Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Autoruns : Microsoft Project doesn't open file

June 22, 2016, 10:12 am
$
0
0
Author: LeoHarmon
Subject: Microsoft Project doesn't open file
Posted: 22 June 2016 at 5:12pm

Is the file part of a master/subprojector resource pool/subproject structure? Does the file contain paste links? Isthe file on a remote server such that it is accessed over a network? Any ofthese items make a file more prone to corruption. And even if your answer toall the above is "no", files can still sometimes get corrupted. Itsnot easy to always identify the reason.

For starters you might try method 4detailed in FAQ 43 found on the MVP website at, http://project.mvps.org/faqs.htm  Ifthat doesn't work your best bet is to revert back to an earlier version thatstill opens, (you do periodically save I assume), and then go forward fromthere.

In that case if all else fails, you cantry this Microsoft projectrepair online service.  I think that you should all get. https://onlinefilerepair.com/en/project-repair-online.html

Search

Autoruns : Microsoft Project doesn't open file

June 22, 2016, 10:15 am

PsTools : PSEXEC will not run script after copy

June 23, 2016, 5:23 am
$
0
0
Author: newniman
Subject: PSEXEC will not run script after copy
Posted: 23 June 2016 at 12:23pm

Setup is a home network with 2 machines only, consisting:
  1. local machine is Win 7 pro 32 bit laptop
  2. remote is also Win 7 pro 32 bit netbook - computer name is "slave1"
When an AutoIt script (name = "Slave_Get_IP.au3") already exists on the remote and the following command is entered at the local command console the remote script executes as expected:
psexec \\slave1 -u Multicam -p abcd "C:\Program Files\AutoIt3\AutoIt3.exe" "C:\Users\Multicam\Desktop\AutoIt-GUI\IPCONFIG\Slave_Get_IP.au3"
The following is recorded in the local console:
starting psexec service on slave1C:\Program Files\AutoIt3\AutoIt3.exe exited on slave1 with error code 0
All is well - the remote script dumps the remote ip to a remote file as required. 

However, at this point if I manually copy the script file from the local machine to remote and then execute the exact same psexec command as detailed before the local console displays:
access is denied
and the remote script does not execute.

Any idea why the seeming simple act of copying and overwriting the existing script file on the remote causes this (for me big) problem? 


Edited by newniman - 6 hours 41 minutes ago at 12:44pm

Miscellaneous Utilities : Sysmon Error -

June 23, 2016, 11:17 am
$
0
0
Author: n00b_ninja
Subject: Sysmon Error -
Posted: 23 June 2016 at 6:17pm

I am trying to install sysmon on a server with a config file. I tried it on my test windows 7 machine and it worked fine. I tried same on the server and it gave me the following error:
Error: Incorrect XML configuration
Reason: Text is not allowed in the context of element 'ProcessCreate' according to DTD/Schema

Here is my config file:


<Sysmon schemaversion="2.01">
   <!-- Capture MD5 Hashes -->
   <HashAlgorithms>*</HashAlgorithms>
   <EventFiltering>
      <!-- Log all drivers except if the signature -->
      <!-- contains Microsoft or Windows -->
      <DriverLoad onmatch="exclude">
         <Signature condition="contains">microsoft</Signature>
         <Signature condition="contains">windows</Signature>
      </DriverLoad>
      <!-- Exclude certain processes that cause high event volumes -->
      <ProcessCreate onmatch="exclude">
         <Image condition="contains">splunk</Image>
         <Image condition="contains">Sophos</Image>
         <Image condition="contains">btool.exe</Image>s
         <CommandLine condition="contains">splunk</CommandLine>
         <CommandLine condition="contains">sophos</CommandLine>
         <CommandLine condition="contains">splunkd</CommandLine>
      </ProcessCreate>
      <CreateRemoteThread onmatch="include">
      <TargetImage condition="image">lsass.exe</TargetImage>
      <TargetImage condition="image">winlogon.exe</TargetImage>
      </CreateRemoteThread >
      <!-- Do not log file creation time stamps -->
      <FileCreateTime onmatch="include"/>
      <!-- Do not log raw disk access (caused event flooding with certain disk encryption drivers) -->
      <RawAccessRead onmatch="include"/>
      <!-- Do not log process termination -->
      <ProcessTerminate onmatch="include"/>
      <!-- Log all network connection -->
      <NetworkConnect onmatch="include"/>
      <!-- Log all image loading -->
      <ImageLoad onmatch="include"/>
   </EventFiltering>
</Sysmon>

Internals : Lost OE mail in recent months and years.

