Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Process Explorer : physical or logical processor?

July 12, 2016, 7:14 am
$
0
0
Author: pinscomputer
Subject: physical or logical processor?
Posted: 12 July 2016 at 2:14pm

I suggest deleting the process explorer registry key and then re-launch
 
1. exit process explorer
2.  CREATE A RESTORE POINT
3. launch regedit
4. navigate to the process explorer registry key and delete:

HKEY_CURRENT_USER\Software\Sysinternals\Process Explorer

5. exit regedit
 
Search

BgInfo : Displaying the User Domain Password Expiry date

July 12, 2016, 7:24 am
$
0
0
Author: YupoWert
Subject: Displaying the User Domain Password Expiry date
Posted: 12 July 2016 at 2:24pm

Great, that is precisely what I need - can you help - I don't have the scripting knowledge.
 
 

Troubleshooting : Sysmon v4 Not Logging Network Connections

July 12, 2016, 8:04 am
$
0
0
Author: voidNOP
Subject: Sysmon v4 Not Logging Network Connections
Posted: 12 July 2016 at 3:04pm

Hello foutoir,

thanks for the link. 3.21 is working as expected!

Greetings

void

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

July 12, 2016, 9:03 am

Troubleshooting : Auditing Files

July 15, 2016, 6:53 am
$
0
0
Author: SODIron
Subject: Auditing Files
Posted: 15 July 2016 at 1:53pm

I've slightly tweaked the above...
 
##############################
 
New-PSDrive -Name "X" -PSProvider "FileSystem" -Root "\\fs1\C$"
X:
Get-ChildItem -include *.doc,*.pdf,*.rtf,*.txt,*.xls -recurse -ErrorAction SilentlyContinue | Select-String -Pattern 'ADMIN_','XFR_','SVC_'|  Select Pattern,FileName,Path | Export-CSV -Path 'C:\Temp\fs1_Audit.CSV' -NoTypeInfo
 
##############################
 
This now returns the value of 'pattern, the file name and the full path in the CSV (for example if it detects a file containing 'SVC_' named AccountInfo.txt in the FS1\C$\SharedFolder directory the CSV would append the line to the output;
 
SVC_,AccountInfo.txt,\\fs1\C$\SharedFolder\AccountInfo.txt
 
This enables me to perform a quick scan over the output and rule out any obvious false positives.

Troubleshooting : Auditing Files

July 15, 2016, 8:42 am
$
0
0
Author: pinscomputer
Subject: Auditing Files
Posted: 15 July 2016 at 3:42pm

can you share the average server specs & what kind of load it is putting on the system?

BgInfo : Displaying the User Domain Password Expiry date

July 15, 2016, 3:12 pm
$
0
0
Author: WindowsStar
Subject: Displaying the User Domain Password Expiry date
Posted: 15 July 2016 at 10:12pm

This would be difficult without access to your domain. There are a lot of factors here. Do you have a mixed domain of 2003,2008,2012 servers? Do you have multi forest, do you have multi domains?? etc. etc. This type of script normally has to be developed on the domain so you can test, test, test as you make changes to get it to work. -WS

Autoruns : My big mistake with autoruns all over again

July 16, 2016, 12:50 pm
$
0
0
Author: hofy
Subject: My big mistake with autoruns all over again
Posted: 16 July 2016 at 7:50pm

Hi,
 
I've searched the forum but didn't find any tutorial on how to revert this dumb action of mine :(

Yes, I've done it. I unchecked a few drivers from the list. I have a running linux installation with wine on it, full access to windows partition. There is a recovery partition on the PC but I'd like to keep this option for last resort. Recovery is windows 8, and I have upgraded to win 8.1 in the meantime.

So I have no DVD or USB backup.

is there any chance to fix this?

thank you
Search

Autoruns : My big mistake with autoruns all over again

July 16, 2016, 2:34 pm
$
0
0
Author: pinscomputer
Subject: My big mistake with autoruns all over again
Posted: 16 July 2016 at 9:34pm

as long as you didn't delete the entry, just put the check back for the entry.  Autoruns will re-create the registry entry.
 
from the sysinternals admin reference:
 
"By contrast, when you disable an entry by clearing its check box, Autoruns leaves a marker
behind that Autoruns recognizes and with which it can reconstitute and re-enable the entry.
For example, for most registry ASEPs, Autoruns creates an AutorunsDisabled subkey in the
ASEP location and copies the registry value being disabled into that subkey before deleting
the original value. Windows will not process anything in that subkey, so the items in it
will not run, but Autoruns displays them as disabled autostarts. Checking the entry again
puts the entry back into the actual ASEP location. For ASEPs in the file system such as in the
Start menu, Autoruns creates a hidden folder named AutorunsDisabled and moves disabled entries into that folder."
 

