martedì 15 maggio 2018

START SCHEDULED TASK (ALMOST) HIDDEN

I was working o a server with a lot of applications and script continuously run from task scheduler and interacting with the desktop with their windows and console windows.
The server admin want them to be visible for checking reason.

But this way it was very annoying to work on that server because continuously interrupted by application or script started that took the focus and stay ahead of my job.

The best (not perfect) way I found to mitigate this is to use powershell to run the applications or script minimized and without taking focus.

In addition, as powershell itself open his console I had to find a workaround for this

Here my solution:

- create personal powershell module with function Start-ProcessNoFocus
- create folder c:\psmodules for my personal powershell modules
- changed environment variable to add c:\psmodules
- put my powershell module in c:\psmodules
- created scheduled task that run simply "powershell"
- run the scheduled task , a powershell window appeared, in properties, layout, window position I set the Y position of the window to be 800, on my monitor this moved the windows near out of the botton margin of the screen
- closed powershell window
- changed task scheduler to run my application like this:

program:              powershell
add argument:      -windowstyle hidden Start-ProcessNoFocus c:\test\MyApplication.exe

The result is :
- a powershell window appears and disappears very quickly
- it starts the process "MyApplication.exe" minimized and without taking focus

it's not perfect but now I'm able to work on the server without being continuously interrupted by all those annoying scheduled tasks.


This it the Start-ProcessNoFocus function that I put in a Start-ProcessNoFocus module :

(credits: # http://www.daveamenta.com/2013-08/powershell-start-process-without-taking-focus/)

function Start-ProcessNoFocus($FilePath, $Arguments) {
Add-Type -TypeDefinition @"
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
 
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION {
    public IntPtr hProcess;
    public IntPtr hThread;
    public uint dwProcessId;
    public uint dwThreadId;
}
 
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct STARTUPINFO {
    public uint cb;
    public string lpReserved;
    public string lpDesktop;
    public string lpTitle;
    public uint dwX;
    public uint dwY;
    public uint dwXSize;
    public uint dwYSize;
    public uint dwXCountChars;
    public uint dwYCountChars;
    public uint dwFillAttribute;
    public STARTF dwFlags;
    public ShowWindow wShowWindow;
    public short cbReserved2;
    public IntPtr lpReserved2;
    public IntPtr hStdInput;
    public IntPtr hStdOutput;
    public IntPtr hStdError;
}
 
[StructLayout(LayoutKind.Sequential)]
public struct SECURITY_ATTRIBUTES {
    public int length;
    public IntPtr lpSecurityDescriptor;
    public bool bInheritHandle;
}
 
[Flags]
public enum CreationFlags : int {
    NONE = 0,
    DEBUG_PROCESS = 0x00000001,
    DEBUG_ONLY_THIS_PROCESS = 0x00000002,
    CREATE_SUSPENDED = 0x00000004,
    DETACHED_PROCESS = 0x00000008,
    CREATE_NEW_CONSOLE = 0x00000010,
    CREATE_NEW_PROCESS_GROUP = 0x00000200,
    CREATE_UNICODE_ENVIRONMENT = 0x00000400,
    CREATE_SEPARATE_WOW_VDM = 0x00000800,
    CREATE_SHARED_WOW_VDM = 0x00001000,
    CREATE_PROTECTED_PROCESS = 0x00040000,
    EXTENDED_STARTUPINFO_PRESENT = 0x00080000,
    CREATE_BREAKAWAY_FROM_JOB = 0x01000000,
    CREATE_PRESERVE_CODE_AUTHZ_LEVEL = 0x02000000,
    CREATE_DEFAULT_ERROR_MODE = 0x04000000,
    CREATE_NO_WINDOW = 0x08000000,
}
 
