Phantom Mapped Network Drive Letter From Windows To Linux - net-use

I've been using robocopy and mapped network drives to copy backups across untrusted windows domains to a central location, then push them to a Ubuntu storage device and I'm running into a lot of anomolies. One that I am seeing right now is mapped network drives that do not seem to exist under any user context. These are all being executed as me personally, or 'run as admin', both have the same result.
Do note this does work in Powershell but not from CMD.
delete all mapped drives:
Z:\Scripts>net use * /delete
There are no entries in the list.
Attempt to delete W: drive explicitly
Z:\Scripts>net use w: /delete /y
The network connection could not be found.
More help is available by typing NET HELPMSG 2250.
Attempt to change directory to mapped drive, note logon failure
Z:\Scripts>w:
Logon failure: unknown user name or bad password.
Attempt to delete again
Z:\Scripts>net use W: /delete /y
The network connection could not be found.
More help is available by typing NET HELPMSG 2250.
No connections show up
Z:\Scripts>net use
New connections will not be remembered.
There are no entries in the list.
W: Drive Does Not Exist
Z:\Scripts>net use W: /delete /Y
The network connection could not be found.
More help is available by typing NET HELPMSG 2250.
Attempt to map a drive to it
Z:\Scripts>NET use W: \\servername\sharename PASSWORD /user:domain\username
System error 85 has occurred.
The local device name is already in use.

I found an answer here that helped me in the same situation. Basically if the network drive was created automatically by the system then it was done by user nt authority\system and it can't be deleted even by administrator. To delete it as nt authority\system one can use PsExec for example:
psexec -s -i cmd
net use W: /delete

Try rebooting the system so that you have no phantom drive and then map it again with
net use W: \\servername\sharename pass /domain\username /persistent:yes
so that it remembers your credentials and then see if the problem occurs again.
I had a similar problem once where a phantom drive appeared after 1-2 maps/disconnects and this worked for me then.
If that doesn't work try using just
net use /persistent:no
so that it remembers no connection at all and check again.

Related

Unable to use cmdkey and net use to a Azure file share on Windows 10

I'm trying to follow the instructions on how to create a persisted connection to an Azure Storage File Share. However from my Windows 10 machine I cannot get the cmdkey / net use combination to work:
C:\>cmdkey /add:myaccountname.file.core.windows.net /user:myaccountname /pass:myaccountkey
CMDKEY: Credential added successfully.
C:\>net use \\myaccountname.file.core.windows.net\mysharename
System error 53 has occurred.
The network path was not found.
However if I provide the username and password in a single net use command it works correctly:
C:\>net use z: \\myaccountname.file.core.windows.net\mysharename /u:myaccountname myaccountkey
The command completed successfully.
So it doesn't look like a firewall issue.
Any ideas? Is there another port that needs to be open to allow the cmdkey scenario to work?
Error 53 usually means that port 445 is blocked. Check the firewall on your computer, and if you are in a corporate environment, ask your corporate IT guys if they are blocking it. Many common ISP's block that port as well. For example, I know it doesn't work on Comcast but I've heard Time Warner Cable does not block it.

