BgInfo\LogonUI\nircmd.exe" screensaver
REM Remove image
Del /F /Q %windir%\BGInfo.bmp
REM Logging
echo %DATE% %TIME% - %~n0 Logon Screen Update Run Successfully >>"%ProgramFiles%\BgInfo\LogonUI\LogonScrUpdate.log"
Note: You must run this with the PSExec utility and the -s and -x options. You can test your script by remotely logging into the computer and running the command and watching the locked computer. 

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

December 18, 2014, 1:33 pm
$
0
0
Author: macgormac
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 18 December 2014 at 9:33pm

Hello, I need your help before I go mad or throw out the computer.
Notebook Lenovo Y450, clean installation Windows 7.
CPU consumption without load for NT Kernel & System 60-80%.
I have no idea what's going on, the computer is not suitable even for web browsing Ouch
Please take a look and tell me what should I do.
https://dl.dropboxusercontent.com/u/1518729/highCPUUsage.7z


Edited by macgormac - 9 hours 47 minutes ago at 9:34pm

BgInfo : VMXNET3 Script For 10Gb/s

December 18, 2014, 5:20 pm
$
0
0
Author: jlykke
Subject: VMXNET3 Script For 10Gb/s
Posted: 19 December 2014 at 1:20am

Hi Guys,

I was reading the other thread and couldnt quite get BGINFO to show 10Gb/s for a VMXNET3 adapter.

Could someone please run me through the process and supply the script that i need to use?

Cheers
Justin

Process Explorer : Vertical Scroll bar (scrollbar) gone

December 18, 2014, 6:00 pm
$
0
0
Author: phreud
Subject: Vertical Scroll bar (scrollbar) gone
Posted: 19 December 2014 at 2:00am

Have you lost your vertical scrollbar in procexp64.exe?
I *think* I lost mine, because I accidentally ressurected an older version of procexp.exe/procexp64.exe by restoring my utilities folder on my laptop one day.
 
Process explorer seemed to be working, accept that I could not scroll down (using mouse or PgUp/PgDn keys) past the window's visible processes!  As you can imagine, this makes procexp almost unusable.
 
Frustrated, I perused the web, help, landed in this forum and still no answers.
 
Well, I did find in the FAQ the location in the registry where Sysinternals stores its settings.
 
So, I just stopped running procexp64.exe/procexp.exe and all other sysinternals tools (temporarily) then using regedit, I deleted the entire "HKEY_CURRENT_USER\Software\Sysinternals" location from the registry.
 
Then you simply run procexp.exe, and viola, the EULA appeared (always does the first time you run it, if the registry key(s) is/are not found)...
 
Bingo!!! ClapBig smileSmileTongueWink  VERTICAL SCROLLBAR IS BACK!  Whew!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
(I would have reinstalled my entire laptop software to fix this if necessary!  Good thing flushing the registry toilet fixed it. Clap)

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

December 18, 2014, 9:07 pm
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 19 December 2014 at 5:07am

You also have this ntoskrnl.exe!KeAcquireSpinLockRaiseToDpc issue. I also see USBport.sys calls. Try to plugin your USB devices to other ports.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

December 19, 2014, 8:13 am
$
0
0
Author: macgormac
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 19 December 2014 at 4:13pm

I do not use any USB port.
Before system boot up i think POST displays a message:
"USB Over Current On HC/Port - Bus:00H Dev:1AH Fun:01H / Port:01H
Press F1 to Continue"
Message is displayed for a long time and a notebook worked properly.
Currently notebook does not start in safe mode, hang after line:
Loaded: \windows\system32\DRIVERS\CLASSPNP.SYS
Normal mode works.
Search

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

December 19, 2014, 8:24 am
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 19 December 2014 at 4:24pm

if you only use PS2 devices, disable the USB controllers in device manager.

Miscellaneous Utilities : Procdump date

December 19, 2014, 8:53 am
$
0
0
Author: Driver
Subject: Procdump date
Posted: 19 December 2014 at 4:53pm

Hello, my procdump is running constantly and monitoring the production application. I need to see the date also next to the time of exception.

[18:01:24] Exception: E06D7363.PAVCFileException@@
[18:02:22] Exception: E06D7363.PAVCFileException@@
[15:12:36] Exception: E06D7363.K
[15:13:56] Exception: E06D7363.K
[15:17:12] Exception: E06D7363.K
[15:18:50] Exception: E06D7363.K
[15:20:58] Exception: E06D7363.K
[11:16:41] Exception: E06D7363.PAVCFileException@@
[11:16:58] Exception: E06D7363.PAVCFileException@@

Malware : Malware analysis question

December 19, 2014, 9:28 am
$
0
0
Author: blackhat401
Subject: Malware analysis question
Posted: 19 December 2014 at 5:28pm

Hello All,

I was trying to understand why the following function calls were categorized as Anti-Emulation/VM Detection. I am curious to know what information does it cough up to infer that the malware is running under a VM. I saw this on one of the automated reports.