[Flags]
public enum STARTF : uint {
    STARTF_USESHOWWINDOW = 0x00000001,
    STARTF_USESIZE = 0x00000002,
    STARTF_USEPOSITION = 0x00000004,
    STARTF_USECOUNTCHARS = 0x00000008,
    STARTF_USEFILLATTRIBUTE = 0x00000010,
    STARTF_RUNFULLSCREEN = 0x00000020,  // ignored for non-x86 platforms
    STARTF_FORCEONFEEDBACK = 0x00000040,
    STARTF_FORCEOFFFEEDBACK = 0x00000080,
    STARTF_USESTDHANDLES = 0x00000100,
}
 
public enum ShowWindow : short {
    SW_HIDE = 0,
    SW_SHOWNORMAL = 1,
    SW_NORMAL = 1,
    SW_SHOWMINIMIZED = 2,
    SW_SHOWMAXIMIZED = 3,
    SW_MAXIMIZE = 3,
    SW_SHOWNOACTIVATE = 4,
    SW_SHOW = 5,
    SW_MINIMIZE = 6,
    SW_SHOWMINNOACTIVE = 7,
    SW_SHOWNA = 8,
    SW_RESTORE = 9,
    SW_SHOWDEFAULT = 10,
    SW_FORCEMINIMIZE = 11,
    SW_MAX = 11
}
 
public static class Kernel32 {
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool CreateProcess(
        string lpApplicationName, 
        string lpCommandLine, 
        ref SECURITY_ATTRIBUTES lpProcessAttributes, 
        ref SECURITY_ATTRIBUTES lpThreadAttributes,
        bool bInheritHandles, 
        CreationFlags dwCreationFlags, 
        IntPtr lpEnvironment,
        string lpCurrentDirectory, 
        ref STARTUPINFO lpStartupInfo, 
        out PROCESS_INFORMATION lpProcessInformation);
}
"@
 
    $si = New-Object STARTUPINFO
    $pi = New-Object PROCESS_INFORMATION
 
    $si.cb = [System.Runtime.InteropServices.Marshal]::SizeOf($si)
#    $si.wShowWindow = [ShowWindow]::SW_SHOWNOACTIVATE

# mia versione 4+2 ovvero non prendere il focus e starta in minimized
    $si.wShowWindow = 6
    $si.dwFlags = [STARTF]::STARTF_USESHOWWINDOW
 
    $pSec = New-Object SECURITY_ATTRIBUTES
    $tSec = New-Object SECURITY_ATTRIBUTES
    $pSec.Length = [System.Runtime.InteropServices.Marshal]::SizeOf($pSec)
    $tSec.Length = [System.Runtime.InteropServices.Marshal]::SizeOf($tSec)
 
    [Kernel32]::CreateProcess($FilePath, $Arguments, [ref] $pSec, [ref] $tSec, $false, [CreationFlags]::CREATE_NEW_CONSOLE, [IntPtr]::Zero, (pwd | select -exp Path), [ref] $si, [ref] $pi)
 
    #[System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
}





venerdì 23 marzo 2018

Unavailable disk letter in disk manager or mapping network disk

It happened today to me,
I had to map and UNC path to local drive E: but I was not able, like it was already taken and in use.
In detail, I didn't have the letter as available when from explorer (the windows gui) I was trying to map the unc path to a letter.
But then I tried to go to disk manager changing one drive's letter just to see, and the E: letter was not available...

So there was something using it but...
It was not used by some other network disk,
it was not used by a physical device in disk manager
it was not stored in the registry under Mapped Devices (some usb device disconnected maybe...)

in the end the only place where I found a reference to it was like this:

mountvol e: /L

something like this appeared (this is just an example from the command help) :

\\?\Volume{e49c2b64-99e4-11e6-a7c2-806e6f6e6963}\

to check what it was I tried to lauch "execute" from windows (W key + R ), pasted that string (\\?\Volume{e49c2b64-99e4-11e6-a7c2-806e6f6e6963}\) and confirmed...

I got an error, so I think that device , whatever it was , was not anymore connected to my pc.
So I run this other command:

(I take no responsability if you are going to delete mapping to some device needed by your system to work correctly! )

mountvol e: /D

just to check the result of my operation I did this one again:

mountvol e: /L

I got an error, this means the device is not anymore mapped.

I then restarted the pc (maybe a logout was enough?) and voilà, the E: letter was again available! 😄

bye
Digger

martedì 5 gennaio 2016

Deploy Windows 8 WIM image

Disclaimer: I'm not responsible for any damage that could  happen to your devices following this guide. It' under your own responsability!