Access Denied when executing through cygwin openssh

When I execute the command "iisreset" through an ssh terminal on a remote windows machine, I get the following error:
Attempting stop...
Restart attempt failed.
Access denied, you must be an administrator of the remote computer to use this
command. Either have your account added to the administrator local group of
the remote computer or to the domain administrator global group.
When I type whoami, it shows that I am the administrator. My cygwin ssh session is running as the "cyg_server" user who has admin privileges.
My ssh server is configured with privilege separation and allows me to login as administrator.
When I run the command locally, it works fine. The problem is execution through ssh.
I've also used process monitor to see what's going on, but it does not indicate the problem.
That is pretty strange because I am able to do admin-only operations in remote ssh such as:
echo "hi">/cygdrive/c/x.txt
rm /cygdrive/c/x.txt
Turning off UAC did not make a difference.
Any ideas?
I had a similar problem: unable to start/stop services using net start/net stop from a remote password-less (public/private key) SSH user. Attempting to start/stop the service was resulting in a "System Error 5 has occurred. Access is denied." error).
I had to install Cygwin's LSA authentication package (see http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview) in order for (I presume) setuid to work properly for password-less logins.
The problem should go away once LSA is installed on the Cygwin/SSH host and the machine has been rebooted.
I got scared of the LSA package mentioned in #user3609241's answer because of this sentence in the LSA docs:
as soon as the LSA encounters serious problems (for instance, one of
the protected LSA processes died), it triggers a system reboot.
But, those same docs point to a very easy way to "runas" SYSTEM - just use the at command:
$ date
Mon, Jan 12, 2015 8:17:35 PM
$ at 20:18 iisreset
Added a new job with job ID = 1
$ at
Status ID Day Time Command Line
-------------------------------------------------------------------------------
1 Today 8:18 PM iisreset
It works, at the cost of having to wait up to 59 seconds.
(wrapping the above sequence of commands in a simple-to-call script is left as an exercise to the reader; our management util is written in Perl so it was pretty straightforward).
Run the Cygwin terminal as administrator

remote sc OpenSCManager query failed 5 access denied

I'm writing a script that periodically checks that certain services are running on remote workstations. I'm having a devil of a time getting an "SC \workst1 query" command working from one test machine to another. Both machines are running XP pro SP3. Neither is part of a domain. Both are in the same workgroup, and the administrator accounts have the same passwords.
I keep getting the "[SC] OpenSCManager FAILED 5: Access is denied" message, from either workstation to the other. I have tried using elevated privileges on both. Windows firewall software is turned off. There are no messages are showing up in the Event security logs. When (as administrator) I try going to "Computer Management" -> "connect to another computer" and access the remote services I get "Error 5 Access is denied".
I can set up a filesystem share between the two machines successfully, and "net use \workst1\IPC$ /user:Administrator" completes successfully, but the SC query still fails. I'm using IP addresses and not hostnames in these commands, but that doesn't help. I don't know what else to try. Thanks for the help.
Try to run the commans as a Administrator
start-> (type cmd in search box), right click on cmd, Run as a administrator -> execute your command
You must have administrative rights on the remote machine.
Moreover you must access the drive before calling "sc".
This can be achieved in command line using
net use \\remotemachine\admin$ <password> /user:<username>
admin$ is a hidden shared drive accessible to administrators that "sc" uses to control services.
I was having the same issue today trying to check if a service is enabled remotely.
I could solve the issue modifying the User Account Control for remote restrictions in windows:
To disable UAC remote restrictions, follow these steps:
Click Start, click Run, type regedit, and then press ENTER.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
If the LocalAccountTokenFilterPolicy registry entry does not exist,
follow these steps:
On the Edit menu, point to New, and then click DWORD Value. Type LocalAccountTokenFilterPolicy, and then press ENTER.
Right-click LocalAccountTokenFilterPolicy, and then click Modify. In the Value data box, type 1, and then click OK.
Exit Registry Editor.
More information about this solution in this site.
Your user should be remote, from Manage and Local users and groups
The UAC issue is obvious you have to pull down the lever for UAC setting
Also while installing the services you can use the following command
SC create SERVICENAME DisplayName= "DISPLAYNAME" binPath= "PATH OF EXE" start= disabled type= share