GetVersionExW@KERNEL32.DLL
GetVersionExW@KERNEL32.DLL
GetVersionExA@KERNEL32.DLL

Many Thanks!

Autoruns : Occasional error message when starting Autoruns

December 19, 2014, 11:17 am
$
0
0
Author: nintendo1889
Subject: Occasional error message when starting Autoruns
Posted: 19 December 2014 at 7:17pm

I get this message on Windows 7, when I do not launch it as an administrator. The curious thing was that I was still able to disable certain tools even when autoruns was not launch as a local admin. I relaunched as admin and they correctly show as disabled. After reboot they were proven to be disabled.

Although this computer had other issues, possibly a bad motherboard or hard drive, that I have yet to fully diagnose.


Edited by nintendo1889 - 11 hours 49 minutes ago at 7:42pm

Development : Discuss: HOWTO: Verify digital signature of a file

December 19, 2014, 11:20 am
$
0
0
Author: Validator Al
Subject: Discuss: HOWTO: Verify digital signature of a file
Posted: 19 December 2014 at 7:20pm

Thanks for this code! I assume it is still good for Windows 8.1, both 32-bit and 64-bit?

Also, how difficult would it be to modify this to check to see that the signer matches a specific string if provided?

BgInfo : VMXNET3 Script For 10Gb/s

December 19, 2014, 11:35 am
$
0
0
Author: jlykke
Subject: VMXNET3 Script For 10Gb/s
Posted: 19 December 2014 at 7:35pm

After abit of playing around and determination i managed to chop and change a few scripts and came up with the following with gave me the expected output on bginfo i required Smile


strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\WMI")
Set colItems = objWMIService.ExecQuery("SELECT * FROM MSNdis_LinkSpeed",,48)
For Each objItem in colItems
   If objItem.InstanceName = "vmxnet3 Ethernet Adapter" Then 
StrSpeedG = objItem.NdisLinkSpeed 
ValSpeedG = " Gb/s"
   End If
Next
   If StrSpeedG >= 1 then echo StrSpeedG/10000000 & ValSpeedG

PsTools : psexec-sql 2008 job step help

December 19, 2014, 1:12 pm
$
0
0
Author: rbanka3253
Subject: psexec-sql 2008 job step help
Posted: 19 December 2014 at 9:12pm

I was facing the same issue. Resolved by granting RDP access to the proxy account on the SQL server. Also Remember on remote computer the proxy account has to have admin rights.
It is very tricky error message. What I understood about this was some sort of encrypted communication between two computers require the proxy account to have remote access permissions on both computers.
Hope this helps!

Search

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

December 19, 2014, 2:16 pm
$
0
0
Author: macgormac
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 19 December 2014 at 10:16pm

Thanks a lot. Disable one of the usb root hub solved the problem.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

December 19, 2014, 10:41 pm
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 20 December 2014 at 6:41am

nice to hear this :)

BgInfo : Group policy & win 8.1

December 20, 2014, 3:27 am
$
0
0
Author: Mike4x4
Subject: Group policy & win 8.1
Posted: 20 December 2014 at 11:27am

I have added bginfo to run on login with group policy.  It works fine on server2012 machines but does not apply to windows 8.1 machines. 
 
This is the .bat file I am using
 
reg add HKU\.DEFAULT\Software\Sysinternals\BGInfo /v EulaAccepted /t REG_DWORD /d 1 /f

Autoruns : Desktop shortcut context menu items

December 20, 2014, 9:37 am
$
0
0
Author: Hans L
Subject: Desktop shortcut context menu items
Posted: 20 December 2014 at 5:37pm

Hello:

I have Windows 7 Ultimate 64-bit.

When I right-click on a .jpg icon/shortcut on the desktop, it takes over 30 seconds for the context menu to appear. (This only happens the first time I do it. Any time after that, it is as fast as anything else. Right-clicking on, for instance, a pdf file shortcut does not result in any delay, nor if I right-click on the desktop itself.)

I figure that it might be an item in the context menu that causes this. I started by unchecking three SnagIt itmes on tag Explorer (as a TEST only), restarted the computer, right-clicked, but the SnagIt context menu item is stil there, That was not supposed to happen, eh?

Now, one strange thing. When I tried to uncheck a fourth SnagIt item under the tag Explorer in AutoRuns, I got the message that it could not be found. How did it wind up in the list at all then?

Would someone kindly send me in the correct direction to get this right (uncheck, delete, etc.) and for me to solve the "not found" issue.

Thank you!

Hans L

BgInfo : VMXNET3 Script For 10Gb/s

December 20, 2014, 1:46 pm
$
0
0
Author: WindowsStar
Subject: VMXNET3 Script For 10Gb/s
Posted: 20 December 2014 at 9:46pm

Good job. -WS
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>