PsTools : PsExec and passwords with double quote

March 18, 2016, 9:24 am

≫ Next: PsTools : PSExec - System Cannot Find File Specified

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: methujeraya
Subject: PsExec and passwords with double quote
Posted: 18 March 2016 at 4:24pm

Hello,

Reference http://stackoverflow.com/questions/36068358/psexec-not-executing-command-when-password-with-is-specified/36068754?noredirect=1#comment59814603_36068754.

Good morning everyone. I have decided to post this to this forum as I don't see any post about it here. 

The issue is that PsExec drops all arguments I've added on the argument when the password has a double quote in it. PsExec works fine with passwords that have unique special characters, but it specifically fails with the double quote. I know that when there's a double quote we have to repeat it for psExec to understand, but this behavior is weird. Please see below.

Code:

$x = read-host -prompt 'Enter something:'PSEXEC -u storeadmin -p ('"' + ($x -replace '"', '""') + '"') \\srXXX01 cmd /c TIME /T 

Result:

Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp.

Expectation:

Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp.XX:XX <-- THE ACTUAL TIME, then EXIT as I've invoked /C in CMD

What's happening here is that '/C TIME /T' are all dropped and ignored when the password has a double quote.

I cannot afford to copy a CMD file to the remote machine, it has to be in the argument due to reasons. 

---

PsTools : PSExec - System Cannot Find File Specified

March 18, 2016, 9:38 am

≫ Next: PsTools : How to repair corrupt exchange server database?

≪ Previous: PsTools : PsExec and passwords with double quote

$

0

0

Author: methujeraya
Subject: PSExec - System Cannot Find File Specified
Posted: 18 March 2016 at 4:38pm

Is the C:\Windows\shutdown.bat located in the \\PC1 machine? Cause if it's not, that's the file it's looking for. 

PsTools : How to repair corrupt exchange server database?

March 18, 2016, 12:06 pm

≫ Next: Disk2vhd : Vhd2disk

≪ Previous: PsTools : PSExec - System Cannot Find File Specified

$

0

0

Author: christabeel
Subject: How to repair corrupt exchange server database?
Posted: 18 March 2016 at 7:06pm

Exchange Server Recovery is the best solution to fix all EDB file corruption issues effectively. The software performs accurate recovery of all emails, attachments, contacts, and other mailbox items from corrupt EDB files and save in Outlook PST files . Read more and free download click here http://exchangeserverdatabaserecovery.blogspot.com

Disk2vhd : Vhd2disk

March 18, 2016, 12:51 pm

≫ Next: BgInfo : Run from GPO?

≪ Previous: PsTools : How to repair corrupt exchange server database?

$

0

0

Author: Shadow101
Subject: Vhd2disk
Posted: 18 March 2016 at 7:51pm

Trying to get a VHD created with disk2vhd to an SSD physical disk.  64 bit download doesn't work, trying the 32 bit version:

Sees the created VHD.

Sees the physical drive 3 (the new SSD)

Tells me the drive is mounted - turn offline.  Done that and even restarted the VHD2disk program - still sees it as mounted.

BgInfo : Run from GPO?

March 18, 2016, 1:41 pm

≫ Next: Internals : Interesting page fault optimization on Win8.1

≪ Previous: Disk2vhd : Vhd2disk

$

0

0

Author: rpelletier
Subject: Run from GPO?
Posted: 18 March 2016 at 8:41pm

I have been working all day on this, and am really getting tired of it.   Not sure if I am a dummy, or if the MS folks are.   (Leaning toward me.)

I am trying to use a BGInfo wallpaper to indicate that a GPO has been applied.   I have implemented a policy to prevent programs running from the user profile folders, to prevent malware.   In the same GPO, i set up a simple batch file to run BGinfo, an indication that the security has been implemented.

I already found and carefully read this:     http://social.technet.microsoft.com/wiki/contents/articles/20262.apply-bginfo-using-a-group-policy-logon-script.aspx

I have asked to always wait for network, in case there's a timing thing.   I have also removed the 5 minute delay, as suggested elsewhere.

I have run the Group Policy Results to see that the GPO is being implemented, and even tried running a program from within the forbidden spots in the profile.  Easy enough to see  that the policy is being run, but the BGInfo screen is NOT being displayed.    I can run the script manually, using the exact same path (UNC), but it will NOT run from the GPO.

Please, what am I doing wrong?   This is making me crazy!

Internals : Interesting page fault optimization on Win8.1

March 18, 2016, 11:28 pm

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: BgInfo : Run from GPO?

$

0

0

Author: jquirke
Subject: Interesting page fault optimization on Win8.1
Posted: 19 March 2016 at 6:28am

Hello,

I was performing an experiment with the Empty Working Set feature of VMmap along with testlimit. To my surprise, the supposedly dirty pages ended up on the Zero List when checking with RAMmap.