Autoruns : My big mistake with autoruns all over again

July 16, 2016, 2:50 pm
$
0
0
Author: hofy
Subject: My big mistake with autoruns all over again
Posted: 16 July 2016 at 9:50pm

Hi,
I forgot to point out : windows won't boot up. I can get to command line when the recovery partition boots. tried to run autorunsc.exe from the command line but that gives me an error.

Autoruns : My big mistake with autoruns all over again

July 16, 2016, 5:07 pm
$
0
0
Author: Dax1792
Subject: My big mistake with autoruns all over again
Posted: 17 July 2016 at 12:07am

Go back to a Restore point from before you changed the Registry. You can enter rstrui.exe into the command line. 

Miscellaneous Utilities : SDelete hangs at 100%

July 17, 2016, 1:44 am
$
0
0
Author: justmeandmyself
Subject: SDelete hangs at 100%
Posted: 17 July 2016 at 8:44am

Hi.

Since the latest update of the Sysinternals Suite, when I run Sdelete (v 2.0) on my disk, it hangs at 100% and does not end (command is sdlete.exe -c -z- r <drive>; OS is Win10 Pro, current updates applied; no recent changes to other drivers or firmware). I have this issue on two machines and since i run SDelete from within a script, it stops my automation process dead since i have to manually end the process now.

Any ideas on how to get this fixed?

Autoruns : My big mistake with autoruns all over again

July 17, 2016, 2:29 am
$
0
0
Author: hofy
Subject: My big mistake with autoruns all over again
Posted: 17 July 2016 at 9:29am

Hi,
thanks for trying to help. Of course I get the option to restore from a restore point (in a nice GUI). This fails every time tho. I think it's got to do with the fact that the original windows that shipped with the computer is 8, and I have upgraded to 8.1 and haven't sorted out the useless restore points. My bad, I already did the factory reset once back to 8, then had to upgrade all over again. Would like to avoid that this time.

Process Monitor : Why does procmon require Workstation service?

July 17, 2016, 7:49 am
$
0
0
Author: rasz_pl
Subject: Why does procmon require Workstation service?
Posted: 17 July 2016 at 2:49pm

new Sysinternals Suite was released on : July 4, 2016

procmon still at 3.20 and silently crashing without Workstation service.

Autoruns : My big mistake with autoruns all over again

July 17, 2016, 8:23 am
$
0
0
Author: Dax1792
Subject: My big mistake with autoruns all over again
Posted: 17 July 2016 at 3:23pm

The only way I can see that you may be able to proceed is to start Regedit from the Recovery console and navigate to the Registry hive on the corrupted system and rebuild the disabled entries using the information in the AutorunsDisabled subkeys.
 
How to edit the Registry of a corrupted system is explained in this article.
Search

Miscellaneous Utilities : SDelete hangs at 100%

July 17, 2016, 10:01 am
$
0
0
Author: pinscomputer
Subject: SDelete hangs at 100%
Posted: 17 July 2016 at 5:01pm

you can try and capture a process monitor log and see if it reveals something.

Autoruns : My big mistake with autoruns all over again

July 18, 2016, 4:16 am

Process Explorer : Bug in dll's info?

July 18, 2016, 5:03 am
$
0
0
Author: awelito
Subject: Bug in dll's info?
Posted: 18 July 2016 at 12:03pm

Hi to all of you!!

When I use ProcessExplorer (version 16.12) to check the dll's of the processes of windows 7 64 bits, I found that there is a dll called apisetschema.dll related to some processes (explorer.exe, iexplorer.exe, dwm.exe, vboxtray, etc.).

However, if I use the listdll tool (version 3.2) the apisetschema.dll dll is not displayed. I also tried to get the dll's via the following powershell command (Get-Process -ID <<ID>>| select Modules).Modules but the dll is not displayed.

I hope you give me some light about this situation.

Kind regards!!!


Process Explorer : Bug in dll's info?

July 18, 2016, 8:40 am
$
0
0
Author: pinscomputer
Subject: Bug in dll's info?
Posted: 18 July 2016 at 3:40pm

did you try running listdll with administrative rights?
 
from the sysinternals admin reference:
 
"ListDLLs requires administrative rights, including the Debug privilege, only to list DLLs
in processes running as a different user or at a higher integrity level. It does not require
elevated permissions for processes running as the same user and at the same integrity level
or a lower one."
 
 

PsTools : PsExec on Windows 10 localhost

July 18, 2016, 9:31 am
$
0
0
Author: franzl
Subject: PsExec on Windows 10 localhost
Posted: 18 July 2016 at 4:31pm

The following command can be run on Windows 7 and Windows 10 from a non-elevated prompt:

psexec \\target -u USERNAME -p PASSWORD -h -c -f script.bat

where script.bat runs elevated on the target machine, using the credentials for a domain account in the Administrators group on both the local and target machines.

However, on Windows 10 when the target machine is the localhost, the command fails with the error:

Could not start PSEXESVC on localhost: Access is denied.

All works fine if I elevate the prompt on the local machine before calling psexec, but why do I need to do this?

Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>