Change date and time in BIOS of virtual machine

I would like to change date in Virtual Machine, but I want to do this by command line. I use this line:
VBoxManage modifyvm MyVirtSystem -biossystemtimeoffset -1209600000
It shoulds change date to two weeks ago, but I get this error message:
VBoxManage.exe: error: Failed to create the VirtualBox object!
VBoxManage.exe: error: Code CO_E_SERVER_EXEC_FAILURE (0x80080005) - Server execu
tion failed (extended info not available)
VBoxManage.exe: error: Most likely, the VirtualBox COM server is not running or
failed to start.
Have you any ideas what I do wrong?
There are a few things to be aware of when fiddling with the BIOS time offset, the first is that you didn't include a double-dash in your command. I tried it with one of my VMs and I needed to have two dashes for that option to work (though I got a different error than you reported). Here is the command I used:
VBoxManage modifyvm MyVirtSystem --biossystemtimeoffset -1209600000
The next thing is to ensure that you have the proper permissions to modify the xml configuration file for your VM. I have seen many times where VirtualBox is launched after installing with elevated (or even a different user entirely) credentials, a VM is created, and then later without the same privileges a regular user is prohibited from changing the configuration due to file permissions.
One last thing to be aware of, you may you need disable any time sync services, possibly even the guest extensions to prevent the guest clock from getting synchronized back to the correct time. For a Windows guest you would want to stop/disable the VirtulBox Guest Additions and Windows Time services.

Powershell Remote: Microsoft.Update.Session, Access Denied: 0x80070005

I've written a script to search/download/install Windows Updates on a machine using the Microsoft.Update.Session COM Object. When run locally it works just fine, however when running through a remote session or through Invoke-Command I receive an access denied (0x80070005) error on Microsoft.Update.Session.CreateUpdateDownloader()
I receive the same error if I attempt to create a Downloader object directly, code to reproduce the issue:
$oUpdateDownloader = new-object -com "Microsoft.Update.Downloader"
I am an administrator on the remote machine, and passing credentials (for myself explicitly or any other admin account) to the machine does not seem to change anything.
I've seen this error posted a number of times but there does not seem to be any information on solving the problem...
Any ideas?
When you are in a remote PowerShell session your logon session on this remote computer is flagged as a "network" logon (Logon Type: 3).
For some obscure (security? sell SCCM?) reason, part of the Windows Update Agent COM APIs are restricted to only be usable by locally logged on Administrators.
Using PsExec and Scheduled Tasks have been suggested as workarounds.
IMO, the most seamless (and still secureable) solution is to facilitate the RunAs-style "Local Virtual Account" feature of PowerShell Session Configurations / JEA.
Usually, JEA is used to "restrict" what a user can do on a remote computer PowerShell-wise, but we are (ab-)using it here to gain full access as if we were a locally logged on Administrator.
(1.) Create a new unrestricted (and persistent!) session configuration on ComputerB (remote server):
New-PSSessionConfigurationFile -RunAsVirtualAccount -Path .\VirtualAccount.pssc
# Note this will restart the WinRM service:
Register-PSSessionConfiguration -Name 'VirtualAccount' [-ShowSecurityDescriptorUI] -Path .\VirtualAccount.pssc -Force
# Check the Permission property:
Get-PSSessionConfiguration -Name 'VirtualAccount'
# Those users will have full unrestricted access to the system!
(2.) From ComputerA (local client) connect to our unrestricted session configuration on ComputerB:
New-PSSession -ComputerName 'ComputerB' -ConfigurationName 'VirtualAccount' | Enter-PSSession
[ComputerB]: new-object -com "Microsoft.Update.Downloader" # Yay!
This is a known issue. It appears that there is a bug with the actual COM object itself, as this issue occurs when using VBScript, PowerShell, and even C#. There is a good article that discusses managing Windows Update with PowerShell that can be found here.
The workaround is to set up a scheduled task on the computer and you can invoke that task however you see fit.
Use PsExec (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx) to remotely execute PowerShell with a script file:
psexec -s \\remote-server-name C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe \\server\script.ps1
I used the script detailed at http://www.ehow.com/how_8724332_use-powershell-run-windows-updates.html, and I can remotely execute it using psexec to download and install updates.
the windows update code isn't callable form a remote machine. there are a few workarounds out on the web, including using psexec and a script (powershell or vbscript).
I used WUInstall myself and BoeProx has documented a few alternatives and has started a project PoshPAIG. I moved jobs before using this so don't know if it works.
The other solution is to change Windows registry setting using PowerShell and optionally restart wuauserv for the changes to take effect.
For example in Windows Server 2008R2 AutoUpdate settings can be found at:
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update