June 24, 2016, 10:14 am
$
0
0
Author: AllanHutchison
Subject: Lost OE mail in recent months and years.
Posted: 24 June 2016 at 5:14pm

Hi, Thank you for your time and great help. I really appreciate your feedback and I am very thankful for your time and support. Solved!
Many thanks.

Process Explorer : Process Explorer faulted by verifier.dll

June 24, 2016, 11:59 pm
$
0
0
Author: Stevetaw
Subject: Process Explorer faulted by verifier.dll
Posted: 25 June 2016 at 6:59am

Hi,

I am running windows 10 64 bit. Out of nothing, process explorer stopped working lately. Following entry was found in the application log as reported by event viewer.

Faulting application name: procexp64.exe, version: 16.12.0.0, time stamp: 0x56b3cb63
Faulting module name: verifier.dll, version: 10.0.10586.0, time stamp: 0x5632d84f
Exception code: 0x80000003
Fault offset: 0x00000000000068f6
Faulting process id: 0x1bb4
Faulting application start time: 0x01d1cea231c6e998
Faulting application path: C:\Users\TAW\AppData\Local\Temp\procexp64.exe
Faulting module path: C:\Windows\system32\verifier.dll
Report Id: 996726c1-c384-47fa-ab67-150557d236a1
Faulting package full name:
Faulting package-relative application ID:

I then used processhacker to check the running of PExplorer - and found that it ended with werfault.exe and dies after a while. No UI - nothing. I later discover that verifier.dll is also faulting chrome, MSoffice and other apps too. I run verifiergui.exe (c:\windows\system32) and delete the settings and rebooted. No avail.

Any gives?

Thanks in advance.

Disk2vhd : BSOD while booting from created VHD

June 25, 2016, 8:42 am
$
0
0
Author: avr
Subject: BSOD while booting from created VHD
Posted: 25 June 2016 at 3:42pm

Hi!

I created VHD from my physical drive (system reserved partition + disk C:). Then I added a boot record for this VHD with bcdedit.exe. When I try to boot from it, my Windows 7 begins to load but then I get BSOD with error 0x0000007b. How can I fixed it?

Thanks!

Autoruns : Microsoft Project doesn't open file

June 25, 2016, 3:50 pm
$
0
0
Author: JackByrne
Subject: Microsoft Project doesn't open file
Posted: 25 June 2016 at 10:50pm

I am very grateful for your advices. Thank you very much! The issue has been resolved.)

Search

Disk2vhd : BSOD while booting from created VHD

June 26, 2016, 1:02 am

Process Explorer : Process Explorer faulted by verifier.dll

June 26, 2016, 1:04 am
$
0
0
Author: MagicAndre1981
Subject: Process Explorer faulted by verifier.dll
Posted: 26 June 2016 at 8:04am

Run gflags.exe (part of Windows SDK), go to image tab, type procexp.exe/procexp64.exe and press TAB and now uncheck app verifier/pageheap.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

June 26, 2016, 1:16 am

Process Explorer : Process Explorer faulted by verifier.dll

June 26, 2016, 3:34 am
$
0
0
Author: Stevetaw
Subject: Process Explorer faulted by verifier.dll
Posted: 26 June 2016 at 10:34am

It worked. Thanks! 

BgInfo : Getting Only Active Network Cards with their speed

June 26, 2016, 8:47 am
$
0
0
Author: boe_d
Subject: Getting Only Active Network Cards with their speed
Posted: 26 June 2016 at 3:47pm

Hello,
 
I'd really like to have only active network cards (not disabled in the network control panel) with their speed listed next to them would be great.
 