On Windows 8.1 x64, if I run:

C:\bin>testlimit64.exe -d -c 4096

and check in RAMmap, process private will be 4194700K.

In VMMap if I now do Empty Working Set on this process [which I confirm in a debugger simply calls SetProcessWorkingSetSizeEx(hproc, -1,-1, 0) ] I see these pages moved to the Zero List!

My first thought was that testlimit was perhaps only reading these pages, not writing them. So I put data break points on the return value from VirtualAlloc and found the code that touches these pages in testlimit:

00000001`40001390 c60000          mov     byte ptr [rax],0

00000001`40001393 480500100000    add     rax,1000h

00000001`40001399 4883eb01        sub     rbx,1

00000001`4000139d 75f1            jne     image00000001_40000000+0x1390 (00000001`40001390)

00

It seems testlimit simply writes a byte of 0 to the first byte of each page.

However, I confirmed in XPERF no pages were being written out to the pagefile when I performed Empty Working Set. So how did they end up on the Zero List so quickly?

I suspected perhaps the page fault handler was smart enough now to recognize zero writes, and dismiss them if the page is a demand-zero page. I changed the code in the debugger to write 1s, instead of zeros, and sure enough, confirmed that these pages were written out to the pagefile, and moved via the Modified List to the Standby List.

So there you go. Anyone know when this cool little feature crept in? And Mark, you might need to modify testlimit to cater for this. 

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 19, 2016, 2:42 pm

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Internals : Interesting page fault optimization on Win8.1

$

0

0

Author: Obradbl
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 19 March 2016 at 9:42pm

I will try to update bios.

Note, its brand new pc with Windows 8.1 64bit.

Intel 6600k

Asus Z170A

8GB RAM

R9 390

and so on...

But the biggest problem is that ntoskrnl doesnt appear always. Like it dissapears for a few days, then appears again, when i restart the pc it doesnt show until like new boot or something like that. It isnt constant. It can idle for hours over night, nothing happens,and sometimes system process appears like few minutes after boot. Its driving me crazy because when it appears, pc becomes somewhat unresponsive, usb flash drives won't work, cant start apps like HW Monitor, MSI Afterburner, games work completely fine.

Really strange and frustrating. 

Thank you all, i will update bios to latest version and see if anything happens. 

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 20, 2016, 2:51 pm

≫ Next: BgInfo : Run from GPO?

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: armytech94
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 20 March 2016 at 9:51pm

Hey MagicAndre, I too need assistance! This process 'ntoskrnl.exe' is weighing down my computer. In task manager it says that its using more memory than CPU, but I'm not an expert.
Here is the download link to the CPUUsage file. However, I'm an aspiring computer technician. I would appreciate it if you could help me or point me in the direction of learning how to understand the CPUUsage charts.
Thanks for your expertise!

---

BgInfo : Run from GPO?

March 20, 2016, 9:56 pm

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: WindowsStar
Subject: Run from GPO?
Posted: 21 March 2016 at 4:56am

Suggestions:

#1 Double check permissions to ALL folders.

#2 Change from .BAT to .CMD or better yet use .VBS

#3 Turn off UAC for testing.

 

-WS

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 20, 2016, 10:16 pm

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: BgInfo : Run from GPO?

$

0

0

Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 21 March 2016 at 5:16am

I can't see the link.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 20, 2016, 11:12 pm

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: armytech94
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 21 March 2016 at 6:12am

https://drive.google.com/file/d/0Bw4rP137GUiHeFZySi1kTjdmenc/view?pref=2&pli=1

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 21, 2016, 9:15 am

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 21 March 2016 at 4:15pm

the CPU usage comes from AutoCAD ("C:\Program Files\Autodesk\AutoCAD 2016\acad.exe"). the SYSTEM cpu usage (on 2.79%) comes from the CacheManager of Windows (ntoskrnl.exe!CcWorkerThread)

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 21, 2016, 9:46 am

≫ Next: Process Explorer : ** Feature Requests **

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: zerogott
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 21 March 2016 at 4:46pm

Hey,
got a problem with my CPU usage and the ndis/ntoskrnl hope you can help me

https://i.gyazo.com/a1e17ddf3c0ff791732e78699fcbec86.png screen from process hacker

dl link for the WPT Trace
https://onedrive.live.com/redir?resid=6768F5B111576103!107&authkey=!AGZRXA7TqWYiFpU&ithint=file%2c7z

Process Explorer : ** Feature Requests **

March 21, 2016, 9:52 am

≫ Next: Process Monitor : Licensing

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

$

0

0

Author: mwilson64
Subject: ** Feature Requests **
Posted: 21 March 2016 at 4:52pm

How about an option to right-click a process and start Process Monitor?

Process Monitor : Licensing

March 22, 2016, 1:38 am

≫ Next: Troubleshooting : Excel data lost for work.