Here a brief description of the steps needed to deploy a W8 WIM image to a BIOS computer:

1. put the WIM image on some sort of USB device (i.e. install.wim)
2. boot the computer with some sort of bootable media that contain DISM (i.e. AIK cd or the W8 installation dvd or AOEMI Backupper or anything else)
3. once booted, from the prompt enter:

select disk 0
clean                                                    <--- be careful! this will erase the content of the disk!!
create partition primary size=350
format quick fs=ntfs label=System
assign letter=S
active
create partition primary
format quick fs=ntfs label=Windows
assign letter=W
exit

Let's say install.wim in in the H: drive in a "win8" folder:

dism /apply-image /imagefile:h\win8\install.wim /index:1 /applydir:w:\

now you have the windows file in the W: disk, we need to make it bootable

bcdboot w:\windows /l it-it /s s: /ALL

reboot the pc it should load now the Windows 8 OS just installed


lunedì 12 ottobre 2015

uTORRENT freezes after startup

I got crazy for a day because my uTorrent client (version 3.4.5) that worked well in all my old life, on the new pc freezes seconds after I run it.

Interesting to notice that the 2 areas for the advertisements remain blank as if something is not working with the embedded internet explorer component that shows the advertisements.

By the way, I noticed also that running the PC in safe mode solved the issue,

So it seems there is something running usually that is conflicting with uTorrent.

I did a lot of testing but the good idea came in my mind just the day after:
to check the dll loaded into the uTorrent memory space.

Doing this I found there was all legittimate dlls but I noticed there was 3 NVidia dll injected into uTorrent:

detoured.dll
Nvd3d9wrap.dll
nvdxgiwrap.dll

so why not try to denied NVidia to inject those dll and see the result?

I tried,

the path to the dlls:

C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\

I renamed the 3 dll so thay they are not found anymore,
restarted uTorrent and taaadaa!! it works now!

ok I would investigate if there is some option in the NVidia control panel to disable this thing but honestly I don't have time to waste in this and I don't care about graphics on this pc, so for me is enough.

if anybody knows how to say nvidia to not inject those dll a comment is welcome :)

bye
Digger

mercoledì 16 settembre 2015

Windows NTOP clear all data

If you installed NTOP on Windows machine and want to clear all data to start again from scratch do like this:

1. stop 'ntopng' service
2. stop 'Redis Server' service
3. explore to
    c:\program files\Redis\data

4. rename or delete the existing dump.rdb file
5. start 'Redis Server' service
6. start 'ntopng' service

You should now have a clean situation in the web interface

bye
Digger



mercoledì 26 agosto 2015

Cisco 6509 find the IP of a device connected to a known port

I know CISCO 6509 is an old device,  but as it happened to me to work on it today and I found no useful information in internet to solve my issue, maybe this post could help someone else

I connected a network device to a 6509 , port 4/8 and but then how to connect to it without the IP address? (ok I solved looking into the dhcp server, but then I found the cisco way)

1. show the MAC address connected to the port

sh cam dynamic | include 4/8

this was the result:

1     00-0a-b6-55-56-10             4/8 [ALL]

2. go to the Multilayer module (in my case is the module 15, use: sh module to check it)

session 15

3. display arp table filtering by the mac found at point 1 (pay attention, the format is different!)

sh arp | include 000e.b678.5620

the result:
Protocol Address Age Hardware address Type Interface
Internet     10.0.0.55          45        000a.b655.5610           ARPA   Vlan1

we just found the IP address of our device  -> 10.0.0.55

giovedì 13 agosto 2015

Windows 2012 You don't currently have permission to access this folder click continue to permanently get access to this folder

Hi guys,
do you like me installed a W2012 server and put in place a file server to then discover that as machine administrator you don't have the rights to open the folders on your local disk (the folders containing the user file of the file server) ?

The message that appears is:

  You don't currently have permission to access this folder click continue to permanently get access to this folder

the interesting point is that if you check the folder security settings you'll find that Administrators group have rights on it, and your user IS IN THAT GROUP, so why can't you open the folder?

Yes you can click continue and gain access... unfortunately this will change the security settings of that folder and every subfolder (inheritance) inserting explicitly your user with access right, this is not very nice as behavior, also if your folder has thousand of subfolders and files it will take a long time to apply the new settings everywhere

I googled alot, many topics talks about this and many are talking about disabling UAC and so on, but the only setting I saw working fine (and it was not so simple to find around) is this one:

Run regedit
go to here
  HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENT VERSION\POLICIES\SYSTEM

if not already existing, create this
EnableLUA REG_DWORD 0

and set/change it to 0 (disabling LUA)
LUA stay for Limited User Account, and set it to 0 will disable it

this will require a reboot of the server to apply the setting
Once the server is rebooted it will not display that request anymore

bye
Digger