I have something close to half of it but it doesn't show the speed next to it -
SELECT NetConnectionID FROM Win32_NetworkAdapter WHERE NetConnectionStatus = 2
 
Also I'm not sure why but when using the default network speed field (not custom) it shows 4GB/s instead of 10Gb/s.   I've double checked under network status and file transfer I'm getting 10Gb/s
 
So ideally bginfo would display something like this (the name I've given the network card)
Quad x710 Port 1         10Gb/s
Quad x710 Port 2         10Gb/s
Intel x350 Port 1           1GB/s


Edited by boe_d - 5 hours 6 minutes ago at 4:05pm

BgInfo : VMXNET3 Script For 10Gb/s

June 26, 2016, 9:57 am
$
0
0
Author: boe_d
Subject: VMXNET3 Script For 10Gb/s
Posted: 26 June 2016 at 4:57pm

Is this to solve the issue with BGinfo showing the incorrect speed for 10G cards?   Mine show as 4G using the default field.

Miscellaneous Utilities : SysMon NetworkConnect filters

June 26, 2016, 9:29 pm
$
0
0
Author: hybrid
Subject: SysMon NetworkConnect filters
Posted: 27 June 2016 at 4:29am

I'm not convinced that filters actually work properly.
Does anyone have filters actually configured and working properly?

Particularly network connection filters, I can clearly see the following simply not working:
On match exclude:
1) Image condition "contains"
2) DestinationIp condition "is", "begin with" or "contains"
3) DestinationHostname condition "end with", "contains"

For instance, in trying to exclude connections to local traffic, I unsuccessfully have tried:

<DestinationIp condition="is">127.0.0.1</DestinationIp>
<DestinationIp condition="begin with">172.20</DestinationIp> (including rules covering all private address space)
<DestinationHostname condition="end with">ourdomain.com</DestinationHostname>
<DestinationHostname condition="contains">ourdomain.com</DestinationHostname> (was not happy with this one, but only did it as a test)

Filters in FileCreateTime seem to be working OK - at least Image condition "contains".
Filters in DriverLoad seem  to be working OK - at least Signature condition "contains".

I also think that Image loading filters have issues too. In fact with Image loading enabled, my test machine eventually grinds to a halt and I can't even log in. I end up having to stop sysmon remotely.


Edited by hybrid - 16 hours 50 minutes ago at 4:32am
Search

BgInfo : VMXNET3 Script For 10Gb/s

June 26, 2016, 10:11 pm
$
0
0
Author: WindowsStar
Subject: VMXNET3 Script For 10Gb/s
Posted: 27 June 2016 at 5:11am

Nope, it is for VMWare cards. -WS

BgInfo : Getting Only Active Network Cards with their speed

June 26, 2016, 10:18 pm
$
0
0
Author: WindowsStar
Subject: Getting Only Active Network Cards with their speed
Posted: 27 June 2016 at 5:18am

You will need to write a VBScript to capture the information and display it the way you want it. -WS

PsTools : Whois unreliable results

June 27, 2016, 12:02 am
$
0
0
Author: salada2k
Subject: Whois unreliable results
Posted: 27 June 2016 at 7:02am

Hi, here is a sample of what the WhoIs tool does on Windows:

c:\> whois 208.91.112.140

Whois v1.14 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2016 Mark Russinovich

The requested name is valid, but no data of the requested type was found.


------------------------

On OSX (using OSX whois tool, some info snipped to keep post size down):

whois 208.91.112.140

# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=208.91.112.140?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2

NetRange:       208.91.112.0 - 208.91.115.255
CIDR:           208.91.112.0/22
NetName:        FORTINET
NetHandle:      NET-208-91-112-0-1
Parent:         NET208 (NET-208-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       AS577, AS852
Organization:   Fortinet Inc. (FTC-58)
RegDate:        2008-06-04
Updated:        2012-06-13
Ref:            https://whois.arin.net/rest/net/NET-208-91-112-0-1


So my question is, why does the Sysinternals tool fail to get the same data when compared to the OSX (or perhaps any other) whois tool?

I'd really like the Sysinternals tool to be reliable!

Thanks for any help.

Cheers.


BgInfo : Getting Only Active Network Cards with their speed

June 27, 2016, 6:51 am
$
0
0
Author: boe_d
Subject: Getting Only Active Network Cards with their speed
Posted: 27 June 2016 at 1:51pm

Thanks.   I have no idea what it entails to run a script in BGINFO but at least I know it won't be that easy.

BgInfo : VMXNET3 Script For 10Gb/s

June 27, 2016, 6:53 am
$
0
0
Author: boe_d
Subject: VMXNET3 Script For 10Gb/s
Posted: 27 June 2016 at 1:53pm

Thanks - any guess why bginfo shows 4GB but network status shows 10Gb/s?
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>