≪ Previous: Process Explorer : ** Feature Requests **

$

0

0

Author: JustRu
Subject: Licensing
Posted: 22 March 2016 at 8:38am

I need information on ProcMon licensing.

We would like to use output in our software (test & debug).

I sent email to licensing@sysinternals.com, but no one answered. 

---

Troubleshooting : Excel data lost for work.

March 22, 2016, 7:08 am

≫ Next: Troubleshooting : Excel data lost for work.

≪ Previous: Process Monitor : Licensing

$

0

0

Author: Nurminen
Subject: Excel data lost for work.
Posted: 22 March 2016 at 2:08pm

When anExcel file is corrupted, then you can try several methods to recover it:

1. First of all, you can try to repair the file manually in Excel, as follows:
(1) On the File menu, click Open.
(2) In the Open dialog box, select the file you want to open, and click thearrow next to the Open button.
(3) Click Open and Repair, and then choose which method you want to use torecover your workbook.

You mayfind more information about this at:

http://office.microsoft.com/en-us/excel-help/repairing-a-corrupted-workbook-HA010097017.aspx?CTT=1 (for Excel 2007)
http://office.microsoft.com/en-us/excel-help/repairing-a-corrupted-workbook-HA010342840.aspx?CTT=1 (for Excel 2010)
http://office.microsoft.com/en-us/excel-help/repair-a-corrupted-workbook-HA102749554.aspx?CTT=1 (for Excel 2013)

Troubleshooting : Excel data lost for work.

March 22, 2016, 7:19 am

≫ Next: Troubleshooting : Excel data lost for work.

≪ Previous: Troubleshooting : Excel data lost for work.

$

0

0

Author: Nurminen
Subject: Excel data lost for work.
Posted: 22 March 2016 at 2:19pm

2. Ifmethod 1 fails, there are still several methods to recover your Excel filemanually with Excel, including writing a small VBA macro, as below

http://office.microsoft.com/en-us/excel-help/repair-a-corrupted-workbook-HA102749554.aspx?CTT=1#_Toc337637262

3.For xlsxfiles, they are actually a group of files compressed in Zip file format.Therefore, sometimes, if the corruption is only caused by the Zip file, thenyou can use Zip repair tools to repair the file, as follows:
4.1 Assuming the corrupt Excel file is a.xlsx, then you need to rename it toa.zip
4.2 Start WinRAR, go to "Tools > Repair Archive" to repair a.zipand generated a fixed file a_fixed.zip.
4.3 Rename a_fixed.zip back to a_fixed.xlsx
4.4 Using Excel to open a_fixed.xlsx.

5. If allabove methods do not work, then you may try third-party tools such as Excel Recovery Toolbox at http://www.oemailrecovery.com/excel_recovery.html

   It provides a free download version so thatyou can try to see if the data you want can be recovered or not. Good luck!

Troubleshooting : Excel data lost for work.

March 22, 2016, 7:26 am

≫ Next: BgInfo : Wallpaper problem with user setting of Fill or Fit

≪ Previous: Troubleshooting : Excel data lost for work.

$

0

0

Author: Nurminen
Subject: Excel data lost for work.
Posted: 22 March 2016 at 2:26pm

May be thislink will help you? https://social.technet.microsoft.com/Forums/office/en-US/cac22d27-34d6-4d38-9183-18fbb0a062df/how-to-repair-corrupt-ms-excel-2003-xls-file?forum=excel

BgInfo : Wallpaper problem with user setting of Fill or Fit

March 22, 2016, 9:45 am

≫ Next: Process Explorer : Process Monitor and serial ports

≪ Previous: Troubleshooting : Excel data lost for work.

$

0

0

Author: ABrescia
Subject: Wallpaper problem with user setting of Fill or Fit
Posted: 22 March 2016 at 4:45pm

Windows 7 , BGInfo is launched by VB script called in HKLM Run. BGI file is set to Background " Copy User's Wallpaper Settings" .

The problem is that if the user has their Picture Position set to Fill or FIT under Personalization of Desktop Background , the created BMP stretches across the desktop to fill the current resolution size. It looks like BGInfo does not understand the User selection of "Fit" or "Fill" and creates the copied image as Stretch. Has any one else seen this behavior and found a work around?

Process Explorer : Process Monitor and serial ports

March 22, 2016, 10:29 am

≫ Next: Internals : How to open a Photoshop file and save it in anothe

≪ Previous: BgInfo : Wallpaper problem with user setting of Fill or Fit

$

0

0

Author: jimfred
Subject: Process Monitor and serial ports
Posted: 22 March 2016 at 5:29pm

I'm having troubles seeing any serial port activity in Process Monitor. I expected to see something like file I/O for reads or writes on a serial port. Any suggestions?

PortMon used to be a good tool for this but I think that it doesn't work on 64-bit Windows.